Inactive-A Unknown redirect / hijacker

Status
Not open for further replies.
C

Califauna

Posts: 20   +0
Hi,

I have an unknown redirect / hojacker on my windows 8.1 installation. It ocassionally redirects (not every time), mainly when searching the internet. It redirects to some thematically linked website, so for example when I search for SKype download, it will redirect to some dodgy skype advertising site. This happens with all types of search and the webpages it redirects too seem to always be different.

I have scanned with Malware bytes, Comodo, Hitman pro, Hijack this, and Windows malicious software removal tool, but the redirect still occurs.

It has not redirected for a couple of days now, but it seems to resurface after sometimes short periods, and the laptop is running very slow, so I think it is still hiding in there.

Thanks for any help.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-08-2015
Ran by Administrator (administrator) on DALES-PC (30-08-2015 09:54:46)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: dale & Administrator)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
( ) C:\Windows\System32\lxbkcoms.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400720 2013-10-31] (Seagate)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-12] (COMODO)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2015-02-08] (IvoSoft)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-07-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [lxbkbmgr.exe] => C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe [74408 2015-02-09] (Lexmark International, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7659736 2015-02-15] (Realtek Semiconductor)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798216 2015-02-15] (Avid Technology, Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-12] (COMODO)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6418376 2013-10-31] (Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105184 2013-01-10] (Acronis)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2015-02-17] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-02-08] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2015-02-08] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2015-02-08] ()
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2015-02-17] ()
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-05-05] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1517088 2015-05-19] (ABBYY Production LLC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2015-06-24] (Adobe Systems Inc.)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [506728 2015-02-08] (Outertech)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-05-05] (Samsung)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-08-30] (Google)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [JumplistWatcher] => C:\Program Files (x86)\JumplistExtender\T7EBackground.exe [622592 2015-02-08] (Marco Zafra)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TBear.Client.exe [2588608 2015-04-25] (TunnelBear)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Spotify Web Helper] => C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-05] (Spotify Ltd)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Spotify] => C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-05-05] (Spotify Ltd)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Allmyapps] => C:\Users\Administrator\AppData\Roaming\Allmyapps\Allmyapps.exe [7322488 2014-04-04] (Allmyapps SAS)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Allmyapps Update] => C:\Users\Administrator\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe [320888 2014-04-04] (Allmyapps SAS)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Gamma Panel executable] => F:\B\Ma\Downloads\Windows Downloads\Success\WINDOWS CUSTOMISATION AND SHELL\Gamma Panel\gapa.exe
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk [2015-02-08]
ShortcutTarget: Core Temp.lnk -> C:\ProgramData\Allmyapps\apps\18327\Core Temp.exe ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.exe - Shortcut.lnk [2015-02-13]
ShortcutTarget: speedfan.exe - Shortcut.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2015-03-31]
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
GroupPolicyScripts: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 www.meldaproduction.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2C2C567D-75E5-4C09-8E30-2A6B303DA30D}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{2C2C567D-75E5-4C09-8E30-2A6B303DA30D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7AC9EED8-AC54-49AC-8118-178A9921374F}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{88613F22-A7D0-4FD4-B8D2-E00463F5B749}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B8BDB5C8-EB90-4884-92F9-F2C858E9721F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2273160904-4274275969-784373220-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-24] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-11] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-04-11] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default
FF NewTab: www.google.co.uk
FF DefaultSearchEngine: Google UK
FF SelectedSearchEngine: Google UK
FF Homepage: www.google.co.uk
FF NetworkProxy: "ftp", "180.183.105.55"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "180.183.105.55"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "socks", "180.183.105.55"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "180.183.105.55"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-30] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-11] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-04-11] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2273160904-4274275969-784373220-500: @acestream.net/acestreamplugin,version=3.1.0-b2 -> C:\Users\Administrator\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-12] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2273160904-4274275969-784373220-500: SkypePlugin -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2273160904-4274275969-784373220-500: SkypePlugin64 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-08] (Apple Inc.)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\searchplugins\google-maps-uk.xml [2015-06-15]
FF Extension: Xmarks - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\foxmarks@kei.com [2015-05-15]
FF Extension: Print pages to PDF - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\printPages2Pdf@reinhold.ripper [2015-05-31]
FF Extension: EPUBReader - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-05-31]
FF Extension: System.Security.Cryptography.CryptographicException - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{7F7A4577-8FC3-141E-DD31-1321B4A6F2FC} [2015-06-25]
FF Extension: Flash and Video Download - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-06-22]
FF Extension: Default Full Zoom Level - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2015-05-29]
FF Extension: Roomy Bookmarks Toolbar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\ALone-live@ya.ru.xpi [2015-02-08]
FF Extension: Add to Amazon Wish List Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\amznUWL2@amazon.com.xpi [2015-02-08]
FF Extension: DownThemAll! AntiContainer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\anticontainer@downthemall.net.xpi [2015-02-08]
FF Extension: Bookmark Favicon Changer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2015-02-08]
FF Extension: Color Transform - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\colortransform@pjs.nl.xpi [2015-02-08]
FF Extension: Colour That Site! - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\ColourThatSite@einspeiser.de.xpi [2015-04-07]
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\firefox1@myibay.com.xpi [2015-02-08]
FF Extension: Media Hint - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\firefox@mediahint.com.xpi [2015-03-21]
FF Extension: Email This! Bookmarklet Extension - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\gmailthis@lazyrussian.com.xpi [2015-06-04]
FF Extension: savetexttofile - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-02-08]
FF Extension: YouTube mp3 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\info@youtube-mp3.org.xpi [2015-05-14]
FF Extension: One Click Proxy - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-05-12]
FF Extension: Lazarus: Form Recovery - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\lazarus@interclue.com.xpi [2015-02-13]
FF Extension: Live Edit - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\lonely@hamzeen.xpi [2015-05-12]
FF Extension: MD5 Reborned Hasher - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\md5rehasher@phoneixs.es.xpi [2015-05-12]
FF Extension: Multifox - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\multifox@hultmann.xpi [2015-02-08]
FF Extension: Multiple Tab Handler - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\multipletab@piro.sakura.ne.jp.xpi [2015-05-09]
FF Extension: NoSquint - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\nosquint@urandom.ca.xpi [2015-02-08]
FF Extension: Print Edit - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\printedit@DW-dev.xpi [2015-02-08]
FF Extension: MetisMe - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\product@metisme.com.xpi [2015-02-08]
FF Extension: Restart - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\Restart@schuzak.jp.xpi [2015-02-13]
FF Extension: Roomy Bookmarks Toolbar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\roomy_bookmarks_toolbar-1.4.4-sm.xpi [2015-02-08]
FF Extension: Screen Draw - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\screendraw@grizzlyape.com.xpi [2015-05-12]
FF Extension: Auto-Sort Bookmarks - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\sortbookmarks@bouanto.xpi [2015-02-08]
FF Extension: Status-4-Evar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\status4evar@caligonstudios.com.xpi [2015-02-08]
FF Extension: StopTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\stoptube@kashiif.com.xpi [2015-02-08]
FF Extension: Google Translator for Firefox - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\translator@zoli.bod.xpi [2015-02-08]
FF Extension: Undo Closed Tabs Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2015-02-08]
FF Extension: Resurrect Pages - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2015-02-08]
FF Extension: Session Manager - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-02-08]
FF Extension: FlashGot - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-06-29]
FF Extension: Print/Print Preview - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2015-02-08]
FF Extension: uBlock - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-06-18]
FF Extension: CacheViewer Continued - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi [2015-02-08]
FF Extension: PDF Download - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2015-02-08]
FF Extension: Download Videos From YouTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{3ED8ADFD-E755-4aea-986B-A3828315DB53}.xpi [2015-06-22]
FF Extension: Text Link - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2015-02-08]
FF Extension: Mozilla Archive Format - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2015-02-08]
FF Extension: Search by Image for Google - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-02-08]
FF Extension: Password Exporter - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-02-08]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-06-22]
FF Extension: Video DownloadHelper - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-06-15]
FF Extension: DownThemAll! - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-02-08]
FF Extension: Internote - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{e3631030-7c02-11da-a72b-0800200c9a66}.xpi [2015-02-08]
FF Extension: Greasemonkey - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-02-08]
FF Extension: QuickJava - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-02-08]
FF Extension: YouTube Flash Video Player - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2015-06-18]
FF Extension: UnMHT - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2015-07-08]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-06-24]

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Media Hint) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akipcefbjlmpbcejgdaopmmidpnjlhnb [2015-03-21]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08]
CHR Extension: (uBlock Origin) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-08-27]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-06-28]
CHR Extension: (Hola Better Internet Engine) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2015-02-22]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-02-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08]
CHR HKU\S-1-5-21-2273160904-4274275969-784373220-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
 
*****SECOND HALF ***


==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-02-18] (Broadcom Corporation.)
S3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-26] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-12] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-12] (COMODO)
R2 CPMService; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [116032 2011-09-05] ()
R2 Crypkey License; C:\Windows\SYSTEM32\crypserv.exe [122880 2015-02-20] (CrypKey (Canada) Ltd.) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-03-02] (Disc Soft Ltd)
S3 DroidExplorerService; C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [255488 2015-03-09] (Ryan Conrad) [File not signed]
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37384 2015-02-26] (CHENGDU YIWO Tech Development Co., Ltd)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-07-06] (NVIDIA Corporation)
R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [565928 2015-02-09] ( )
R2 lxbk_device; C:\Windows\SysWOW64\lxbkcoms.exe [537256 2015-02-09] ( )
S3 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-06-28] (Malwarebytes Corporation)
S3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-07-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-07-06] (NVIDIA Corporation)
S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-02-08] (TeamViewer GmbH)
S3 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-03-31] (TechSmith Corporation) [File not signed]
S3 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2015-02-08] (TuneUp Software)
S4 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [34752 2015-04-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-01-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-01-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2015-02-08] (Wondershare)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-02-18] (Broadcom Corporation.)
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-11-21] (Microsoft Corporation)
S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2015-02-15] (CSR, plc)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-11-21] (Microsoft Corporation)
S3 BUSB_AUDIO_WDM; C:\Windows\system32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2015-07-31] (CSR plc.)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2015-02-18] (Cambridge Silicon Radio Limited)
R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-02] (Disc Soft Ltd)
S3 eksmidi; C:\Windows\system32\drivers\eksmidi.sys [101472 2015-02-09] (EKS)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2015-02-08] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2015-02-17] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48136 2015-02-26] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2015-02-17] ()
R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-07-06] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
S3 MADFUPROKEYSSONO; C:\Windows\system32\DRIVERS\MAudioProKeysSono_DFU.sys [46088 2015-02-15] (M-Audio)
S3 MAUSBPROKEYSSONO; C:\Windows\system32\DRIVERS\MAudioProKeysSono.sys [187912 2015-02-15] (Avid Technology, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-28] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-28] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2015-02-20] ()
S3 NvnUsbAudio; C:\Windows\system32\DRIVERS\nvnusbaudio.sys [54000 2015-02-09] (Novation DMS Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-15] (NVIDIA Corporation)
S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [1299384 2015-02-08] (PassMark Software)
R0 phylock; C:\Windows\System32\drivers\phylock.sys [34864 2015-07-26] (TeraByte, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2015-02-18] (Resplendence Software Projects Sp.)
R3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2015-02-22] (The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-08] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-02-08] (Acronis)
S3 TosRfSnd; C:\Windows\system32\drivers\tosrfsnd.sys [63488 2015-02-13] (TOSHIBA Corporation) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2015-05-23] (Oracle Corporation)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [130848 2015-02-08] (Acronis International GmbH)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S0 BTATH_BUS; System32\drivers\btath_bus.sys [X]
S3 BTATH_HCRP; \SystemRoot\system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
S3 btwaudio; \SystemRoot\system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X]
S3 btwl2cap; \SystemRoot\system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\System32\drivers\btwrchid.sys [X]
S3 CsrBtPort; \SystemRoot\system32\DRIVERS\CsrBtPort.sys [X]
S3 csrusb; \SystemRoot\System32\Drivers\csrusb.sys [X]
S3 HWiNFO32; \??\C:\Users\ADMINI~1\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-30 09:54 - 2015-08-30 09:55 - 00039492 _____ C:\Users\Administrator\Downloads\FRST.txt
2015-08-30 09:41 - 2015-08-30 09:41 - 02188288 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2015-08-29 23:46 - 2015-08-29 23:46 - 00407813 _____ C:\Users\Administrator\Downloads\B00TFORUM8.htm
2015-08-29 23:17 - 2015-08-30 09:54 - 00000000 ____D C:\FRST
2015-08-22 21:29 - 2015-08-22 21:29 - 01943070 _____ C:\Users\Administrator\Downloads\FicheroCliente(2).tiff
2015-08-22 21:21 - 2015-08-22 21:21 - 00000000 ____D C:\Program Files (x86)\MSECache
2015-08-19 00:43 - 2015-08-19 00:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Epson
2015-08-18 00:12 - 2015-08-18 00:12 - 00019342 _____ C:\Users\Administrator\Downloads\[kat.cr]va.damn.presents.the.mash.ups.2007.dance(1).torrent
2015-08-18 00:12 - 2015-08-18 00:12 - 00018574 _____ C:\Users\Administrator\Downloads\[kat.cr]va.high.voltage.mash.ups.2009.dubinferno.torrent
2015-08-17 23:55 - 2015-08-17 23:55 - 00019342 _____ C:\Users\Administrator\Downloads\[kat.cr]va.damn.presents.the.mash.ups.2007.dance.torrent
2015-08-17 17:35 - 2015-08-17 17:35 - 00063620 _____ C:\Users\Administrator\Downloads\Movimiento_0(1)
2015-08-17 17:34 - 2015-08-17 17:34 - 00063620 _____ C:\Users\Administrator\Downloads\Movimiento_0
2015-08-14 17:55 - 2015-08-29 22:09 - 00000000 ____D C:\Program Files (x86)\EPSON
2015-08-14 17:51 - 2015-08-29 22:03 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2015-08-13 19:22 - 2015-08-13 19:22 - 00020410 _____ C:\Users\Administrator\Downloads\[kat.cr]microsoft.windows.10.home.and.pro.x64.clean.iso.torrent
2015-08-09 11:58 - 2015-08-30 01:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-09 01:12 - 2015-08-09 01:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Andy
2015-08-09 01:11 - 2015-08-09 01:11 - 01324696 _____ C:\Users\Administrator\Downloads\Andy_Android_Emulator_v44_10.exe
2015-08-05 22:33 - 2015-08-05 22:33 - 00000000 ____D C:\Program Files\Common Files\EPSON
2015-08-05 22:28 - 2015-08-05 22:28 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMBNFE.DLL
2015-08-05 22:28 - 2015-08-05 22:28 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BNFE.DLL
2015-08-05 22:28 - 2015-08-05 22:28 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2015-08-05 22:27 - 2015-08-05 23:33 - 00000000 ____D C:\ProgramData\EPSON
2015-08-05 22:22 - 2015-08-05 22:23 - 26546176 _____ C:\Users\Administrator\Downloads\epson513359eu.exe
2015-08-05 19:41 - 2015-08-05 19:41 - 00000000 ____D C:\Users\Administrator\Downloads\epson379189eu
2015-08-01 18:23 - 2015-08-01 18:24 - 89374063 _____ C:\Users\Administrator\Downloads\Flash_tool_for_Xperia_6.zip
2015-08-01 18:15 - 2015-08-01 18:15 - 00000000 ____D C:\Program Files (x86)\ClockworkMod
2015-08-01 18:13 - 2015-08-01 18:13 - 15912493 _____ C:\Users\Administrator\Downloads\UniversalAdbDriver.zip
2015-08-01 18:13 - 2015-08-01 18:13 - 00000000 ____D C:\Users\Administrator\Downloads\UniversalAdbDriver
2015-08-01 05:19 - 2015-08-01 05:19 - 00637763 _____ C:\Users\Administrator\Downloads\epson379189eu.zip
2015-08-01 05:19 - 2015-08-01 05:19 - 00637763 _____ C:\Users\Administrator\Downloads\epson379189eu (1).zip
2015-07-31 12:48 - 2015-07-31 12:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf
2015-07-31 11:51 - 2015-08-30 07:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
2015-07-31 11:50 - 2015-08-30 07:50 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2015-07-31 10:35 - 2015-07-31 10:35 - 29593968 _____ (Sony Mobile Communications ) C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe
2015-07-31 10:33 - 2015-07-31 10:33 - 39919352 _____ C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe
2015-07-31 05:20 - 2015-07-31 05:20 - 00000000 ____D C:\Users\Administrator\AppData\Local\SkypePlugin
2015-07-31 05:19 - 2015-07-31 05:19 - 06541312 _____ C:\Users\Administrator\Downloads\SkypeWebPlugin.msi
2015-07-31 04:02 - 2015-07-31 04:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Cambridge Silicon Radio
2015-07-31 03:55 - 2015-07-31 03:55 - 00038400 _____ (CSR plc.) C:\Windows\system32\Drivers\csrbc.sys
2015-07-31 03:55 - 2015-07-31 03:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSR BlueSuite 2.5.0
2015-07-31 03:55 - 2015-07-31 03:55 - 00000000 ____D C:\Program Files\DIFX
2015-07-31 03:54 - 2015-07-31 03:54 - 00000000 ____D C:\Program Files (x86)\CSR
2015-07-31 03:45 - 2015-07-31 04:17 - 00000000 ____D C:\Users\Administrator\Downloads\JBL_CHARGE_2
2015-07-31 03:41 - 2015-07-31 03:41 - 07456164 _____ C:\Users\Administrator\Downloads\JBL_CHARGE_2.7z

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-30 09:55 - 2015-07-08 21:32 - 00014046 _____ C:\Users\Administrator\Desktop\hijackthis.log
2015-08-30 09:55 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SECURITY
2015-08-30 09:55 - 2015-02-08 16:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2015-08-30 09:52 - 2015-02-08 14:25 - 00073710 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-08-30 09:44 - 2015-02-08 16:56 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-08-30 09:27 - 2015-07-06 14:50 - 00375211 _____ C:\Windows\setupact.log
2015-08-30 09:09 - 2015-02-08 16:09 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-30 09:08 - 2015-02-08 21:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-30 09:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-30 08:28 - 2015-02-08 14:08 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2273160904-4274275969-784373220-500
2015-08-30 08:23 - 2015-07-26 22:45 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-30 07:47 - 2015-02-08 17:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2015-08-30 07:41 - 2015-02-08 16:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-30 03:27 - 2015-02-08 05:14 - 01832972 _____ C:\Windows\WindowsUpdate.log
2015-08-30 03:11 - 2015-07-17 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-30 03:09 - 2015-02-08 21:39 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-30 03:09 - 2015-02-08 16:09 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-30 03:07 - 2015-02-08 15:31 - 00003112 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2273160904-4274275969-784373220-500
2015-08-30 03:07 - 2015-02-08 15:31 - 00000000 ___RD C:\Users\Administrator\OneDrive
2015-08-30 03:06 - 2015-02-08 16:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2015-08-30 03:05 - 2015-02-09 19:04 - 00155592 _____ C:\Windows\DPINST.LOG
2015-08-30 03:04 - 2015-02-08 16:09 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-30 03:04 - 2015-02-08 16:09 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-30 03:02 - 2015-02-08 13:50 - 00000000 ____D C:\Users\Administrator
2015-08-30 02:58 - 2015-02-18 17:53 - 00014880 _____ C:\Windows\error.log
2015-08-30 02:58 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-30 02:57 - 2015-02-18 17:53 - 00004761 _____ C:\Windows\errord.log
2015-08-30 01:51 - 2015-02-08 14:12 - 00011264 _____ C:\Windows\CUAppUsage.Dat
2015-08-30 01:50 - 2015-02-08 05:13 - 00000000 ____D C:\Users\dale
2015-08-30 01:49 - 2015-02-11 04:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2015-08-30 01:49 - 2015-02-08 14:20 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2015-08-30 01:49 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppCompat
2015-08-30 01:48 - 2015-07-26 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-30 01:48 - 2015-02-08 16:46 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2015-08-30 01:48 - 2015-02-08 14:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-30 01:34 - 2015-07-28 08:49 - 00000000 ____D C:\Users\Administrator\Desktop\Cayman 2015
2015-08-30 01:34 - 2015-02-08 15:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2015-08-30 01:34 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\registration
2015-08-30 01:32 - 2015-04-01 13:11 - 00000000 ____D C:\ProgramData\InstallShield
2015-08-30 01:32 - 2015-02-08 16:45 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-08-30 01:31 - 2014-03-18 03:24 - 00000000 __RHD C:\MSOCache
2015-08-25 20:47 - 2015-07-04 00:08 - 00119808 ___SH C:\Users\Administrator\Desktop\Thumbs.db
2015-08-22 18:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-08-13 20:08 - 2014-11-21 09:29 - 00071098 _____ C:\Windows\PFRO.log
2015-08-09 01:18 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-09 01:15 - 2015-07-22 20:32 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Andy_44_Online
2015-08-09 01:12 - 2015-04-29 22:31 - 00000000 ____D C:\Program Files\Andy
2015-08-09 01:10 - 2015-04-30 13:21 - 00000000 ____D C:\Users\Administrator\VirtualBox VMs
2015-08-09 01:06 - 2015-04-29 22:42 - 00000000 ____D C:\Users\Administrator\.VirtualBox
2015-08-05 19:33 - 2013-08-22 14:37 - 00089600 _____ (Seiko Epson Corporation.) C:\Windows\system32\ep0icd3.dll
2015-08-03 19:59 - 2014-11-21 09:38 - 01367332 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-02-13 17:09 - 2015-02-13 17:19 - 1289216 _____ () C:\Program Files (x86)\JumplistLauncher.exe
2015-02-13 17:20 - 2015-06-29 12:26 - 0005256 _____ () C:\Program Files (x86)\settings.dat
2015-05-27 21:38 - 2015-05-27 21:45 - 0000539 _____ () C:\Users\Administrator\AppData\Roaming\DarkAdapted Preferences
2015-02-08 23:42 - 2015-02-08 23:42 - 0118724 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS
2015-02-08 23:42 - 2015-02-08 23:42 - 0000318 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part
2015-06-12 16:27 - 2015-06-12 16:27 - 0003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 10:43 - 2015-02-12 10:43 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.1.02.agreement
2015-02-17 20:38 - 2015-02-17 20:38 - 0000055 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.dir
2015-02-12 10:47 - 2015-07-25 18:40 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.filterindex
2015-02-12 10:44 - 2015-07-25 18:39 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.sourcedisk.index
2015-02-14 04:56 - 2015-02-14 04:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-05 18:14 - 2015-05-05 18:14 - 0010295 _____ () C:\ProgramData\regid.2011-06.com.youtubebyclick_3C521B99-9ACE-47EA-AC9F-26075467D03B.swidtag

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\keygen.exe
C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\R2REXT.dll
C:\Users\Administrator\AppData\Local\Temp\R2RTOOL.dll
C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Administrator\AppData\Local\Temp\sfareca00001.dll
C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
C:\Users\dale\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\dale\AppData\Local\Temp\feedback.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-21 19:59

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-08-2015
Ran by Administrator (2015-08-30 09:57:56)
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2273160904-4274275969-784373220-500 - Administrator - Enabled) => C:\Users\Administrator
dale (S-1-5-21-2273160904-4274275969-784373220-1001 - Administrator - Enabled) => C:\Users\dale
Guest (S-1-5-21-2273160904-4274275969-784373220-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2273160904-4274275969-784373220-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Disabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 12 Corporate (HKLM-x32\...\{F12000CE-0001-0000-0000-074957833700}) (Version: 12.1.439 - ABBYY Production LLC)
Ableton Live 9 Suite (HKLM\...\{D4EA4767-BB54-4094-A9F9-F058C2D47DA3}) (Version: 9.0.0.0 - Ableton)
Ace Stream Media 3.1.0-b2 (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\AceStream) (Version: 3.1.0-b2 - Ace Stream Media) <==== ATTENTION
Active@ File Recovery Professional 14 (HKLM\...\{C34F36E0-4D8B-42E8-90AD-50C76E1AE282}_is1) (Version: 14 - LSoft Technologies Inc)
ActivePerl 5.16.1 Build 1601 (64-bit) (HKLM\...\{653D48F0-098C-45C1-8267-86EA7B9D0EDB}) (Version: 5.16.1601 - ActiveState)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Allmyapps (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Allmyapps) (Version: 2.0.0.30 - Allmyapps)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Andy OS (HKLM-x32\...\Andy OS) (Version: 0.43 - Andy OS, Inc)
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARIA Engine v1.6.2.0 (HKLM\...\ARIA Engine_is1) (Version: v1.6.2.0 - Plogue Art et Technologie, Inc)
Ashampoo MP3 Cover Finder v.1.0.12 (HKLM-x32\...\{5A842CF6-7E61-52D7-C64C-2F20E9D408F1}_is1) (Version: 1.0.12 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoHotkey 1.1.19.02 (HKLM\...\AutoHotkey) (Version: 1.1.19.02 - Lexikos)
BBC iPlayer Downloads (HKLM-x32\...\{C3794B09-6C43-4B93-9CA8-F10BECCF2971}) (Version: 1.11.1 - BBC)
BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version: - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bluetooth Command Line Tools 1.2 (HKLM-x32\...\{2557A2FA-2A9A-4829-AD02-8DD95C7E4B8B}_is1) (Version: 1.2.0.56 - bluetoothinstaller.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chainer v1.0 (HKLM-x32\...\Chainer 1.0) (Version: - )
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Clipboard History (HKLM-x32\...\ClipboardHistory) (Version: 1.0 - Outertech)
COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)
COMODO Programs Manager (HKLM\...\{D968E920-3A49-48EB-BA1D-8964DCDF0CA9}) (Version: 1.3_build_30 - COMODO)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CSR BlueSuite 2.5.0 (HKLM-x32\...\CSR BlueSuite 2.5.0_is1) (Version: - Cambridge Silicon Radio Ltd.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
DarkAdapted 3.0 (HKLM-x32\...\{FDA06822-011E-4A1E-9B2E-BF25D5C453F8}_is1) (Version: - AquilaDigital Partnership)
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.6.0 - oldsch00l)
Direct WAV MP3 Splitter version 2.7.0.25 (HKLM-x32\...\Direct WAV MP3 Splitter_is1) (Version: 2.7.0.25 - Piston Software)
DiskInternals Partition Recovery (HKLM-x32\...\DiskInternals Partition Recovery) (Version: 5.4 - DiskInternals Research)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Droid Explorer 0.9.0.2 (x64) (HKLM\...\{CEC12343-D6C5-4C69-9A3D-295A2459B37D}) (Version: 0.9.0.2 - Ryan Conrad)
EaseUS Data Recovery Wizard 8.6 (HKLM\...\EaseUS Data Recovery Wizard 8.6_is1) (Version: - EaseUS)
EaseUS Partition Master 10.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EaseUS Todo Backup Advanced Server 7.5 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 7.5 - CHENGDU YIWO Tech Development Co., Ltd)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
EKS Driver Pack 16.12.2010 (HKLM\...\EKS Driver Pack 16.12.2010) (Version: 16.12.2010 - EKS)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 0.9.1 - )
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack)
EZdrummer 2 64-bit Update (HKLM\...\{11CC8964-9CB0-46E6-9218-CD39ED4A554D}) (Version: 2.0.1 - Toontrack)
EZkeys Grand Piano 64 (HKLM\...\{23CA8D91-FD3B-4EE6-BBDF-B5924E7E44EB}) (Version: 1.0.2 - Toontrack)
EZXPercussion (HKLM-x32\...\{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}) (Version: 1.0 - Toontrack)
Finale 2012 (HKLM-x32\...\Finale 2012) (Version: 2012.c.r13.4 - MakeMusic)
FreeFileSync 6.13 (HKLM-x32\...\FreeFileSync_is1) (Version: 6.13 - www.FreeFileSync.org)
Garritan ARIA Player v1.620 (HKLM\...\__ARIA_1012___is1) (Version: v1.6.2.0 - Garritan)
Garritan Instruments for Finale (HKLM\...\__ARIA_1013___is1) (Version: v2.0.0.0 - Garritan)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: - HDS)
HDD Raw Copy Tool v1.02 (HKLM-x32\...\HDD Raw Copy Tool_is1) (Version: - HDDGURU)
HeavyLoad V3.3 (64 bit) (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software)
Hit'n'Mix Play (HKLM-x32\...\Hit'n'Mix Play) (Version: 1.5.8 - Hit'n'Mix Ltd)
HWiNFO32 Version 4.50 (HKLM-x32\...\HWiNFO32_is1) (Version: 4.50 - Martin Malík - REALiX)
HWiNFO64 Version 4.50 (HKLM\...\HWiNFO64_is1) (Version: 4.50 - Martin Malík - REALiX)
Image for Windows 2.86 Trial (HKLM-x32\...\Image for Windows (V2)_is1) (Version: - TeraByte Unlimited)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JBridge (HKLM-x32\...\JBridge) (Version: - JBridge)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jumplist Extender (HKLM-x32\...\{2D5349D5-167D-4D27-BD8C-9117A6C63FED}_is1) (Version: 0.4 - Marco Zafra)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
M-Audio ProKeysSono Driver 6.0.2 (x64) (HKLM\...\{5008FD09-0F0B-4B0B-93FF-A7302137F62E}) (Version: 6.0.2 - M-Audio)
Max 6.1.10 (x64) (HKLM\...\{C8F67FDD-EE0B-4F60-9FAD-1B49C4E2EB63}) (Version: 136.1.10 - Cycling '74)
MediaHint (HKLM-x32\...\{35487E7F-80C5-42AB-B6F4-13E603645E44}) (Version: 1.80.0000 - MediaHint)
MediaInfo 0.7.72 (HKLM\...\MediaInfo) (Version: 0.7.72 - MediaArea.net)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
MeldaProduction MTotalBundle64 8 (HKLM-x32\...\MeldaProduction MTotalBundle64 8) (Version: - MeldaProduction)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40620.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MIDI Yoke (HKLM-x32\...\{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}) (Version: 1.75.53 - JOConnell)
MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Mp3tag v2.65a (HKLM-x32\...\Mp3tag) (Version: v2.65a - Florian Heidenreich)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.4.2.245 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: - Native Instruments)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Novation USB Audio Driver 2.6 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.6 - Novation DMS Ltd.)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.28 (HKLM\...\{E8BB81BC-E67C-4750-84EE-128DA5A7ADA5}) (Version: 4.3.28 - Oracle Corporation)
OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1015 - Passmark Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Oxford Spanish Dictionary (HKLM-x32\...\Oxford Spanish Dictionary) (Version: - )
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pianoteq v2.3.0 (HKLM-x32\...\Pianoteq23) (Version: - )
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
QtWeb Internet Browser 3.8.5 (HKLM-x32\...\{13C0E1F7-BB8A-4545-B25E-628D025A94AD}_is1) (Version: - QtWeb.NET)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Quod Libet - audio library tagger, manager, and player (HKLM-x32\...\Quod Libet) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7399 - Realtek Semiconductor Corp.)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
R-Studio 7.5 (HKLM-x32\...\R-Studio 7.5NSIS) (Version: 7.5.156292 - R-Tools Technology Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Seagate DiscWizard (HKLM-x32\...\{80AB2C3C-87B7-47C7-928C-ED5374631C97}) (Version: 16.0.5840 - Seagate)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Similarity 64-bit 1.9.2 (HKLM\...\{02F06E82-CCC3-4F71-ADC6-A65338E4A9DF}) (Version: 1.9.1941 - GAR Software)
Skype Web Plugin (HKLM-x32\...\{75BBD24C-C19A-4885-B8FD-EB15009277D3}) (Version: 7.5.0.123 - Skype Technologies S.A.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Snagit 12 (HKLM-x32\...\{d02e7440-ca9b-4c28-b0bf-f226a6c79efd}) (Version: 12.3.1.2879 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.3.1 - TechSmith Corporation) Hidden
SopCast 3.9.6 (HKLM-x32\...\SopCast) (Version: 3.9.6 - www.sopcast.com)
Spectrasonics Trilian Library version 1.0 (HKLM-x32\...\Spectrasonics Trilian Library_is1) (Version: - Copyright (C) 2009-2011 Spectrasonics)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Spotydl 0.9.37.0 (HKLM-x32\...\Spotydl_is1) (Version: 0.9.37.0 - spotydl.com)
SUPER © v2015.build.64+Recorder (2015/02/13) version v2015.buil (HKLM-x32\...\{8E2A29E2-96BF-8759-4DA7-5C16C90729A4}_is1) (Version: v2015.build.64+Recorder - eRightSoft)
Superior Drummer 64-bit (HKLM\...\{22029AEE-38DF-4E35-AEF4-FE8CA3F6667F}) (Version: 2.4.0 - Toontrack)
Superior Drummer Installer (HKLM-x32\...\{009AC76E-1A66-4682-82B7-417E77F3C648}) (Version: 2.0.1 - Toontrack)
Tag&Rename 3.8.6 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.8.6 - Softpointer Inc)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38475 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
TotalDocConverter (HKLM-x32\...\Total Doc Converter_is1) (Version: - Softplicity, Inc.)
Tunatic (HKLM-x32\...\Tunatic) (Version: - )
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TunnelBear (HKLM-x32\...\{a8a8801e-37a4-4866-a5dc-2d8b0943b84c}) (Version: 2.3.13.0 - TunnelBear)
TunnelBear (x32 Version: 2.3.13.0 - TunnelBear) Hidden
Undelete 360 (HKLM-x32\...\Undelete 360_is1) (Version: - File Recovery Ltd.)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Download Capture V4.8.0 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.8.0 - Apowersoft)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - )
Virtual Disk Driver (HKLM-x32\...\{6B6137AE-281D-419E-9F40-FFD1B42A740D}) (Version: 1.1.2141 - Acronis)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (02/03/2011 2.4.0.0) (HKLM\...\88C277C6E63CBDAF35A096E80A5B97A29A619D3A) (Version: 02/03/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (USBSPI) USB (01/21/2011 2.4.0.0) (HKLM\...\516F2BEA6007D982DCE90BA1592C17F0FFD75DBA) (Version: 01/21/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Xentone version 1.3.61 (HKLM-x32\...\{06AF433A-92A9-4DFB-A7F3-2F413BB35A8B}}_is1) (Version: 1.3.61 - H-Pi Instruments)
YouTubeByClick (HKLM-x32\...\{C05E2D5A-938F-41AD-98C5-A6BCBC69CE2F}) (Version: 2.2.10 - YouTubeByClick.com)
YTD Video Downloader 4.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{2FF31824-C74B-43A1-1CC9-3201696135BC}\InprocServer32 -> C:\Windows\SYSTEM32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{59CA9673-A08B-489C-8932-1C3E0CF244D8}\localserver32 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{B982932A-124D-489C-A7B3-8BCD1FDB8DD3}\InprocServer32 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

09-08-2015 14:41:01 Scheduled Checkpoint
14-08-2015 17:50:17 Installed Software Updater
21-08-2015 20:04:54 Scheduled Checkpoint
22-08-2015 21:21:33 Installed Compatibility Pack for the 2007 Office system
29-08-2015 21:46:19 Revo Uninstaller's restore point - Sony Ericsson Update Service
30-08-2015 01:22:57 Restore Operation
30-08-2015 08:08:22 Before flash update after restore

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-07-01 01:57 - 00000877 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.meldaproduction.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01828FF6-966A-4547-89BE-BA5A6D870203} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-12] (COMODO)
Task: {0434ED0A-02E4-4377-BBBB-41A6936BAFBA} - System32\Tasks\AllmyappsUpdateTask => C:\Users\Administrator\AppData\Roaming\Allmyapps\Allmyapps.exe [2014-04-04] (Allmyapps SAS)
Task: {067463E9-03F5-4E50-9D31-65ECF68B1F0C} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-12] (COMODO)
Task: {17B8FF30-AB86-45C0-939B-4F7D72C15537} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2273160904-4274275969-784373220-500 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {19D06676-597C-4187-91A5-40B5DD2BD986} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-02-08] (Microsoft Corporation)
Task: {1EDAAA73-43AD-4D9E-875B-67EE4C418BD1} - System32\Tasks\AdobeAAMUpdater-1.0-Dales-PC-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {2CAADEC8-0729-4BE1-8FC1-C7B04DB78326} - System32\Tasks\{2197BCF0-4C78-47ED-8786-E6EC2178D3A7} => Firefox.exe http://ui.skype.com/ui/0/7.6.85.105/en/go/help.faq.installer?LastError=1603
Task: {4DCF11D7-AD36-4436-9AB8-7F8208E69E71} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Administrator => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2015-02-08] (H.D.S. Hungary)
Task: {5D1B51F4-0905-4261-BBD2-E4E4AF6FA618} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {5FD3960E-39ED-439E-8372-CC00A8E28C08} - System32\Tasks\{87CF9565-6A72-4FA2-B9DF-7C37814BDC8B} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.1.0.105&amp;LastError=12002
Task: {67ED5FDD-C06F-4446-9409-04952F093942} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-26] (Microsoft Corporation)
Task: {67F47573-EBF5-4B19-A167-CFEC0BB5E93B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-30] (Adobe Systems Incorporated)
Task: {6870BB2C-E93C-445E-8488-1C379FD0E1E2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-26] (Adobe Systems Incorporated)
Task: {6E00464F-41BC-4880-A8DD-FCDEB99C1022} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2015-02-08] (Microsoft Corporation)
Task: {79B34201-A62A-47B6-A258-5FF0A398990A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {876DB197-CAC1-4365-B483-46E4F34C073E} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-12] (COMODO)
Task: {8B936048-9BC0-4EFB-B7D2-53D2F4A90ADC} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2015-03-31] (TechSmith Corporation)
Task: {A0459977-33F3-4E0E-8396-DCD96DC1B94E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-02-08] (Microsoft Corporation)
Task: {AB848DC0-BA68-48DE-9274-E18DC5F50F72} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-12] (COMODO)
Task: {ADA39BA3-6806-441A-A59C-DB1A83CC1869} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-12] (COMODO)
Task: {BD797F8E-1326-41E3-811A-3310E17F39AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-26] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-09-02 21:51 - 2014-09-02 21:51 - 00537600 _____ () C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2011-09-05 17:11 - 2011-09-05 17:11 - 00116032 _____ () C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
2013-04-15 19:39 - 2015-01-09 00:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-02-26 18:24 - 2015-02-26 18:24 - 00240680 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2012-10-01 22:36 - 2012-10-01 22:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00098824 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00031240 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00017416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00088584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 01296392 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00060936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00107528 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00075784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00030216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00068104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00158216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00275976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00072200 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00139784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00037384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00297512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00743976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00472616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00193032 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00255496 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00243344 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\uexper.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00163914 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libssh2.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00145928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00076808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00207880 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00024584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00020488 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00032264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00034824 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00064008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00022536 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00115720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00194056 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00135688 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00037896 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00135688 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00019976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00043016 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00096776 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00353800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00027144 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00137224 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00146952 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00050184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00061960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00089608 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00056328 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00223752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2010-11-22 15:26 - 2010-11-22 15:26 - 00047880 _____ () C:\Program Files (x86)\ClipboardHistory\ClipboardHotkey.dll
2013-01-10 15:43 - 2013-01-10 15:43 - 00014360 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2015-08-30 09:44 - 2015-08-30 09:44 - 00158720 _____ () C:\Users\Administrator\AppData\Local\Temp\sfareca00001.dll
2015-02-09 00:59 - 2015-08-30 09:44 - 00192512 _____ () C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
 
***SECOND PART OF ADDITIONAL***


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files (x86)\JumplistLauncher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\Ckconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\Ckrfresh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\lsb_un20.exe:$CmdTcID
AlternateDataStreams: C:\Windows\MASetupCaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\MusiccityDownload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\Setup_ck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AcpiServiceVnA64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AdobePDF.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AdobePDFUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audioLibVc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BcmBtRSupport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BootMan.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\btwdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BtwRSupportService.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Ckldrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Crypserv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CsrSecCoins.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CX64APO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPA64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPA64F3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPD64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPD64AF3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPO64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPO64AF3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPP64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPP64AF3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSU2PGFX64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSU2PLFX64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSU2PREC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ep0icd3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EuEpmGdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\E_GCINST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\E_YD4BNFE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\E_YLMBNFE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fbnative.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hpinkcoiB111.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hpinkinsB111.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hpinkstsB111LM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ICEsoundAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KAAPORT64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxbkcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxbkcnv4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxbkcnv5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxbkcoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxbkcoms.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxbkdrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxbkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxbkih.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxbkvs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\M-AudioTaskBarIcon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO4064.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO5064.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO6064.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPOShell64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxSpeechAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO2064.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO3064.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MISS_APO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mv91xxm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NAHIMICAPOlfx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NahimicAPONSControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvaudcap64v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434144.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434144.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvnusbaudio_coinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\R4EEA64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\R4EED64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\R4EEG64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\R4EEL64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\R4EEP64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RCoInstII64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RltkAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtDataProc64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtkCoLDR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtNicProp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtscan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SFAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SFCOM64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SFNHK64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SFSS_APO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sl3apo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slcnt64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slprp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sltech64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRCOM64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRRPTR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tadefxapo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tadefxapo264.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tepeqapo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tosade.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tosasfapo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\toseaeapo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tossaeapo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VBoxNetFltNobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WavesGUILib64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdfcoinstaller01009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiafbdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDScDrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\YamahaAE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ApowersoftScreenCapturing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ApowersoftScreenCapturingFilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ApowersoftVideoMixerFilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BootMan.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dgderapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\epmntdrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EuEpmGdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EuGdiDrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lxbkcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lxbkcoms.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lxbkih.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lxbkppls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MASetupCleaner.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MFC71ESP.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\muzapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvaudcap32v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvStreaming.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Olepau32.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pncrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Redemption.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RltkAPO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupempdrv03.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SFCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SRCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\swscale-lav-2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TAKDSDecoder.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Apowersoft_AudioDevice.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bcbtums.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bthav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\btwampfl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\csrbc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\csrusbfilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dtlitescsibus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\eksmidi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\eubakup.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\EUBKMON.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\eudskacs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\EuFdDisk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorA.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\jraid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\MAudioProKeysSono.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\MAudioProKeysSono_DFU.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mv91cons.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mvs91xx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mvxxmm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvnusbaudio.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvvad64v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\phylock.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rsdrvx64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rspLLL64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Rt630x64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tap-tb-0901.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tosporte.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfbd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfbnp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfcom.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Tosrfhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfnds.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TosRfSnd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfusb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxDrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetFlt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSB.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSBMon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WSDScan.sys:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Cookies:RxhZ9woyaG2Kyu070E6ze
AlternateDataStreams: C:\Users\Administrator\Local Settings:rJ4j1Rw0zYvQPSIMvmMh
AlternateDataStreams: C:\Users\Administrator\Desktop\Num_2._Art_4._Diane_Fromage.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Desktop\Run Explorer as System.bat:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\11760405_10153030110535679_1542847361_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_4.207.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Andy_Android_Emulator_v44_10.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\B00TFORUM8.htm:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\epson378919eu.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\epson513359eu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\epson513359eu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\ercclptn-unplgged2013.rar.part:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(1).gp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(2).gp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp4:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp5:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(2).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Flash_tool_for_Xperia_6.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\gapa.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\gapa.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\interim-101-guidance-12-2014.PDF:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\JBL_CHARGE_2.7z:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0(1):$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0(1):$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_2:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\NPE.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\phylock_ifw2.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\phylock_ifw2.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Pink-Tambourine.rar:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Pink-Tambourine.rar:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Pro027.xlsx:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\QQ截图20150707110501.png:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeWebPlugin.msi:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeWebPlugin.msi:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam EXAMPLE.midi:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam README.rtf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam.tci:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\test-ramp-1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\third_year_progress_report_locked_2.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\UniversalAdbDriver.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\UniversalAdbDriver.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\[kat.cr]microsoft.windows.10.home.and.pro.x64.clean.iso.torrent:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\[kat.cr]va.damn.presents.the.mash.ups.2007.dance(1).torrent:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\[kat.cr]va.damn.presents.the.mash.ups.2007.dance.torrent:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\[kat.cr]va.damn.presents.the.mash.ups.2007.dance.torrent:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\[kat.cr]va.high.voltage.mash.ups.2009.dubinferno.torrent:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\AppData\Local:rJ4j1Rw0zYvQPSIMvmMh
AlternateDataStreams: C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\AppData\Local\Application Data:rJ4j1Rw0zYvQPSIMvmMh
AlternateDataStreams: C:\Users\Administrator\AppData\Local\Temporary Internet Files:VQdFEeXtwm6V30vPb6pxouFFoY
AlternateDataStreams: C:\ProgramData\Microsoft:6TyF1Wzu89Wq7FSv4wFIEAerA
AlternateDataStreams: C:\ProgramData\Microsoft:HPxbQxmU4gcmqOIYe1Zp3do4EiB
AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE
AlternateDataStreams: C:\ProgramData\TEMP:535FBEA2
AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9
AlternateDataStreams: C:\ProgramData\TEMP:89FAC91C
AlternateDataStreams: C:\ProgramData\TEMP:CF08C48A
AlternateDataStreams: C:\ProgramData\TEMP:DDCCB2FA
AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA
AlternateDataStreams: C:\Users\dale\OneDrive:ms-properties
 
***THIRD PART OF ADDITIONAL ***

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2273160904-4274275969-784373220-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv Firewall Service is not running.
MpsSvc Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: NvNetworkService => 3
MSCONFIG\Services: NvStreamSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 3
MSCONFIG\Services: TeamViewer => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 3
HKLM\...\StartupApproved\Run: => "Seagate Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "lxbkbmgr.exe"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "M-Audio Taskbar Icon"
HKLM\...\StartupApproved\Run: => "CsrHCRPServer"
HKLM\...\StartupApproved\Run: => "CsrAudioguiCtrl"
HKLM\...\StartupApproved\Run: => "CsrSyncMLServer"
HKLM\...\StartupApproved\Run: => "vksts"
HKLM\...\StartupApproved\Run: => "HarmonyUserStartup"
HKLM\...\StartupApproved\Run: => "CSRHarmonySkypePlugin"
HKLM\...\StartupApproved\Run: => "TrayApplication"
HKLM\...\StartupApproved\Run32: => "DiscWizardMonitor.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => ""
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "Andy"
HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR12"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\StartupFolder: => "speedfan.exe - Shortcut.lnk"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\StartupFolder: => "Core Temp.lnk"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Allmyapps"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Allmyapps Update"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "JumplistWatcher"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "TunnelBear"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Gamma Panel executable"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Embtion"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => ""
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{2783EB04-052E-4EE9-A29A-E7483E67E5A8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AFEFDFB0-96A7-4F22-B04E-1F5B32D2ECEA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{BB857866-C605-4D99-B8A7-D429BF3FFE9D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3AAB0A6E-8633-40BE-9CE3-BFEABF561371}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{92AC6E3A-022D-462E-A4CD-CEE2D29497E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DD657591-C16D-46FB-B66B-515E384E577E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4AD873A6-E094-4FB6-924D-EAB11B3FD0A4}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2B4572F5-7D98-4AC1-8E08-F189EF61B055}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6B121315-D6E3-4BF0-B7E6-E89FE9E7FD06}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{B1677CDD-F448-4280-B537-A630A4C7B902}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{2D92E39D-E942-4BB6-A452-053239D5FAB8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{071EBA47-B5B0-464C-9000-603129FD4ED9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{2FD3DE22-6802-460E-8435-333FF067CE04}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{2AE87BD6-B282-44D1-AC90-ED6FB717BC16}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{C1A96054-23C3-4B1A-A9BF-7520F4BB7F9A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{A106BA46-F08D-436B-87AB-45E6F5BDEE95}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{E0214837-48B4-41EB-8C0B-DE2D2B0A3832}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{39037797-C465-4832-9037-EDDF4C9DC3D4}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{005841C4-B1CA-4065-879C-BD848B8714D1}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{1EC951D6-9F1D-43F4-BEC8-AB637508BE46}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{B5F4C02A-497F-4710-AC65-0EB1DE15435C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{AD96584F-67AC-4F82-9BBE-AD5C0E6E61A6}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{2F4ACAA2-9C79-4F78-8591-9A42FEB5E507}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{1DDDFB35-984E-4D04-BB81-A3F834FC965D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{B9DAF5DF-E6FE-4999-A521-094A1F6AAA4B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{10947210-F4B5-4040-826D-D6317AF7CB46}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{CCDF3E5D-873C-4A95-8E16-E4F8915FB36C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{B47FB92A-9D42-4C41-A953-3DDB8071316A}] => (Allow) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{7DD3B35C-6EFF-4A5D-8832-980DA8E1411A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{CB635AB7-168B-418D-B5B7-995972C7EFDF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{1EF2B9E8-7AC1-4BCA-A986-B69047FC9B89}] => (Allow) F:\B\Ma\PROGRAM DATA AND PROJECTS ETC\uTorrent Software\uTorrentSoftware.exe
FirewallRules: [{3860C4B0-E795-4F41-ACC2-E3FB090BA3FD}] => (Allow) F:\B\Ma\PROGRAM DATA AND PROJECTS ETC\uTorrent Software\uTorrentSoftware.exe
FirewallRules: [{0C752913-45A1-4039-817C-6060C2C89110}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5141F975-0650-4626-A23C-7522CE51BDFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{033BF356-B984-4958-B584-91A1372E18B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0E3DBB5D-9AA8-4CD1-BF00-A5BCE1C1FE55}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============

Name: EKS XP-Series MIDI Driver
Description: EKS XP-Series MIDI Driver
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: EKS
Service: eksmidi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/30/2015 09:54:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 30.8.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bd4

Start Time: 01d0e2f8c9512884

Termination Time: 4294967295

Application Path: C:\Users\Administrator\Downloads\FRST64.exe

Report Id: 43a95df0-4eec-11e5-82e0-001d0975e885

Faulting package full name:

Faulting package-relative application ID:

Error: (08/30/2015 09:45:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/30/2015 09:45:52 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/30/2015 09:36:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/30/2015 09:36:02 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/30/2015 09:27:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3766

Error: (08/30/2015 09:27:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3766

Error: (08/30/2015 09:27:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/30/2015 09:27:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1641

Error: (08/30/2015 09:27:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1641


System errors:
=============
Error: (08/30/2015 09:39:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/30/2015 03:40:03 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with the following service-specific error:
%%2147944153

Error: (08/30/2015 03:29:50 AM) (Source: DCOM) (EventID: 10010) (User: Dales-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (08/30/2015 03:29:20 AM) (Source: DCOM) (EventID: 10010) (User: Dales-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (08/30/2015 02:58:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (08/30/2015 01:25:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CPMService service.

Error: (08/30/2015 01:01:01 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with the following service-specific error:
%%2147944153

Error: (08/30/2015 12:59:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (08/30/2015 12:59:53 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 00:44:33 on ‎30/‎08/‎2015 was unexpected.

Error: (08/30/2015 12:46:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.


Microsoft Office:
=========================
Error: (08/30/2015 09:54:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe30.8.2015.0bd401d0e2f8c95128844294967295C:\Users\Administrator\Downloads\FRST64.exe43a95df0-4eec-11e5-82e0-001d0975e885

Error: (08/30/2015 09:45:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/30/2015 09:45:52 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/30/2015 09:36:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/30/2015 09:36:02 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/30/2015 09:27:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3766

Error: (08/30/2015 09:27:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3766

Error: (08/30/2015 09:27:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/30/2015 09:27:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1641

Error: (08/30/2015 09:27:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1641


CodeIntegrity:
===================================
Date: 2015-02-13 03:53:54.797
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-13 03:05:40.455
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-13 02:53:10.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-13 02:47:49.353
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-13 02:43:24.057
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-13 02:25:55.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-13 02:09:56.777
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-13 01:51:28.991
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-13 01:28:52.421
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-13 01:12:35.516
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz
Percentage of memory in use: 55%
Total physical RAM: 3317.17 MB
Available physical RAM: 1477.73 MB
Total Virtual: 5173.17 MB
Available Virtual: 3066.73 MB

==================== Drives ================================

Drive c: (Windows 8.1) (Fixed) (Total:232.88 GB) (Free:62.57 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: EA270E9A)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

redtarget.gif
Uninstall following unwanted programs:

Ace Stream Media
YTD Video Downloader

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
OK, scans done.

Adware Cleaner log:

# AdwCleaner v5.008 - Logfile created 26/09/2015 at 14:59:06
# Updated 18/09/2015 by Xplode
# Database : 2015-09-23.1 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Administrator - DALES-PC
# Running from : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SECURITY\adwcleaner_5.008(1).exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[x] Folder Not Deleted : C:\ProgramData\Allmyapps
[-] Folder Deleted : C:\ProgramData\{00E0164B-B182-4800-96DA-F8D39B3A7189}
[-] Folder Deleted : C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[-] Folder Deleted : C:\ProgramData\{2E9C94ED-C152-4D5D-8E21-AAE23373844C}
[-] Folder Deleted : C:\ProgramData\{B2C6E14C-4505-4C8C-A718-746AEC51B32B}
[-] Folder Deleted : C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[x] Folder Not Deleted : C:\Users\Administrator\AppData\Roaming\Allmyapps

***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1310 bytes] ##########

Malware Bytes Log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 26/09/2015
Scan Time: 03:28
Logfile: MWB Scan.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.26.01
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 447365
Time Elapsed: 39 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Amonetize, C:\Users\Administrator\AppData\Local\2032, Quarantined, [fa7f53e198f3be784836d2631be87a86],

Files: 3
PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-2273160904-4274275969-784373220-500\$R0KZZNE.exe, Quarantined, [fc7d36febccf41f5fdf43f9ddb26c63a],
PUP.Optional.Amonetize, C:\Users\Administrator\AppData\Local\2032\status.cfg, Quarantined, [fa7f53e198f3be784836d2631be87a86],
PUP.Optional.Amonetize, C:\Users\Administrator\AppData\Local\2032\Updater.xml, Quarantined, [fa7f53e198f3be784836d2631be87a86],

Physical Sectors: 0
(No malicious items detected)


(end)

Rogue Killer Log:

RogueKiller V10.10.6.0 (x64) [Sep 21 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 09/26/2015 03:08:20

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9250410AS ATA Device +++++
--- User ---
[MBR] 486698ea1b1cbfef0aad532be991f28e
[BSP] f45cd0380af1b9b8b98c157a086c2085 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: TDK LoR TF10 USB Device +++++
--- User ---
[MBR] c0236c9873b9c6baf5511eb22ab04dae
[BSP] bba77e2ae928bf9504918bb948070ce3 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 7380 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.3 (09.21.2015:1)
OS: Windows 8.1 Pro x64
Ran by Administrator on 26/09/2015 at 15:51:36.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Disk Space Explorer Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ai_recyclebin
Successfully deleted: [Folder] C:\ProgramData\allmyapps
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tuneup utilities 2014
Successfully deleted: [Folder] C:\Users\Administrator\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Administrator\Appdata\LocalLow\.acestream
Successfully deleted: [Folder] C:\Users\Administrator\AppData\Roaming\.acestream
Successfully deleted: [Folder] C:\Users\Administrator\AppData\Roaming\allmyapps



~~~ FireFox

Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\ulpdv8g8.default\extensions\firefox1@myibay.com.xpi
Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\ulpdv8g8.default\extensions\undoclosedtabsbutton@supernova00.biz.xpi
Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\ulpdv8g8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\ulpdv8g8.default\minidumps [56 files]



~~~ Chrome


[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/09/2015 at 16:44:40.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Browser is still being redirected. Only happens on Firefox. Happens on 50% of the links I click on on Google I'd say.

For example, the following redirects have happened since doing all the above scans:

1) Intended page, via google:
http://www.elephonemobile.com/collections/pre-order/products/elephone-vowney?variant=1681582467

Redirected to:

http://voxfind.com/?category=Web&st=dr&ic=&q=windows

2) Intended page, (via google)

Redirected
first to: http://filter.adventurefeeds.com/filter?q=skype+download&I=JbqAXFjCC6I_6&t=1351381051

...then immediately automatically redirected (so kind a double redirect) to..

http://track.youniversalmedia.com/o...vd25sb2FkIjtzOjg6InJlZGlyZWN0IjtzOjI6ImpzIjt9

Other example pages ridected to:

http://www.movistar-ofertas.es/fusi...urce=dm88&partnerid=75afa20804280b0cc559089f6

http://es.strawberrynet.com/cologne...men-extreme-eau-de/103010/?trackid=7083500002
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Done:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Administrator (administrator) on DALES-PC (27-09-2015 03:31:38)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: dale & Administrator)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
() C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
( ) C:\Windows\System32\lxbkcoms.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774552 2015-02-15] (Realtek Semiconductor)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400720 2013-10-31] (Seagate)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2015-02-08] (IvoSoft)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-07-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798216 2015-02-15] (Avid Technology, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6418376 2013-10-31] (Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105184 2013-01-10] (Acronis)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2015-02-17] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-02-08] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2015-02-08] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2015-02-08] ()
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2015-02-17] ()
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-05-05] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1517088 2015-05-19] (ABBYY Production LLC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-09-16] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2015-09-26] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2015-09-26] (Adobe Systems Inc.)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [506728 2015-02-08] (Outertech)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-05-05] (Samsung)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [JumplistWatcher] => C:\Program Files (x86)\JumplistExtender\T7EBackground.exe [622592 2015-02-08] (Marco Zafra)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TBear.Client.exe [2588608 2015-04-25] (TunnelBear)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Spotify Web Helper] => C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-05] (Spotify Ltd)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Spotify] => C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-05-05] (Spotify Ltd)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-225 Series"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\MountPoints2: {89bb100f-c06a-11e4-8293-001a7d0abf05} - "E:\Autoplay.exe" -auto
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk [2015-02-08]
ShortcutTarget: Core Temp.lnk -> C:\ProgramData\Allmyapps\apps\18327\Core Temp.exe (No File)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.exe - Shortcut.lnk [2015-02-13]
ShortcutTarget: speedfan.exe - Shortcut.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Internet Explorer:
==================
HKU\S-1-5-21-2273160904-4274275969-784373220-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-16] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-16] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-11] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-04-11] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default
FF NewTab: www.google.co.uk
FF DefaultSearchEngine: Google UK
FF SelectedSearchEngine: Google UK
FF Homepage: www.google.co.uk
FF NetworkProxy: "ftp", "180.183.105.55"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "socks", "180.183.105.55"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "180.183.105.55"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-11] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-04-11] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2273160904-4274275969-784373220-500: SkypePlugin -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2273160904-4274275969-784373220-500: SkypePlugin64 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-08] (Apple Inc.)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\searchplugins\google-maps-uk.xml [2015-09-11]
FF Extension: Xmarks - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\foxmarks@kei.com [2015-05-15]
FF Extension: Print pages to PDF - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\printPages2Pdf@reinhold.ripper [2015-05-31]
FF Extension: EPUBReader - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-05-31]
FF Extension: System.Security.Cryptography.CryptographicException - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{7F7A4577-8FC3-141E-DD31-1321B4A6F2FC} [2015-06-25]
FF Extension: Flash and Video Download - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-09-21]
FF Extension: Default Full Zoom Level - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2015-05-29]
FF Extension: YouTube Flash Video Player - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898} [2015-09-05]
FF Extension: Roomy Bookmarks Toolbar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\ALone-live@ya.ru.xpi [2015-02-08]
FF Extension: Add to Amazon Wish List Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\amznUWL2@amazon.com.xpi [2015-02-08]
FF Extension: DownThemAll! AntiContainer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\anticontainer@downthemall.net.xpi [2015-02-08]
FF Extension: Bookmark Favicon Changer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2015-02-08]
FF Extension: Color Transform - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\colortransform@pjs.nl.xpi [2015-02-08]
FF Extension: Colour That Site! - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\ColourThatSite@einspeiser.de.xpi [2015-04-07]
FF Extension: Media Hint - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\firefox@mediahint.com.xpi [2015-03-21]
FF Extension: Email This! Bookmarklet Extension - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\gmailthis@lazyrussian.com.xpi [2015-06-04]
FF Extension: savetexttofile - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-02-08]
FF Extension: YouTube mp3 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\info@youtube-mp3.org.xpi [2015-05-14]
FF Extension: One Click Proxy - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-05-12]
FF Extension: Lazarus: Form Recovery - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\lazarus@interclue.com.xpi [2015-02-13]
FF Extension: Live Edit - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\lonely@hamzeen.xpi [2015-05-12]
FF Extension: MD5 Reborned Hasher - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\md5rehasher@phoneixs.es.xpi [2015-05-12]
FF Extension: Multifox - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\multifox@hultmann.xpi [2015-02-08]
FF Extension: Multiple Tab Handler - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\multipletab@piro.sakura.ne.jp.xpi [2015-05-09]
FF Extension: NoSquint - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\nosquint@urandom.ca.xpi [2015-02-08]
FF Extension: Print Edit - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\printedit@DW-dev.xpi [2015-02-08]
FF Extension: MetisMe - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\product@metisme.com.xpi [2015-02-08]
FF Extension: Restart - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\Restart@schuzak.jp.xpi [2015-02-13]
FF Extension: Roomy Bookmarks Toolbar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\roomy_bookmarks_toolbar-1.4.4-sm.xpi [2015-02-08]
FF Extension: Screen Draw - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\screendraw@grizzlyape.com.xpi [2015-05-12]
FF Extension: Auto-Sort Bookmarks - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\sortbookmarks@bouanto.xpi [2015-02-08]
FF Extension: Status-4-Evar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\status4evar@caligonstudios.com.xpi [2015-02-08]
FF Extension: StopTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\stoptube@kashiif.com.xpi [2015-02-08]
FF Extension: Google Translator for Firefox - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\translator@zoli.bod.xpi [2015-02-08]
FF Extension: Resurrect Pages - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2015-02-08]
FF Extension: Session Manager - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-02-08]
FF Extension: FlashGot - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-06-29]
FF Extension: Print/Print Preview - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2015-02-08]
FF Extension: uBlock - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-06-18]
FF Extension: CacheViewer Continued - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi [2015-02-08]
FF Extension: PDF Download - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2015-02-08]
FF Extension: Download Videos From YouTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{3ED8ADFD-E755-4aea-986B-A3828315DB53}.xpi [2015-06-22]
FF Extension: Text Link - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2015-02-08]
FF Extension: Mozilla Archive Format - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2015-02-08]
FF Extension: Search by Image for Google - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-02-08]
FF Extension: Password Exporter - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-02-08]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-06-22]
FF Extension: DownThemAll! - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-02-08]
FF Extension: Internote - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{e3631030-7c02-11da-a72b-0800200c9a66}.xpi [2015-02-08]
FF Extension: Greasemonkey - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-02-08]
FF Extension: QuickJava - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-02-08]
FF Extension: UnMHT - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2015-07-08]
FF Extension: YouTube Flash Video Player - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898} [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\colortransform@pjs.nl.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\ColourThatSite@einspeiser.de.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\info@youtube-mp3.org.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\multifox@hultmann.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\sortbookmarks@bouanto.xpi [2015-09-27]
FF Extension: StopTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\stoptube@kashiif.com.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2015-09-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-09-26]

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-07]
CHR Extension: (Media Hint) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akipcefbjlmpbcejgdaopmmidpnjlhnb [2015-09-07]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-07]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-07]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-07]
CHR Extension: (uBlock Origin) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-09-20]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-07]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-09-07]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-07]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-07]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
CHR HKU\S-1-5-21-2273160904-4274275969-784373220-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
 
==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-02-18] (Broadcom Corporation.)
S3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-26] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-25] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO)
R2 CPMService; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [116032 2011-09-05] ()
R2 Crypkey License; C:\Windows\SYSTEM32\crypserv.exe [122880 2015-02-20] (CrypKey (Canada) Ltd.) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-03-02] (Disc Soft Ltd)
S3 DroidExplorerService; C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [255488 2015-03-09] (Ryan Conrad) [File not signed]
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37384 2015-02-26] (CHENGDU YIWO Tech Development Co., Ltd)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-07-06] (NVIDIA Corporation)
R2 lxbk_device; C:\WINDOWS\system32\lxbkcoms.exe [565928 2015-09-23] ( )
R2 lxbk_device; C:\WINDOWS\SysWOW64\lxbkcoms.exe [537256 2015-09-23] ( )
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-09-01] (Malwarebytes Corporation)
S3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-07-06] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-07-06] (NVIDIA Corporation)
S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-02-08] (TeamViewer GmbH)
S3 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-03-31] (TechSmith Corporation) [File not signed]
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2015-09-26] (TuneUp Software)
S4 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [34752 2015-04-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-01-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-01-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2015-02-08] (Wondershare)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-02-18] (Broadcom Corporation.)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-11-21] (Microsoft Corporation)
S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2015-02-15] (CSR, plc)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-11-21] (Microsoft Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2015-02-18] (Cambridge Silicon Radio Limited)
R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-02] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 eksmidi; C:\Windows\system32\drivers\eksmidi.sys [101472 2015-02-09] (EKS)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2015-02-08] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2015-02-17] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48136 2015-02-26] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2015-02-17] ()
R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO)
S3 MADFUPROKEYSSONO; C:\Windows\System32\drivers\MAudioProKeysSono_DFU.sys [46088 2015-02-15] (M-Audio)
S3 MAUSBPROKEYSSONO; C:\Windows\system32\DRIVERS\MAudioProKeysSono.sys [187912 2015-02-15] (Avid Technology, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-09-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-09-01] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2015-02-20] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-15] (NVIDIA Corporation)
S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [1299384 2015-02-08] (PassMark Software)
R0 phylock; C:\Windows\System32\drivers\phylock.sys [34864 2015-07-26] (TeraByte, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2015-02-18] (Resplendence Software Projects Sp.)
R3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2015-02-22] (The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-08] (Acronis International GmbH)
S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-02-08] (Acronis)
S3 TosRfSnd; C:\Windows\system32\drivers\tosrfsnd.sys [63488 2015-02-13] (TOSHIBA Corporation) [File not signed]
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2015-05-23] (Oracle Corporation)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [130848 2015-02-08] (Acronis International GmbH)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2015-01-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [258368 2015-01-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-01-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-27 03:30 - 2015-09-27 03:30 - 02192384 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2015-09-26 20:17 - 2015-09-26 20:17 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-09-26 20:17 - 2015-09-26 20:17 - 00002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-09-26 20:08 - 2015-09-26 20:09 - 00000747 _____ C:\WINDOWS\KB893803v2.log
2015-09-26 16:44 - 2015-09-26 16:44 - 00002900 _____ C:\Users\Administrator\Desktop\JRT.txt
2015-09-26 15:27 - 2015-09-26 15:27 - 00003292 _____ C:\WINDOWS\System32\Tasks\Restart Snagit
2015-09-26 15:22 - 2015-09-26 15:22 - 00003820 _____ C:\WINDOWS\System32\Tasks\TechSmith Updater
2015-09-26 15:19 - 2015-09-26 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-09-26 15:03 - 2015-09-26 15:03 - 00001389 _____ C:\Users\Administrator\Desktop\AdwCleaner[C3].txt
2015-09-26 13:28 - 2015-09-26 13:28 - 00002736 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-09-26 13:23 - 2015-09-26 13:23 - 00000000 ____D C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win
2015-09-26 13:22 - 2015-09-26 13:22 - 11616432 _____ C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe
2015-09-26 13:20 - 2015-09-26 13:20 - 00000000 ____D C:\Users\Administrator\Downloads\YTDSetup
2015-09-26 13:17 - 2015-09-26 13:17 - 00113560 _____ (GreenTree Applications SRL) C:\Users\Administrator\Downloads\YTDSetup(1).exe
2015-09-26 13:16 - 2015-09-26 13:16 - 00113560 _____ (GreenTree Applications SRL) C:\Users\Administrator\Downloads\YTDSetup.exe
2015-09-26 12:39 - 2015-09-26 12:39 - 00001516 _____ C:\Users\Administrator\Desktop\MWB Scan.txt
2015-09-26 03:16 - 2015-09-26 03:16 - 00002918 _____ C:\Users\Administrator\Desktop\Rogue killer report rk_42D6.tmp.txt
2015-09-26 02:09 - 2015-09-26 02:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-09-26 02:06 - 2015-09-26 02:07 - 24702920 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup(1).exe
2015-09-26 01:10 - 2015-09-26 01:10 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2015-09-26 01:10 - 2013-12-18 10:01 - 00040760 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2015-09-26 01:10 - 2013-12-18 10:01 - 00029496 _____ (TuneUp Software) C:\WINDOWS\system32\authuitu.dll
2015-09-26 01:10 - 2013-12-18 10:01 - 00025400 _____ (TuneUp Software) C:\WINDOWS\SysWOW64\authuitu.dll
2015-09-26 01:09 - 2015-09-26 01:45 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2015-09-26 00:57 - 2015-09-26 00:57 - 18801736 _____ C:\Users\Administrator\Downloads\RogueKiller(1).exe
2015-09-26 00:56 - 2015-09-26 00:57 - 21700168 _____ C:\Users\Administrator\Downloads\RogueKillerX64.exe
2015-09-25 21:23 - 2015-09-25 21:24 - 00000000 ____D C:\Users\Administrator\Downloads\12337 WS
2015-09-25 21:06 - 2015-09-25 21:31 - 00000000 ____D C:\Users\Administrator\Downloads\12337 Go
2015-09-25 19:32 - 2015-09-25 21:31 - 00000000 ____D C:\Users\Administrator\Downloads\12337 Adv
2015-09-25 18:47 - 2015-09-25 18:47 - 00311432 _____ C:\Users\Administrator\Downloads\JDownloader2Setup(2).exe
2015-09-25 18:46 - 2015-09-25 18:46 - 00351304 _____ C:\Users\Administrator\Downloads\JDownloader2Setup(1).exe
2015-09-25 18:42 - 2015-09-25 18:42 - 00342184 _____ C:\Users\Administrator\Downloads\JDownloader2Setup.exe
2015-09-25 18:35 - 2015-09-25 18:39 - 209715200 _____ C:\Users\Administrator\Downloads\12337_Adv.part2.rar
2015-09-25 18:30 - 2015-09-25 18:35 - 209715200 _____ C:\Users\Administrator\Downloads\12337_Adv.part1.rar
2015-09-24 14:10 - 2015-09-24 14:10 - 00042094 _____ C:\Users\Administrator\Downloads\net.pikanji.recentlyaddedcontacts-0.apk
2015-09-23 04:56 - 2015-09-23 05:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark X1100 Series
2015-09-23 04:56 - 2015-09-23 04:56 - 00537256 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcoms.exe
2015-09-23 04:56 - 2015-09-23 04:56 - 00385704 _____ ( ) C:\WINDOWS\SysWOW64\lxbkih.exe
2015-09-23 04:56 - 2015-09-23 04:56 - 00381608 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcfg.exe
2015-09-23 04:56 - 2015-09-23 04:56 - 00180904 _____ ( ) C:\WINDOWS\SysWOW64\lxbkppls.exe
2015-09-23 04:56 - 2015-09-23 04:56 - 00000000 ____D C:\Program Files\Lexmark X1100 Series
2015-09-23 04:56 - 2015-09-23 04:56 - 00000000 ____D C:\Program Files (x86)\Lexmark X1100 Series
2015-09-23 04:56 - 2008-02-19 09:04 - 00001525 _____ C:\WINDOWS\SysWOW64\lxbk.loc
2015-09-23 04:56 - 2006-11-30 16:02 - 00072192 _____ (Lexmark International, Inc.) C:\WINDOWS\system32\lxbkinsr.dll
2015-09-23 04:56 - 2006-11-30 15:47 - 00177664 _____ (Lexmark International, Inc.) C:\WINDOWS\system32\lxbkins.dll
2015-09-23 04:56 - 2006-11-30 15:47 - 00135168 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkinsb.dll
2015-09-23 04:56 - 2006-11-30 13:42 - 00458752 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkjswr.dll
2015-09-23 04:56 - 2006-11-30 13:42 - 00094208 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkcur.dll
2015-09-23 04:56 - 2006-11-30 13:42 - 00086016 _____ (Lexmark International, Inc.) C:\WINDOWS\SysWOW64\lxbkinsr.dll
2015-09-23 04:56 - 2006-11-30 13:35 - 00155648 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkinsb.dll
2015-09-23 04:56 - 2006-11-30 13:35 - 00131072 _____ (Lexmark International, Inc.) C:\WINDOWS\SysWOW64\lxbkins.dll
2015-09-23 04:56 - 2006-11-30 13:34 - 00413696 _____ C:\WINDOWS\SysWOW64\lxbkutil.dll
2015-09-23 04:56 - 2006-11-30 13:34 - 00073728 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkcu.dll
2015-09-23 04:56 - 2006-11-09 20:28 - 00073728 _____ (Lexmark International) C:\WINDOWS\SysWOW64\LXBKcfg.dll
2015-09-23 04:56 - 2006-11-06 17:32 - 00194048 _____ C:\WINDOWS\system32\LXBKinst.dll
2015-09-23 04:56 - 2006-11-06 17:05 - 00305152 _____ ( ) C:\WINDOWS\system32\LXBKhcp.dll
2015-09-23 04:56 - 2006-11-06 16:37 - 00643072 _____ ( ) C:\WINDOWS\SysWOW64\lxbkpmui.dll
2015-09-23 04:56 - 2006-11-06 16:35 - 01224704 _____ ( ) C:\WINDOWS\SysWOW64\lxbkserv.dll
2015-09-23 04:56 - 2006-11-06 16:28 - 00421888 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcomm.dll
2015-09-23 04:56 - 2006-11-06 16:26 - 00585728 _____ ( ) C:\WINDOWS\SysWOW64\lxbklmpm.dll
2015-09-23 04:56 - 2006-11-06 16:25 - 00274432 _____ C:\WINDOWS\SysWOW64\LXBKinst.dll
2015-09-23 04:56 - 2006-11-06 16:24 - 00397312 _____ ( ) C:\WINDOWS\SysWOW64\lxbkiesc.dll
2015-09-23 04:56 - 2006-11-06 16:21 - 00094208 _____ ( ) C:\WINDOWS\SysWOW64\lxbkpplc.dll
2015-09-23 04:56 - 2006-11-06 16:20 - 00684032 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcomc.dll
2015-09-23 04:56 - 2006-11-06 16:20 - 00163840 _____ ( ) C:\WINDOWS\SysWOW64\lxbkprox.dll
2015-09-23 04:56 - 2006-11-06 16:12 - 00413696 _____ ( ) C:\WINDOWS\SysWOW64\lxbkinpa.dll
2015-09-23 04:56 - 2006-11-06 16:11 - 00991232 _____ ( ) C:\WINDOWS\SysWOW64\lxbkusb1.dll
2015-09-23 04:56 - 2006-11-06 16:07 - 00696320 _____ ( ) C:\WINDOWS\SysWOW64\lxbkhbn3.dll
2015-09-23 04:56 - 2006-09-18 11:23 - 00983101 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lxbkgf.dll
2015-09-23 04:07 - 2015-09-23 04:48 - 00003190 _____ C:\lxbk.log
2015-09-23 03:57 - 2015-09-23 03:59 - 1712016608 _____ C:\Users\Administrator\Downloads\Cometrep2015.tiff
2015-09-23 03:41 - 2015-09-23 03:41 - 38808920 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\FileFormatConverters.exe
2015-09-22 23:54 - 2015-09-22 23:54 - 01800512 _____ (Malwarebytes) C:\Users\Administrator\Downloads\JRT(1).exe
2015-09-22 23:54 - 2015-09-22 23:54 - 01662976 _____ C:\Users\Administrator\Downloads\adwcleaner_5.008.exe
2015-09-19 01:16 - 2015-09-19 01:18 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-09-16 22:05 - 2015-09-16 22:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sun
2015-09-16 22:05 - 2015-09-16 22:05 - 00000000 ____D C:\Users\Administrator\.oracle_jre_usage
2015-09-16 22:02 - 2015-09-16 22:02 - 00584288 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jxpiinstall.exe
2015-09-07 04:11 - 2015-09-07 04:11 - 00929360 _____ (Google Inc.) C:\Users\Administrator\Downloads\ChromeSetup(1).exe
2015-09-06 00:47 - 2015-09-06 00:47 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-02 21:32 - 2015-09-02 21:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2015-09-02 21:32 - 2015-09-02 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-09-02 21:31 - 2015-09-27 03:31 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-09-02 21:27 - 2015-09-02 21:32 - 00000000 ____D C:\ProgramData\Comodo
2015-09-02 20:46 - 2015-09-02 20:49 - 226558984 _____ (COMODO) C:\Users\Administrator\Downloads\cispremium_installer.exe
2015-09-02 19:21 - 2015-09-27 01:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-02 00:44 - 2015-09-02 00:44 - 01654272 _____ C:\Users\Administrator\Downloads\adwcleaner_5.005.exe
2015-09-01 23:01 - 2015-09-01 23:01 - 01057320 _____ C:\Users\Administrator\Desktop\Sept 2015 Complete Config Working.cfgx
2015-09-01 20:28 - 2015-08-05 02:32 - 00007471 _____ C:\WINDOWS\system32\Drivers\inspect.cat
2015-09-01 20:09 - 2015-09-01 20:09 - 00003028 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2015-09-01 18:18 - 2015-09-01 18:44 - 00127955 _____ C:\zoek-results.log
2015-09-01 17:55 - 2015-09-01 17:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2015-09-01 17:52 - 2015-09-26 02:09 - 00037624 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-01 17:52 - 2015-09-01 19:17 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-01 17:51 - 2015-09-26 02:09 - 00000000 ____D C:\Program Files\RogueKiller
2015-09-01 17:51 - 2015-09-01 17:51 - 03824464 _____ (AVAST Software) C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe
2015-09-01 17:50 - 2015-09-01 17:51 - 24659208 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup.exe
2015-09-01 17:50 - 2015-09-01 17:50 - 00000000 ____D C:\zoek_backup
2015-09-01 16:05 - 2015-09-01 16:05 - 00000000 ____D C:\Program Files (x86)\JMicron
2015-09-01 16:04 - 2015-09-01 16:04 - 00000000 ____D C:\WINDOWS\SysWOW64\SDA
2015-09-01 15:49 - 2015-09-01 15:49 - 00203352 _____ (JMicron Technology Corporation) C:\WINDOWS\SysWOW64\jmcricon.dll
2015-09-01 15:49 - 2015-09-01 15:49 - 00203352 _____ (JMicron Technology Corporation) C:\WINDOWS\system32\jmcricon.dll
2015-09-01 15:49 - 2015-09-01 15:49 - 00174168 _____ (JMicron Technology Corporation) C:\WINDOWS\system32\Drivers\jmcr.sys
2015-09-01 15:47 - 2015-09-01 15:48 - 01061384 _____ (Lenovo Group Limited ) C:\Users\Administrator\Downloads\6jx107ww.exe
2015-09-01 15:46 - 2015-09-01 15:46 - 00826369 _____ C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip
2015-09-01 06:17 - 2015-09-01 06:17 - 00000000 ____D C:\WINDOWS\pss
2015-09-01 05:31 - 2015-09-01 05:32 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-09-01 05:31 - 2015-09-01 05:31 - 29593968 _____ (Sony Mobile Communications ) C:\Users\Administrator\Downloads\SonyPCCompanion_Web.exe
2015-09-01 05:29 - 2015-09-01 05:29 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-31 18:26 - 2015-08-31 18:26 - 51076312 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.27.exe
2015-08-31 17:37 - 2015-08-31 16:55 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-31 17:35 - 2015-08-31 17:35 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper-V Management Tools
2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files\MSBuild
2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files\Hyper-V
2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-31 17:31 - 2015-08-31 17:31 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-08-31 17:31 - 2015-08-31 17:31 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-08-31 17:31 - 2015-08-31 05:58 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-31 17:31 - 2015-08-31 05:57 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-31 17:31 - 2015-02-08 03:38 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-31 17:31 - 2015-02-08 03:38 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-31 17:31 - 2015-02-08 03:34 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-31 17:31 - 2015-02-08 03:33 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-31 17:30 - 2015-08-31 17:30 - 00028672 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
2015-08-31 16:56 - 2015-08-31 16:56 - 00001453 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-31 16:55 - 2015-08-31 16:55 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2015-08-31 16:53 - 2015-08-31 16:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_tcwbf_01_09_00.Wdf
2015-08-31 16:53 - 2015-08-31 16:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2015-08-31 16:53 - 2015-08-31 16:53 - 00000000 ____D C:\Program Files\AuthenTec
2015-08-31 08:35 - 2015-09-27 00:52 - 01130480 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-31 08:34 - 2015-08-31 08:34 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-08-31 08:08 - 2015-08-31 08:08 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-31 08:08 - 2015-08-31 08:08 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-08-31 08:08 - 2015-08-31 08:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-08-31 07:53 - 2015-08-31 08:10 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-08-31 07:50 - 2015-08-31 08:34 - 00036198 _____ C:\WINDOWS\diagwrn.xml
2015-08-31 07:50 - 2015-08-31 08:34 - 00036198 _____ C:\WINDOWS\diagerr.xml
2015-08-31 07:50 - 2015-08-31 08:30 - 00000000 ____D C:\Users\dale
2015-08-31 07:50 - 2015-01-16 22:48 - 00000000 ___RD C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-31 07:50 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-31 07:50 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-31 07:50 - 2014-11-21 09:48 - 00000369 _____ C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-31 07:50 - 2014-11-21 09:48 - 00000369 _____ C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-31 07:50 - 2013-08-22 17:36 - 00000000 ____D C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-31 07:49 - 2015-09-26 14:59 - 00000000 ____D C:\Users\Administrator
2015-08-31 07:49 - 2015-01-16 22:48 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-31 07:49 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-31 07:49 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-31 07:49 - 2014-11-21 09:48 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-31 07:49 - 2014-11-21 09:48 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-31 07:49 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-31 07:40 - 2015-09-19 01:18 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-08-31 07:40 - 2015-08-31 07:40 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-08-31 07:40 - 2015-08-31 07:40 - 00000000 ____D C:\Program Files\Realtek
2015-08-31 06:12 - 2015-08-31 08:34 - 00006604 _____ C:\WINDOWS\comsetup.log
2015-08-30 09:57 - 2015-08-30 09:58 - 00087701 _____ C:\Users\Administrator\Downloads\Addition.txt
2015-08-30 09:54 - 2015-09-27 03:31 - 00040027 _____ C:\Users\Administrator\Downloads\FRST.txt
2015-08-29 23:46 - 2015-08-29 23:46 - 00407813 _____ C:\Users\Administrator\Downloads\B00TFORUM8.htm
2015-08-29 23:17 - 2015-09-27 03:31 - 00000000 ____D C:\FRST
 
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-27 03:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-27 02:43 - 2015-02-08 16:09 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-27 02:17 - 2015-02-08 16:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2015-09-27 01:59 - 2015-02-08 14:08 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2273160904-4274275969-784373220-500
2015-09-27 01:40 - 2015-07-28 08:49 - 00000000 ____D C:\Users\Administrator\Desktop\Cayman 2015
2015-09-27 00:42 - 2013-08-22 16:46 - 00461985 _____ C:\WINDOWS\setupact.log
2015-09-26 20:45 - 2015-02-18 17:53 - 00022196 _____ C:\WINDOWS\error.log
2015-09-26 20:45 - 2015-02-08 16:09 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-26 20:45 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-26 20:45 - 2013-08-22 16:44 - 00538864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-26 20:44 - 2015-02-18 17:53 - 00006413 _____ C:\WINDOWS\errord.log
2015-09-26 20:44 - 2015-02-08 14:12 - 00000012 _____ C:\WINDOWS\CUAppUsage.Dat
2015-09-26 20:44 - 2014-11-21 09:29 - 00046038 _____ C:\WINDOWS\PFRO.log
2015-09-26 20:43 - 2015-02-08 17:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2015-09-26 20:35 - 2015-07-04 00:08 - 00233984 ___SH C:\Users\Administrator\Desktop\Thumbs.db
2015-09-26 20:24 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OFFICE SOFTWARE
2015-09-26 20:23 - 2015-02-08 16:22 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-09-26 20:17 - 2012-09-23 20:43 - 00055432 _____ (Adobe Systems Inc) C:\WINDOWS\system32\AdobePDF.dll
2015-09-26 20:17 - 2012-09-23 20:43 - 00026768 _____ (Adobe Systems Inc.) C:\WINDOWS\system32\AdobePDFUI.dll
2015-09-26 20:14 - 2015-02-08 16:20 - 00000000 ____D C:\ProgramData\Adobe
2015-09-26 20:14 - 2015-02-08 16:20 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-09-26 18:56 - 2015-02-08 13:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2015-09-26 15:08 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SECURITY
2015-09-26 14:59 - 2015-07-06 13:39 - 00000000 ____D C:\AdwCleaner
2015-09-26 13:28 - 2014-03-25 22:36 - 00000000 ___HD C:\VTRoot
2015-09-26 12:26 - 2015-06-28 03:59 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-26 04:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Web
2015-09-26 01:35 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-26 01:21 - 2015-02-08 16:45 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-09-26 00:55 - 2015-02-26 16:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mp3tag
2015-09-26 00:28 - 2014-11-21 09:38 - 01176620 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-25 21:41 - 2015-02-08 22:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\JDownloader 2.0
2015-09-25 21:11 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DOWNLOADING GENERAL
2015-09-25 14:49 - 2015-02-08 15:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2015-09-23 05:11 - 2015-07-08 13:30 - 00513536 ___SH C:\Users\Administrator\Downloads\Thumbs.db
2015-09-23 05:08 - 2015-02-09 02:01 - 00000232 _____ C:\WINDOWS\Lexstat.ini
2015-09-23 04:57 - 2015-02-09 01:59 - 00003863 _____ C:\WINDOWS\system32\LexFiles.ulf
2015-09-23 04:56 - 2015-02-09 02:01 - 00233128 _____ ( ) C:\WINDOWS\system32\lxbkih.exe
2015-09-23 04:56 - 2007-02-28 13:59 - 00358400 _____ (Lexmark International, Inc.) C:\WINDOWS\system32\lxbkdrs.dll
2015-09-23 04:56 - 2005-09-13 16:27 - 00054784 _____ C:\WINDOWS\system32\lxbkcnv4.dll
2015-09-23 04:55 - 2015-02-09 02:01 - 00565928 _____ ( ) C:\WINDOWS\system32\lxbkcoms.exe
2015-09-23 04:55 - 2015-02-09 02:01 - 00235688 _____ ( ) C:\WINDOWS\system32\lxbkcfg.exe
2015-09-23 04:54 - 2015-02-09 02:01 - 01417728 _____ ( ) C:\WINDOWS\system32\lxbkserv.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 01099264 _____ ( ) C:\WINDOWS\system32\lxbkusb1.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00695808 _____ ( ) C:\WINDOWS\system32\lxbkcomc.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00659456 _____ ( ) C:\WINDOWS\system32\lxbkhbn3.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00567808 _____ C:\WINDOWS\system32\lxbkutil.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00487424 _____ ( ) C:\WINDOWS\system32\lxbklmpm.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00443392 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkjswr.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00417792 _____ C:\WINDOWS\system32\lxbkcoin.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00409600 _____ ( ) C:\WINDOWS\system32\lxbkpmui.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00249856 _____ ( ) C:\WINDOWS\system32\lxbkcomm.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00238592 _____ ( ) C:\WINDOWS\system32\lxbkinpa.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00226816 _____ ( ) C:\WINDOWS\system32\lxbkiesc.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00109056 _____ () C:\WINDOWS\system32\lxbkvs.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00079360 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkcu.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00077824 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkcur.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00062464 _____ (Lexmark International) C:\WINDOWS\system32\lxbkcfg.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00035328 _____ ( ) C:\WINDOWS\system32\lxbkprox.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00010752 _____ ( ) C:\WINDOWS\system32\lxbkpplc.dll
2015-09-23 04:02 - 2014-11-21 10:12 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiafbdrv.dll
2015-09-23 04:02 - 2014-11-21 10:12 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
2015-09-23 04:00 - 2015-02-08 23:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Audacity
2015-09-23 03:47 - 2015-04-01 13:09 - 00000000 ____D C:\Users\Administrator\Documents\My PSP Files
2015-09-23 03:09 - 2015-02-08 16:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2015-09-23 03:03 - 2015-05-05 20:29 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-09-23 03:03 - 2015-05-05 20:29 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-09-23 02:13 - 2013-08-22 16:46 - 00001571 _____ C:\WINDOWS\setuperr.log
2015-09-22 23:19 - 2015-04-17 21:38 - 00000000 ____D C:\Users\Administrator\dwhelper
2015-09-22 23:03 - 2015-02-11 04:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2015-09-17 00:20 - 2015-02-08 16:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2015-09-16 22:28 - 2015-04-24 13:05 - 00000000 ____D C:\ProgramData\Oracle
2015-09-16 22:07 - 2015-04-24 13:04 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-16 22:06 - 2015-04-24 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-16 22:04 - 2015-04-24 13:06 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-09-16 09:38 - 2015-02-08 16:09 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 09:38 - 2015-02-08 16:09 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 07:06 - 2015-02-08 15:31 - 00003112 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2273160904-4274275969-784373220-500
2015-09-15 07:06 - 2015-02-08 15:31 - 00000000 ___RD C:\Users\Administrator\OneDrive
2015-09-09 20:48 - 2015-04-11 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-07 17:48 - 2015-02-08 16:56 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-09-06 00:47 - 2015-07-11 23:52 - 00095744 ____N C:\WINDOWS\Minidump\090615-25765-01.dmp
2015-09-03 13:52 - 2015-08-05 01:29 - 00579408 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-09-03 13:52 - 2015-08-05 01:29 - 00445472 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-09-02 21:31 - 2015-02-08 13:25 - 00000000 ____D C:\Program Files\COMODO
2015-09-01 21:36 - 2011-05-18 08:08 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dc3d.sys
2015-09-01 21:35 - 2015-05-21 00:10 - 02317104 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin97itp.dll
2015-09-01 21:34 - 2015-05-21 00:07 - 02317104 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin97ip.dll
2015-09-01 06:45 - 2015-02-08 16:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-01 06:24 - 2015-02-09 19:04 - 00164034 _____ C:\WINDOWS\DPINST.LOG
2015-09-01 05:34 - 2015-06-28 03:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-01 05:33 - 2015-06-28 03:59 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-01 05:33 - 2015-06-28 03:59 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-01 05:33 - 2015-06-28 03:59 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-31 18:27 - 2015-02-08 05:13 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-31 17:36 - 2013-08-22 17:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-08-31 17:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\restore
2015-08-31 17:32 - 2013-08-22 12:35 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll
2015-08-31 17:32 - 2013-08-22 10:25 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe
2015-08-31 17:32 - 2013-08-22 09:35 - 00144967 _____ C:\WINDOWS\system32\virtmgmt.msc
2015-08-31 17:03 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-31 16:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-31 16:42 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-31 09:38 - 2015-07-17 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-31 08:38 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-31 08:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Registration
2015-08-31 08:32 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
2015-08-31 08:32 - 2013-08-22 17:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-31 08:11 - 2015-06-25 00:40 - 00000000 ____D C:\WINDOWS\system32\RightClickFiles
2015-08-31 08:11 - 2014-11-21 09:18 - 00000000 ____D C:\WINDOWS\ShellNew
2015-08-31 08:10 - 2015-07-31 03:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSR BlueSuite 2.5.0
2015-08-31 08:10 - 2015-07-26 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-31 08:10 - 2015-07-10 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-31 08:10 - 2015-07-09 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toontrack
2015-08-31 08:10 - 2015-07-06 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-31 08:10 - 2015-07-06 01:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2015-08-31 08:10 - 2015-07-06 01:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Droid Explorer
2015-08-31 08:10 - 2015-07-04 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-31 08:10 - 2015-07-04 15:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio
2015-08-31 08:10 - 2015-06-28 02:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hit'n'Mix
2015-08-31 08:10 - 2015-05-27 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkAdapted
2015-08-31 08:10 - 2015-05-19 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 12
2015-08-31 08:10 - 2015-04-30 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
2015-08-31 08:10 - 2015-04-19 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite
2015-08-31 08:10 - 2015-04-06 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale 2012
2015-08-31 08:10 - 2015-04-01 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
2015-08-31 08:10 - 2015-03-31 12:31 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2015-08-31 08:10 - 2015-03-14 19:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer
2015-08-31 08:10 - 2015-03-01 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chainer
2015-08-31 08:10 - 2015-02-26 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Advanced Server 7.5
2015-08-31 08:10 - 2015-02-24 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ File Recovery Professional
2015-08-31 08:10 - 2015-02-08 22:28 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BROWSING
2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SYSTEM INTERNALS
2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PERFORMANCE & OVERCLOCKING
2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OTHER
2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AUDIO
2015-08-31 08:10 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIDEO
2015-08-31 08:10 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MUSIC DOWNLOADING
2015-08-31 08:10 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANDROID
2015-08-31 08:08 - 2013-08-22 17:37 - 00005217 _____ C:\WINDOWS\DtcInstall.log
2015-08-31 08:08 - 2013-08-22 15:36 - 00000000 __RHD C:\Users\Default
2015-08-31 08:08 - 2013-08-22 15:36 - 00000000 ____D C:\Users\Default.migrated
2015-08-31 08:07 - 2014-11-21 08:54 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-08-31 08:07 - 2014-11-21 08:54 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-08-31 08:07 - 2014-11-21 08:54 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-08-31 08:07 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-08-31 08:06 - 2015-02-13 05:16 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-08-31 08:05 - 2015-07-25 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraByte Unlimited
2015-08-31 08:05 - 2015-07-25 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2015-08-31 08:05 - 2015-07-01 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeldaProduction
2015-08-31 08:05 - 2015-06-24 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILE
2015-08-31 08:05 - 2015-06-20 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cycling '74
2015-08-31 08:05 - 2015-05-18 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-08-31 08:05 - 2015-03-21 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHint
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WINDOWS CUSTOMISATION
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIRTUALISATION
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIDEO DOWNLOADING
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SYNCHRONISATION
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MUSIC SOFTWARE
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILE MANAGEMENT
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEVICE DRIVERS AND SUITES
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLOUD
2015-08-31 08:05 - 2013-08-22 17:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\InputMethod
2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Help
2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\FileManager
2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\WindowsPowerShell
2015-08-31 08:04 - 2015-02-09 01:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\WindowsPowerShell
2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-31 07:53 - 2015-02-08 05:15 - 00000000 ____D C:\Users\dale\AppData\Local\Packages
2015-08-31 07:53 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-31 07:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-08-31 07:52 - 2015-06-29 18:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XLN Audio
2015-08-31 07:52 - 2015-06-27 01:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4Front
2015-08-31 07:52 - 2015-02-09 00:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\STREAMING
2015-08-31 07:52 - 2015-02-09 00:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LINGUISTICS
2015-08-31 07:52 - 2015-02-09 00:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NETWORKING AND TOOLS
2015-08-31 07:52 - 2015-02-08 22:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DOCUMENT CONVERSION
2015-08-31 07:52 - 2015-02-08 22:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WINDOWS INTERACTION
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB BROWSING
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEDIA PLAYERS
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MUSIC MANAGEMENT
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\INSTALLATION MANAGEMENT
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD TOOLS
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GRAPHIC DESIGN
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CODING
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BACKUP
2015-08-31 07:52 - 2015-02-08 13:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2015-08-31 07:43 - 2014-03-18 08:25 - 00000000 __SHD C:\Recovery
2015-08-31 07:43 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-31 06:27 - 2015-02-08 05:14 - 01709067 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-08-31 06:22 - 2014-03-18 09:21 - 00008192 __RSH C:\BOOTSECT.BAK
2015-08-31 02:01 - 2015-07-31 11:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
2015-08-31 02:01 - 2015-07-31 11:50 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2015-08-31 01:12 - 2015-02-08 14:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-31 00:58 - 2015-04-01 13:11 - 00000000 ____D C:\ProgramData\InstallShield
2015-08-31 00:57 - 2015-08-05 22:33 - 00000000 ____D C:\Program Files\Common Files\EPSON
2015-08-31 00:57 - 2015-08-05 22:27 - 00000000 ____D C:\ProgramData\EPSON
2015-08-31 00:56 - 2014-03-18 03:24 - 00000000 __RHD C:\MSOCache
2015-08-30 09:55 - 2015-07-08 21:32 - 00014046 _____ C:\Users\Administrator\Desktop\hijackthis.log
2015-08-29 22:09 - 2015-08-14 17:55 - 00000000 ____D C:\Program Files (x86)\EPSON
2015-08-29 22:03 - 2015-08-14 17:51 - 00000000 ____D C:\Program Files (x86)\EPSON Software

==================== Files in the root of some directories =======

2015-02-13 17:09 - 2015-02-13 17:19 - 1289216 _____ () C:\Program Files (x86)\JumplistLauncher.exe
2015-02-13 17:20 - 2015-06-29 12:26 - 0005256 _____ () C:\Program Files (x86)\settings.dat
2015-05-27 21:38 - 2015-05-27 21:45 - 0000539 _____ () C:\Users\Administrator\AppData\Roaming\DarkAdapted Preferences
2015-02-08 23:42 - 2015-02-08 23:42 - 0118724 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS
2015-02-08 23:42 - 2015-02-08 23:42 - 0000318 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part
2015-06-12 16:27 - 2015-06-12 16:27 - 0003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 10:43 - 2015-02-12 10:43 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.1.02.agreement
2015-02-17 20:38 - 2015-02-17 20:38 - 0000055 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.dir
2015-02-12 10:47 - 2015-07-25 18:40 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.filterindex
2015-02-12 10:44 - 2015-07-25 18:39 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.sourcedisk.index
2015-08-31 07:40 - 2015-08-31 07:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-05 18:14 - 2015-05-05 18:14 - 0010295 _____ () C:\ProgramData\regid.2011-06.com.youtubebyclick_3C521B99-9ACE-47EA-AC9F-26075467D03B.swidtag
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/26/2015 07:52:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (09/27/2015 12:05:06 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (09/26/2015 08:46:34 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with the following service-specific error:
%%2147944153

Error: (09/26/2015 08:45:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (09/26/2015 07:51:47 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with the following service-specific error:
%%2147944153

Error: (09/26/2015 07:50:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (09/26/2015 05:56:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with the following service-specific error:
%%2147944153

Error: (09/26/2015 05:55:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (09/26/2015 04:49:47 PM) (Source: DCOM) (EventID: 10010) (User: Dales-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/26/2015 04:00:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/26/2015 04:00:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Virtual Disk service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2015-09-27 02:35:39.886
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-27 01:52:17.098
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 23:32:09.948
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 20:49:28.476
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 19:57:14.380
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 18:06:48.740
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 17:59:16.302
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 16:53:39.802
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 16:19:41.017
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 15:43:30.298
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 59%
Total physical RAM: 2936.88 MB
Available physical RAM: 1198.14 MB
Total Virtual: 5880.88 MB
Available Virtual: 3313.47 MB

==================== Drives ================================

Drive c: (Windows 8.1) (Fixed) (Total:232.88 GB) (Free:63.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: EA270E9A)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Sorry.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Administrator (administrator) on DALES-PC (27-09-2015 03:31:38)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: dale & Administrator)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
() C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
( ) C:\Windows\System32\lxbkcoms.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774552 2015-02-15] (Realtek Semiconductor)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400720 2013-10-31] (Seagate)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2015-02-08] (IvoSoft)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-07-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798216 2015-02-15] (Avid Technology, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6418376 2013-10-31] (Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105184 2013-01-10] (Acronis)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2015-02-17] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-02-08] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2015-02-08] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2015-02-08] ()
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2015-02-17] ()
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-05-05] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1517088 2015-05-19] (ABBYY Production LLC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-09-16] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2015-09-26] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2015-09-26] (Adobe Systems Inc.)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [506728 2015-02-08] (Outertech)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-05-05] (Samsung)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [JumplistWatcher] => C:\Program Files (x86)\JumplistExtender\T7EBackground.exe [622592 2015-02-08] (Marco Zafra)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TBear.Client.exe [2588608 2015-04-25] (TunnelBear)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Spotify Web Helper] => C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-05] (Spotify Ltd)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Spotify] => C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-05-05] (Spotify Ltd)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-225 Series"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\MountPoints2: {89bb100f-c06a-11e4-8293-001a7d0abf05} - "E:\Autoplay.exe" -auto
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk [2015-02-08]
ShortcutTarget: Core Temp.lnk -> C:\ProgramData\Allmyapps\apps\18327\Core Temp.exe (No File)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.exe - Shortcut.lnk [2015-02-13]
ShortcutTarget: speedfan.exe - Shortcut.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Internet Explorer:
==================
HKU\S-1-5-21-2273160904-4274275969-784373220-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-16] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-16] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-11] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-04-11] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default
FF NewTab: www.google.co.uk
FF DefaultSearchEngine: Google UK
FF SelectedSearchEngine: Google UK
FF Homepage: www.google.co.uk
FF NetworkProxy: "ftp", "180.183.105.55"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "socks", "180.183.105.55"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "180.183.105.55"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-11] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-04-11] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2273160904-4274275969-784373220-500: SkypePlugin -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2273160904-4274275969-784373220-500: SkypePlugin64 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-08] (Apple Inc.)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\searchplugins\google-maps-uk.xml [2015-09-11]
FF Extension: Xmarks - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\foxmarks@kei.com [2015-05-15]
FF Extension: Print pages to PDF - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\printPages2Pdf@reinhold.ripper [2015-05-31]
FF Extension: EPUBReader - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-05-31]
FF Extension: System.Security.Cryptography.CryptographicException - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{7F7A4577-8FC3-141E-DD31-1321B4A6F2FC} [2015-06-25]
FF Extension: Flash and Video Download - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-09-21]
FF Extension: Default Full Zoom Level - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2015-05-29]
FF Extension: YouTube Flash Video Player - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898} [2015-09-05]
FF Extension: Roomy Bookmarks Toolbar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\ALone-live@ya.ru.xpi [2015-02-08]
FF Extension: Add to Amazon Wish List Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\amznUWL2@amazon.com.xpi [2015-02-08]
FF Extension: DownThemAll! AntiContainer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\anticontainer@downthemall.net.xpi [2015-02-08]
FF Extension: Bookmark Favicon Changer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2015-02-08]
FF Extension: Color Transform - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\colortransform@pjs.nl.xpi [2015-02-08]
FF Extension: Colour That Site! - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\ColourThatSite@einspeiser.de.xpi [2015-04-07]
FF Extension: Media Hint - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\firefox@mediahint.com.xpi [2015-03-21]
FF Extension: Email This! Bookmarklet Extension - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\gmailthis@lazyrussian.com.xpi [2015-06-04]
FF Extension: savetexttofile - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-02-08]
FF Extension: YouTube mp3 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\info@youtube-mp3.org.xpi [2015-05-14]
FF Extension: One Click Proxy - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-05-12]
FF Extension: Lazarus: Form Recovery - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\lazarus@interclue.com.xpi [2015-02-13]
FF Extension: Live Edit - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\lonely@hamzeen.xpi [2015-05-12]
FF Extension: MD5 Reborned Hasher - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\md5rehasher@phoneixs.es.xpi [2015-05-12]
FF Extension: Multifox - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\multifox@hultmann.xpi [2015-02-08]
FF Extension: Multiple Tab Handler - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\multipletab@piro.sakura.ne.jp.xpi [2015-05-09]
FF Extension: NoSquint - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\nosquint@urandom.ca.xpi [2015-02-08]
FF Extension: Print Edit - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\printedit@DW-dev.xpi [2015-02-08]
FF Extension: MetisMe - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\product@metisme.com.xpi [2015-02-08]
FF Extension: Restart - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\Restart@schuzak.jp.xpi [2015-02-13]
FF Extension: Roomy Bookmarks Toolbar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\roomy_bookmarks_toolbar-1.4.4-sm.xpi [2015-02-08]
FF Extension: Screen Draw - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\screendraw@grizzlyape.com.xpi [2015-05-12]
FF Extension: Auto-Sort Bookmarks - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\sortbookmarks@bouanto.xpi [2015-02-08]
FF Extension: Status-4-Evar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\status4evar@caligonstudios.com.xpi [2015-02-08]
FF Extension: StopTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\stoptube@kashiif.com.xpi [2015-02-08]
FF Extension: Google Translator for Firefox - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\translator@zoli.bod.xpi [2015-02-08]
FF Extension: Resurrect Pages - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2015-02-08]
FF Extension: Session Manager - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-02-08]
FF Extension: FlashGot - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-06-29]
FF Extension: Print/Print Preview - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2015-02-08]
FF Extension: uBlock - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-06-18]
FF Extension: CacheViewer Continued - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi [2015-02-08]
FF Extension: PDF Download - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2015-02-08]
FF Extension: Download Videos From YouTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{3ED8ADFD-E755-4aea-986B-A3828315DB53}.xpi [2015-06-22]
FF Extension: Text Link - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2015-02-08]
FF Extension: Mozilla Archive Format - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2015-02-08]
FF Extension: Search by Image for Google - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-02-08]
FF Extension: Password Exporter - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-02-08]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-06-22]
FF Extension: DownThemAll! - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-02-08]
FF Extension: Internote - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{e3631030-7c02-11da-a72b-0800200c9a66}.xpi [2015-02-08]
FF Extension: Greasemonkey - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-02-08]
FF Extension: QuickJava - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-02-08]
FF Extension: UnMHT - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2015-07-08]
FF Extension: YouTube Flash Video Player - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898} [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\colortransform@pjs.nl.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\ColourThatSite@einspeiser.de.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\info@youtube-mp3.org.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\multifox@hultmann.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\sortbookmarks@bouanto.xpi [2015-09-27]
FF Extension: StopTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\stoptube@kashiif.com.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-09-27]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2015-09-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-09-26]

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-07]
CHR Extension: (Media Hint) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akipcefbjlmpbcejgdaopmmidpnjlhnb [2015-09-07]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-07]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-07]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-07]
CHR Extension: (uBlock Origin) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-09-20]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-07]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-09-07]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-07]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-07]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
CHR HKU\S-1-5-21-2273160904-4274275969-784373220-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-02-18] (Broadcom Corporation.)
S3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-26] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-25] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO)
R2 CPMService; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [116032 2011-09-05] ()
R2 Crypkey License; C:\Windows\SYSTEM32\crypserv.exe [122880 2015-02-20] (CrypKey (Canada) Ltd.) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-03-02] (Disc Soft Ltd)
S3 DroidExplorerService; C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [255488 2015-03-09] (Ryan Conrad) [File not signed]
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37384 2015-02-26] (CHENGDU YIWO Tech Development Co., Ltd)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-07-06] (NVIDIA Corporation)
R2 lxbk_device; C:\WINDOWS\system32\lxbkcoms.exe [565928 2015-09-23] ( )
R2 lxbk_device; C:\WINDOWS\SysWOW64\lxbkcoms.exe [537256 2015-09-23] ( )
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-09-01] (Malwarebytes Corporation)
S3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-07-06] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-07-06] (NVIDIA Corporation)
S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-02-08] (TeamViewer GmbH)
S3 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-03-31] (TechSmith Corporation) [File not signed]
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2015-09-26] (TuneUp Software)
S4 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [34752 2015-04-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-01-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-01-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2015-02-08] (Wondershare)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-02-18] (Broadcom Corporation.)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-11-21] (Microsoft Corporation)
S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2015-02-15] (CSR, plc)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-11-21] (Microsoft Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2015-02-18] (Cambridge Silicon Radio Limited)
R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-02] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 eksmidi; C:\Windows\system32\drivers\eksmidi.sys [101472 2015-02-09] (EKS)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2015-02-08] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2015-02-17] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48136 2015-02-26] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2015-02-17] ()
R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO)
S3 MADFUPROKEYSSONO; C:\Windows\System32\drivers\MAudioProKeysSono_DFU.sys [46088 2015-02-15] (M-Audio)
S3 MAUSBPROKEYSSONO; C:\Windows\system32\DRIVERS\MAudioProKeysSono.sys [187912 2015-02-15] (Avid Technology, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-09-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-09-01] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2015-02-20] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-15] (NVIDIA Corporation)
S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [1299384 2015-02-08] (PassMark Software)
R0 phylock; C:\Windows\System32\drivers\phylock.sys [34864 2015-07-26] (TeraByte, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2015-02-18] (Resplendence Software Projects Sp.)
R3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2015-02-22] (The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-08] (Acronis International GmbH)
S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-02-08] (Acronis)
S3 TosRfSnd; C:\Windows\system32\drivers\tosrfsnd.sys [63488 2015-02-13] (TOSHIBA Corporation) [File not signed]
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2015-05-23] (Oracle Corporation)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [130848 2015-02-08] (Acronis International GmbH)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2015-01-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [258368 2015-01-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-01-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-27 03:30 - 2015-09-27 03:30 - 02192384 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2015-09-26 20:17 - 2015-09-26 20:17 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-09-26 20:17 - 2015-09-26 20:17 - 00002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-09-26 20:08 - 2015-09-26 20:09 - 00000747 _____ C:\WINDOWS\KB893803v2.log
2015-09-26 16:44 - 2015-09-26 16:44 - 00002900 _____ C:\Users\Administrator\Desktop\JRT.txt
2015-09-26 15:27 - 2015-09-26 15:27 - 00003292 _____ C:\WINDOWS\System32\Tasks\Restart Snagit
2015-09-26 15:22 - 2015-09-26 15:22 - 00003820 _____ C:\WINDOWS\System32\Tasks\TechSmith Updater
2015-09-26 15:19 - 2015-09-26 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-09-26 15:03 - 2015-09-26 15:03 - 00001389 _____ C:\Users\Administrator\Desktop\AdwCleaner[C3].txt
2015-09-26 13:28 - 2015-09-26 13:28 - 00002736 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-09-26 13:23 - 2015-09-26 13:23 - 00000000 ____D C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win
2015-09-26 13:22 - 2015-09-26 13:22 - 11616432 _____ C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe
2015-09-26 13:20 - 2015-09-26 13:20 - 00000000 ____D C:\Users\Administrator\Downloads\YTDSetup
2015-09-26 13:17 - 2015-09-26 13:17 - 00113560 _____ (GreenTree Applications SRL) C:\Users\Administrator\Downloads\YTDSetup(1).exe
2015-09-26 13:16 - 2015-09-26 13:16 - 00113560 _____ (GreenTree Applications SRL) C:\Users\Administrator\Downloads\YTDSetup.exe
2015-09-26 12:39 - 2015-09-26 12:39 - 00001516 _____ C:\Users\Administrator\Desktop\MWB Scan.txt
2015-09-26 03:16 - 2015-09-26 03:16 - 00002918 _____ C:\Users\Administrator\Desktop\Rogue killer report rk_42D6.tmp.txt
2015-09-26 02:09 - 2015-09-26 02:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-09-26 02:06 - 2015-09-26 02:07 - 24702920 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup(1).exe
2015-09-26 01:10 - 2015-09-26 01:10 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2015-09-26 01:10 - 2013-12-18 10:01 - 00040760 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2015-09-26 01:10 - 2013-12-18 10:01 - 00029496 _____ (TuneUp Software) C:\WINDOWS\system32\authuitu.dll
2015-09-26 01:10 - 2013-12-18 10:01 - 00025400 _____ (TuneUp Software) C:\WINDOWS\SysWOW64\authuitu.dll
2015-09-26 01:09 - 2015-09-26 01:45 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2015-09-26 00:57 - 2015-09-26 00:57 - 18801736 _____ C:\Users\Administrator\Downloads\RogueKiller(1).exe
2015-09-26 00:56 - 2015-09-26 00:57 - 21700168 _____ C:\Users\Administrator\Downloads\RogueKillerX64.exe
2015-09-25 21:23 - 2015-09-25 21:24 - 00000000 ____D C:\Users\Administrator\Downloads\12337 WS
2015-09-25 21:06 - 2015-09-25 21:31 - 00000000 ____D C:\Users\Administrator\Downloads\12337 Go
2015-09-25 19:32 - 2015-09-25 21:31 - 00000000 ____D C:\Users\Administrator\Downloads\12337 Adv
2015-09-25 18:47 - 2015-09-25 18:47 - 00311432 _____ C:\Users\Administrator\Downloads\JDownloader2Setup(2).exe
2015-09-25 18:46 - 2015-09-25 18:46 - 00351304 _____ C:\Users\Administrator\Downloads\JDownloader2Setup(1).exe
2015-09-25 18:42 - 2015-09-25 18:42 - 00342184 _____ C:\Users\Administrator\Downloads\JDownloader2Setup.exe
2015-09-25 18:35 - 2015-09-25 18:39 - 209715200 _____ C:\Users\Administrator\Downloads\12337_Adv.part2.rar
2015-09-25 18:30 - 2015-09-25 18:35 - 209715200 _____ C:\Users\Administrator\Downloads\12337_Adv.part1.rar
2015-09-24 14:10 - 2015-09-24 14:10 - 00042094 _____ C:\Users\Administrator\Downloads\net.pikanji.recentlyaddedcontacts-0.apk
2015-09-23 04:56 - 2015-09-23 05:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark X1100 Series
2015-09-23 04:56 - 2015-09-23 04:56 - 00537256 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcoms.exe
2015-09-23 04:56 - 2015-09-23 04:56 - 00385704 _____ ( ) C:\WINDOWS\SysWOW64\lxbkih.exe
2015-09-23 04:56 - 2015-09-23 04:56 - 00381608 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcfg.exe
2015-09-23 04:56 - 2015-09-23 04:56 - 00180904 _____ ( ) C:\WINDOWS\SysWOW64\lxbkppls.exe
2015-09-23 04:56 - 2015-09-23 04:56 - 00000000 ____D C:\Program Files\Lexmark X1100 Series
2015-09-23 04:56 - 2015-09-23 04:56 - 00000000 ____D C:\Program Files (x86)\Lexmark X1100 Series
2015-09-23 04:56 - 2008-02-19 09:04 - 00001525 _____ C:\WINDOWS\SysWOW64\lxbk.loc
2015-09-23 04:56 - 2006-11-30 16:02 - 00072192 _____ (Lexmark International, Inc.) C:\WINDOWS\system32\lxbkinsr.dll
2015-09-23 04:56 - 2006-11-30 15:47 - 00177664 _____ (Lexmark International, Inc.) C:\WINDOWS\system32\lxbkins.dll
2015-09-23 04:56 - 2006-11-30 15:47 - 00135168 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkinsb.dll
2015-09-23 04:56 - 2006-11-30 13:42 - 00458752 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkjswr.dll
2015-09-23 04:56 - 2006-11-30 13:42 - 00094208 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkcur.dll
2015-09-23 04:56 - 2006-11-30 13:42 - 00086016 _____ (Lexmark International, Inc.) C:\WINDOWS\SysWOW64\lxbkinsr.dll
2015-09-23 04:56 - 2006-11-30 13:35 - 00155648 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkinsb.dll
2015-09-23 04:56 - 2006-11-30 13:35 - 00131072 _____ (Lexmark International, Inc.) C:\WINDOWS\SysWOW64\lxbkins.dll
2015-09-23 04:56 - 2006-11-30 13:34 - 00413696 _____ C:\WINDOWS\SysWOW64\lxbkutil.dll
2015-09-23 04:56 - 2006-11-30 13:34 - 00073728 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkcu.dll
2015-09-23 04:56 - 2006-11-09 20:28 - 00073728 _____ (Lexmark International) C:\WINDOWS\SysWOW64\LXBKcfg.dll
2015-09-23 04:56 - 2006-11-06 17:32 - 00194048 _____ C:\WINDOWS\system32\LXBKinst.dll
2015-09-23 04:56 - 2006-11-06 17:05 - 00305152 _____ ( ) C:\WINDOWS\system32\LXBKhcp.dll
2015-09-23 04:56 - 2006-11-06 16:37 - 00643072 _____ ( ) C:\WINDOWS\SysWOW64\lxbkpmui.dll
2015-09-23 04:56 - 2006-11-06 16:35 - 01224704 _____ ( ) C:\WINDOWS\SysWOW64\lxbkserv.dll
2015-09-23 04:56 - 2006-11-06 16:28 - 00421888 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcomm.dll
2015-09-23 04:56 - 2006-11-06 16:26 - 00585728 _____ ( ) C:\WINDOWS\SysWOW64\lxbklmpm.dll
2015-09-23 04:56 - 2006-11-06 16:25 - 00274432 _____ C:\WINDOWS\SysWOW64\LXBKinst.dll
2015-09-23 04:56 - 2006-11-06 16:24 - 00397312 _____ ( ) C:\WINDOWS\SysWOW64\lxbkiesc.dll
2015-09-23 04:56 - 2006-11-06 16:21 - 00094208 _____ ( ) C:\WINDOWS\SysWOW64\lxbkpplc.dll
2015-09-23 04:56 - 2006-11-06 16:20 - 00684032 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcomc.dll
2015-09-23 04:56 - 2006-11-06 16:20 - 00163840 _____ ( ) C:\WINDOWS\SysWOW64\lxbkprox.dll
2015-09-23 04:56 - 2006-11-06 16:12 - 00413696 _____ ( ) C:\WINDOWS\SysWOW64\lxbkinpa.dll
2015-09-23 04:56 - 2006-11-06 16:11 - 00991232 _____ ( ) C:\WINDOWS\SysWOW64\lxbkusb1.dll
2015-09-23 04:56 - 2006-11-06 16:07 - 00696320 _____ ( ) C:\WINDOWS\SysWOW64\lxbkhbn3.dll
2015-09-23 04:56 - 2006-09-18 11:23 - 00983101 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lxbkgf.dll
2015-09-23 04:07 - 2015-09-23 04:48 - 00003190 _____ C:\lxbk.log
2015-09-23 03:57 - 2015-09-23 03:59 - 1712016608 _____ C:\Users\Administrator\Downloads\Cometrep2015.tiff
2015-09-23 03:41 - 2015-09-23 03:41 - 38808920 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\FileFormatConverters.exe
2015-09-22 23:54 - 2015-09-22 23:54 - 01800512 _____ (Malwarebytes) C:\Users\Administrator\Downloads\JRT(1).exe
2015-09-22 23:54 - 2015-09-22 23:54 - 01662976 _____ C:\Users\Administrator\Downloads\adwcleaner_5.008.exe
2015-09-19 01:16 - 2015-09-19 01:18 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-09-16 22:05 - 2015-09-16 22:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sun
2015-09-16 22:05 - 2015-09-16 22:05 - 00000000 ____D C:\Users\Administrator\.oracle_jre_usage
2015-09-16 22:02 - 2015-09-16 22:02 - 00584288 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jxpiinstall.exe
2015-09-07 04:11 - 2015-09-07 04:11 - 00929360 _____ (Google Inc.) C:\Users\Administrator\Downloads\ChromeSetup(1).exe
2015-09-06 00:47 - 2015-09-06 00:47 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-02 21:32 - 2015-09-02 21:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2015-09-02 21:32 - 2015-09-02 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-09-02 21:31 - 2015-09-27 03:31 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-09-02 21:27 - 2015-09-02 21:32 - 00000000 ____D C:\ProgramData\Comodo
2015-09-02 20:46 - 2015-09-02 20:49 - 226558984 _____ (COMODO) C:\Users\Administrator\Downloads\cispremium_installer.exe
2015-09-02 19:21 - 2015-09-27 01:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-02 00:44 - 2015-09-02 00:44 - 01654272 _____ C:\Users\Administrator\Downloads\adwcleaner_5.005.exe
2015-09-01 23:01 - 2015-09-01 23:01 - 01057320 _____ C:\Users\Administrator\Desktop\Sept 2015 Complete Config Working.cfgx
2015-09-01 20:28 - 2015-08-05 02:32 - 00007471 _____ C:\WINDOWS\system32\Drivers\inspect.cat
2015-09-01 20:09 - 2015-09-01 20:09 - 00003028 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2015-09-01 18:18 - 2015-09-01 18:44 - 00127955 _____ C:\zoek-results.log
2015-09-01 17:55 - 2015-09-01 17:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2015-09-01 17:52 - 2015-09-26 02:09 - 00037624 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-01 17:52 - 2015-09-01 19:17 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-01 17:51 - 2015-09-26 02:09 - 00000000 ____D C:\Program Files\RogueKiller
2015-09-01 17:51 - 2015-09-01 17:51 - 03824464 _____ (AVAST Software) C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe
2015-09-01 17:50 - 2015-09-01 17:51 - 24659208 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup.exe
2015-09-01 17:50 - 2015-09-01 17:50 - 00000000 ____D C:\zoek_backup
2015-09-01 16:05 - 2015-09-01 16:05 - 00000000 ____D C:\Program Files (x86)\JMicron
2015-09-01 16:04 - 2015-09-01 16:04 - 00000000 ____D C:\WINDOWS\SysWOW64\SDA
2015-09-01 15:49 - 2015-09-01 15:49 - 00203352 _____ (JMicron Technology Corporation) C:\WINDOWS\SysWOW64\jmcricon.dll
2015-09-01 15:49 - 2015-09-01 15:49 - 00203352 _____ (JMicron Technology Corporation) C:\WINDOWS\system32\jmcricon.dll
2015-09-01 15:49 - 2015-09-01 15:49 - 00174168 _____ (JMicron Technology Corporation) C:\WINDOWS\system32\Drivers\jmcr.sys
2015-09-01 15:47 - 2015-09-01 15:48 - 01061384 _____ (Lenovo Group Limited ) C:\Users\Administrator\Downloads\6jx107ww.exe
2015-09-01 15:46 - 2015-09-01 15:46 - 00826369 _____ C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip
2015-09-01 06:17 - 2015-09-01 06:17 - 00000000 ____D C:\WINDOWS\pss
2015-09-01 05:31 - 2015-09-01 05:32 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-09-01 05:31 - 2015-09-01 05:31 - 29593968 _____ (Sony Mobile Communications ) C:\Users\Administrator\Downloads\SonyPCCompanion_Web.exe
2015-09-01 05:29 - 2015-09-01 05:29 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-31 18:26 - 2015-08-31 18:26 - 51076312 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.27.exe
2015-08-31 17:37 - 2015-08-31 16:55 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-31 17:35 - 2015-08-31 17:35 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper-V Management Tools
2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files\MSBuild
2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files\Hyper-V
2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-31 17:31 - 2015-08-31 17:31 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-08-31 17:31 - 2015-08-31 17:31 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-08-31 17:31 - 2015-08-31 05:58 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-31 17:31 - 2015-08-31 05:57 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-31 17:31 - 2015-02-08 03:38 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-31 17:31 - 2015-02-08 03:38 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-31 17:31 - 2015-02-08 03:34 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-31 17:31 - 2015-02-08 03:33 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-31 17:30 - 2015-08-31 17:30 - 00028672 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
2015-08-31 16:56 - 2015-08-31 16:56 - 00001453 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-31 16:55 - 2015-08-31 16:55 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2015-08-31 16:53 - 2015-08-31 16:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_tcwbf_01_09_00.Wdf
2015-08-31 16:53 - 2015-08-31 16:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2015-08-31 16:53 - 2015-08-31 16:53 - 00000000 ____D C:\Program Files\AuthenTec
2015-08-31 08:35 - 2015-09-27 00:52 - 01130480 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-31 08:34 - 2015-08-31 08:34 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-08-31 08:08 - 2015-08-31 08:08 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-31 08:08 - 2015-08-31 08:08 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-08-31 08:08 - 2015-08-31 08:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-08-31 07:53 - 2015-08-31 08:10 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-08-31 07:50 - 2015-08-31 08:34 - 00036198 _____ C:\WINDOWS\diagwrn.xml
2015-08-31 07:50 - 2015-08-31 08:34 - 00036198 _____ C:\WINDOWS\diagerr.xml
2015-08-31 07:50 - 2015-08-31 08:30 - 00000000 ____D C:\Users\dale
2015-08-31 07:50 - 2015-01-16 22:48 - 00000000 ___RD C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-31 07:50 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-31 07:50 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-31 07:50 - 2014-11-21 09:48 - 00000369 _____ C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-31 07:50 - 2014-11-21 09:48 - 00000369 _____ C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-31 07:50 - 2013-08-22 17:36 - 00000000 ____D C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-31 07:49 - 2015-09-26 14:59 - 00000000 ____D C:\Users\Administrator
2015-08-31 07:49 - 2015-01-16 22:48 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-31 07:49 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-31 07:49 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-31 07:49 - 2014-11-21 09:48 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-31 07:49 - 2014-11-21 09:48 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-31 07:49 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-31 07:40 - 2015-09-19 01:18 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-08-31 07:40 - 2015-08-31 07:40 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-08-31 07:40 - 2015-08-31 07:40 - 00000000 ____D C:\Program Files\Realtek
2015-08-31 06:12 - 2015-08-31 08:34 - 00006604 _____ C:\WINDOWS\comsetup.log
2015-08-30 09:57 - 2015-08-30 09:58 - 00087701 _____ C:\Users\Administrator\Downloads\Addition.txt
2015-08-30 09:54 - 2015-09-27 03:31 - 00040027 _____ C:\Users\Administrator\Downloads\FRST.txt
2015-08-29 23:46 - 2015-08-29 23:46 - 00407813 _____ C:\Users\Administrator\Downloads\B00TFORUM8.htm
2015-08-29 23:17 - 2015-09-27 03:31 - 00000000 ____D C:\FRST

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-27 03:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-27 02:43 - 2015-02-08 16:09 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-27 02:17 - 2015-02-08 16:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2015-09-27 01:59 - 2015-02-08 14:08 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2273160904-4274275969-784373220-500
2015-09-27 01:40 - 2015-07-28 08:49 - 00000000 ____D C:\Users\Administrator\Desktop\Cayman 2015
2015-09-27 00:42 - 2013-08-22 16:46 - 00461985 _____ C:\WINDOWS\setupact.log
2015-09-26 20:45 - 2015-02-18 17:53 - 00022196 _____ C:\WINDOWS\error.log
2015-09-26 20:45 - 2015-02-08 16:09 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-26 20:45 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-26 20:45 - 2013-08-22 16:44 - 00538864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-26 20:44 - 2015-02-18 17:53 - 00006413 _____ C:\WINDOWS\errord.log
2015-09-26 20:44 - 2015-02-08 14:12 - 00000012 _____ C:\WINDOWS\CUAppUsage.Dat
2015-09-26 20:44 - 2014-11-21 09:29 - 00046038 _____ C:\WINDOWS\PFRO.log
2015-09-26 20:43 - 2015-02-08 17:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2015-09-26 20:35 - 2015-07-04 00:08 - 00233984 ___SH C:\Users\Administrator\Desktop\Thumbs.db
2015-09-26 20:24 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OFFICE SOFTWARE
2015-09-26 20:23 - 2015-02-08 16:22 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-09-26 20:17 - 2012-09-23 20:43 - 00055432 _____ (Adobe Systems Inc) C:\WINDOWS\system32\AdobePDF.dll
2015-09-26 20:17 - 2012-09-23 20:43 - 00026768 _____ (Adobe Systems Inc.) C:\WINDOWS\system32\AdobePDFUI.dll
2015-09-26 20:14 - 2015-02-08 16:20 - 00000000 ____D C:\ProgramData\Adobe
2015-09-26 20:14 - 2015-02-08 16:20 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-09-26 18:56 - 2015-02-08 13:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2015-09-26 15:08 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SECURITY
2015-09-26 14:59 - 2015-07-06 13:39 - 00000000 ____D C:\AdwCleaner
2015-09-26 13:28 - 2014-03-25 22:36 - 00000000 ___HD C:\VTRoot
2015-09-26 12:26 - 2015-06-28 03:59 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-26 04:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Web
2015-09-26 01:35 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-26 01:21 - 2015-02-08 16:45 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-09-26 00:55 - 2015-02-26 16:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mp3tag
2015-09-26 00:28 - 2014-11-21 09:38 - 01176620 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-25 21:41 - 2015-02-08 22:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\JDownloader 2.0
2015-09-25 21:11 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DOWNLOADING GENERAL
2015-09-25 14:49 - 2015-02-08 15:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2015-09-23 05:11 - 2015-07-08 13:30 - 00513536 ___SH C:\Users\Administrator\Downloads\Thumbs.db
2015-09-23 05:08 - 2015-02-09 02:01 - 00000232 _____ C:\WINDOWS\Lexstat.ini
2015-09-23 04:57 - 2015-02-09 01:59 - 00003863 _____ C:\WINDOWS\system32\LexFiles.ulf
2015-09-23 04:56 - 2015-02-09 02:01 - 00233128 _____ ( ) C:\WINDOWS\system32\lxbkih.exe
2015-09-23 04:56 - 2007-02-28 13:59 - 00358400 _____ (Lexmark International, Inc.) C:\WINDOWS\system32\lxbkdrs.dll
2015-09-23 04:56 - 2005-09-13 16:27 - 00054784 _____ C:\WINDOWS\system32\lxbkcnv4.dll
2015-09-23 04:55 - 2015-02-09 02:01 - 00565928 _____ ( ) C:\WINDOWS\system32\lxbkcoms.exe
2015-09-23 04:55 - 2015-02-09 02:01 - 00235688 _____ ( ) C:\WINDOWS\system32\lxbkcfg.exe
2015-09-23 04:54 - 2015-02-09 02:01 - 01417728 _____ ( ) C:\WINDOWS\system32\lxbkserv.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 01099264 _____ ( ) C:\WINDOWS\system32\lxbkusb1.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00695808 _____ ( ) C:\WINDOWS\system32\lxbkcomc.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00659456 _____ ( ) C:\WINDOWS\system32\lxbkhbn3.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00567808 _____ C:\WINDOWS\system32\lxbkutil.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00487424 _____ ( ) C:\WINDOWS\system32\lxbklmpm.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00443392 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkjswr.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00417792 _____ C:\WINDOWS\system32\lxbkcoin.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00409600 _____ ( ) C:\WINDOWS\system32\lxbkpmui.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00249856 _____ ( ) C:\WINDOWS\system32\lxbkcomm.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00238592 _____ ( ) C:\WINDOWS\system32\lxbkinpa.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00226816 _____ ( ) C:\WINDOWS\system32\lxbkiesc.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00109056 _____ () C:\WINDOWS\system32\lxbkvs.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00079360 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkcu.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00077824 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkcur.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00062464 _____ (Lexmark International) C:\WINDOWS\system32\lxbkcfg.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00035328 _____ ( ) C:\WINDOWS\system32\lxbkprox.dll
2015-09-23 04:54 - 2015-02-09 02:01 - 00010752 _____ ( ) C:\WINDOWS\system32\lxbkpplc.dll
2015-09-23 04:02 - 2014-11-21 10:12 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiafbdrv.dll
2015-09-23 04:02 - 2014-11-21 10:12 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
2015-09-23 04:00 - 2015-02-08 23:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Audacity
2015-09-23 03:47 - 2015-04-01 13:09 - 00000000 ____D C:\Users\Administrator\Documents\My PSP Files
2015-09-23 03:09 - 2015-02-08 16:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2015-09-23 03:03 - 2015-05-05 20:29 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-09-23 03:03 - 2015-05-05 20:29 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-09-23 02:13 - 2013-08-22 16:46 - 00001571 _____ C:\WINDOWS\setuperr.log
2015-09-22 23:19 - 2015-04-17 21:38 - 00000000 ____D C:\Users\Administrator\dwhelper
2015-09-22 23:03 - 2015-02-11 04:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2015-09-17 00:20 - 2015-02-08 16:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2015-09-16 22:28 - 2015-04-24 13:05 - 00000000 ____D C:\ProgramData\Oracle
2015-09-16 22:07 - 2015-04-24 13:04 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-16 22:06 - 2015-04-24 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-16 22:04 - 2015-04-24 13:06 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-09-16 09:38 - 2015-02-08 16:09 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 09:38 - 2015-02-08 16:09 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 07:06 - 2015-02-08 15:31 - 00003112 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2273160904-4274275969-784373220-500
2015-09-15 07:06 - 2015-02-08 15:31 - 00000000 ___RD C:\Users\Administrator\OneDrive
2015-09-09 20:48 - 2015-04-11 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-07 17:48 - 2015-02-08 16:56 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-09-06 00:47 - 2015-07-11 23:52 - 00095744 ____N C:\WINDOWS\Minidump\090615-25765-01.dmp
2015-09-03 13:52 - 2015-08-05 01:29 - 00579408 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-09-03 13:52 - 2015-08-05 01:29 - 00445472 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-09-02 21:31 - 2015-02-08 13:25 - 00000000 ____D C:\Program Files\COMODO
2015-09-01 21:36 - 2011-05-18 08:08 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dc3d.sys
2015-09-01 21:35 - 2015-05-21 00:10 - 02317104 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin97itp.dll
2015-09-01 21:34 - 2015-05-21 00:07 - 02317104 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin97ip.dll
2015-09-01 06:45 - 2015-02-08 16:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-01 06:24 - 2015-02-09 19:04 - 00164034 _____ C:\WINDOWS\DPINST.LOG
2015-09-01 05:34 - 2015-06-28 03:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-01 05:33 - 2015-06-28 03:59 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-01 05:33 - 2015-06-28 03:59 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-01 05:33 - 2015-06-28 03:59 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-31 18:27 - 2015-02-08 05:13 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-31 17:36 - 2013-08-22 17:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-08-31 17:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\restore
2015-08-31 17:32 - 2013-08-22 12:35 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll
2015-08-31 17:32 - 2013-08-22 10:25 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe
2015-08-31 17:32 - 2013-08-22 09:35 - 00144967 _____ C:\WINDOWS\system32\virtmgmt.msc
2015-08-31 17:03 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-31 16:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-31 16:42 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-31 09:38 - 2015-07-17 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-31 08:38 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-31 08:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Registration
2015-08-31 08:32 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
2015-08-31 08:32 - 2013-08-22 17:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-31 08:11 - 2015-06-25 00:40 - 00000000 ____D C:\WINDOWS\system32\RightClickFiles
2015-08-31 08:11 - 2014-11-21 09:18 - 00000000 ____D C:\WINDOWS\ShellNew
2015-08-31 08:10 - 2015-07-31 03:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSR BlueSuite 2.5.0
2015-08-31 08:10 - 2015-07-26 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-31 08:10 - 2015-07-10 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-31 08:10 - 2015-07-09 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toontrack
2015-08-31 08:10 - 2015-07-06 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-31 08:10 - 2015-07-06 01:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2015-08-31 08:10 - 2015-07-06 01:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Droid Explorer
2015-08-31 08:10 - 2015-07-04 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-31 08:10 - 2015-07-04 15:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio
2015-08-31 08:10 - 2015-06-28 02:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hit'n'Mix
2015-08-31 08:10 - 2015-05-27 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkAdapted
2015-08-31 08:10 - 2015-05-19 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 12
2015-08-31 08:10 - 2015-04-30 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
2015-08-31 08:10 - 2015-04-19 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite
2015-08-31 08:10 - 2015-04-06 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale 2012
2015-08-31 08:10 - 2015-04-01 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
2015-08-31 08:10 - 2015-03-31 12:31 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2015-08-31 08:10 - 2015-03-14 19:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer
2015-08-31 08:10 - 2015-03-01 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chainer
2015-08-31 08:10 - 2015-02-26 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Advanced Server 7.5
2015-08-31 08:10 - 2015-02-24 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ File Recovery Professional
2015-08-31 08:10 - 2015-02-08 22:28 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BROWSING
2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SYSTEM INTERNALS
2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PERFORMANCE & OVERCLOCKING
2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OTHER
2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AUDIO
2015-08-31 08:10 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIDEO
2015-08-31 08:10 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MUSIC DOWNLOADING
2015-08-31 08:10 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANDROID
2015-08-31 08:08 - 2013-08-22 17:37 - 00005217 _____ C:\WINDOWS\DtcInstall.log
2015-08-31 08:08 - 2013-08-22 15:36 - 00000000 __RHD C:\Users\Default
2015-08-31 08:08 - 2013-08-22 15:36 - 00000000 ____D C:\Users\Default.migrated
2015-08-31 08:07 - 2014-11-21 08:54 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-08-31 08:07 - 2014-11-21 08:54 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-08-31 08:07 - 2014-11-21 08:54 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-08-31 08:07 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-08-31 08:06 - 2015-02-13 05:16 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-08-31 08:05 - 2015-07-25 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraByte Unlimited
2015-08-31 08:05 - 2015-07-25 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2015-08-31 08:05 - 2015-07-01 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeldaProduction
2015-08-31 08:05 - 2015-06-24 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILE
2015-08-31 08:05 - 2015-06-20 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cycling '74
2015-08-31 08:05 - 2015-05-18 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-08-31 08:05 - 2015-03-21 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHint
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WINDOWS CUSTOMISATION
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIRTUALISATION
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIDEO DOWNLOADING
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SYNCHRONISATION
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MUSIC SOFTWARE
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILE MANAGEMENT
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEVICE DRIVERS AND SUITES
2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLOUD
2015-08-31 08:05 - 2013-08-22 17:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\InputMethod
2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Help
2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\FileManager
2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\WindowsPowerShell
2015-08-31 08:04 - 2015-02-09 01:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\WindowsPowerShell
2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-31 07:53 - 2015-02-08 05:15 - 00000000 ____D C:\Users\dale\AppData\Local\Packages
2015-08-31 07:53 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-31 07:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-08-31 07:52 - 2015-06-29 18:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XLN Audio
2015-08-31 07:52 - 2015-06-27 01:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4Front
2015-08-31 07:52 - 2015-02-09 00:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\STREAMING
2015-08-31 07:52 - 2015-02-09 00:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LINGUISTICS
2015-08-31 07:52 - 2015-02-09 00:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NETWORKING AND TOOLS
2015-08-31 07:52 - 2015-02-08 22:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DOCUMENT CONVERSION
2015-08-31 07:52 - 2015-02-08 22:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WINDOWS INTERACTION
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB BROWSING
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEDIA PLAYERS
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MUSIC MANAGEMENT
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\INSTALLATION MANAGEMENT
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD TOOLS
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GRAPHIC DESIGN
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CODING
2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BACKUP
2015-08-31 07:52 - 2015-02-08 13:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2015-08-31 07:43 - 2014-03-18 08:25 - 00000000 __SHD C:\Recovery
2015-08-31 07:43 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-31 06:27 - 2015-02-08 05:14 - 01709067 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-08-31 06:22 - 2014-03-18 09:21 - 00008192 __RSH C:\BOOTSECT.BAK
2015-08-31 02:01 - 2015-07-31 11:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
2015-08-31 02:01 - 2015-07-31 11:50 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2015-08-31 01:12 - 2015-02-08 14:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-31 00:58 - 2015-04-01 13:11 - 00000000 ____D C:\ProgramData\InstallShield
2015-08-31 00:57 - 2015-08-05 22:33 - 00000000 ____D C:\Program Files\Common Files\EPSON
2015-08-31 00:57 - 2015-08-05 22:27 - 00000000 ____D C:\ProgramData\EPSON
2015-08-31 00:56 - 2014-03-18 03:24 - 00000000 __RHD C:\MSOCache
2015-08-30 09:55 - 2015-07-08 21:32 - 00014046 _____ C:\Users\Administrator\Desktop\hijackthis.log
2015-08-29 22:09 - 2015-08-14 17:55 - 00000000 ____D C:\Program Files (x86)\EPSON
2015-08-29 22:03 - 2015-08-14 17:51 - 00000000 ____D C:\Program Files (x86)\EPSON Software
 
==================== Files in the root of some directories =======

2015-02-13 17:09 - 2015-02-13 17:19 - 1289216 _____ () C:\Program Files (x86)\JumplistLauncher.exe
2015-02-13 17:20 - 2015-06-29 12:26 - 0005256 _____ () C:\Program Files (x86)\settings.dat
2015-05-27 21:38 - 2015-05-27 21:45 - 0000539 _____ () C:\Users\Administrator\AppData\Roaming\DarkAdapted Preferences
2015-02-08 23:42 - 2015-02-08 23:42 - 0118724 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS
2015-02-08 23:42 - 2015-02-08 23:42 - 0000318 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part
2015-06-12 16:27 - 2015-06-12 16:27 - 0003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 10:43 - 2015-02-12 10:43 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.1.02.agreement
2015-02-17 20:38 - 2015-02-17 20:38 - 0000055 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.dir
2015-02-12 10:47 - 2015-07-25 18:40 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.filterindex
2015-02-12 10:44 - 2015-07-25 18:39 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.sourcedisk.index
2015-08-31 07:40 - 2015-08-31 07:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-05 18:14 - 2015-05-05 18:14 - 0010295 _____ () C:\ProgramData\regid.2011-06.com.youtubebyclick_3C521B99-9ACE-47EA-AC9F-26075467D03B.swidtag

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\130876732864096387.exe
C:\Users\Administrator\AppData\Local\Temp\13087673321430603253.exe
C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Administrator\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Administrator\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Administrator\AppData\Local\Temp\i4jdel0.exe
C:\Users\Administrator\AppData\Local\Temp\proxy_vole1413000634955814965.dll
C:\Users\Administrator\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Administrator\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Administrator\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Administrator\AppData\Local\Temp\sfareca00001.dll
C:\Users\Administrator\AppData\Local\Temp\sfareca00002.dll
C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {41a39ea7-4ff5-11e5-8d05-f813eabacc72}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {15ee57ce-af41-11e4-824e-20cf305cadbe}
device ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{15ee57cf-af41-11e4-824e-20cf305cadbe}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{15ee57cf-af41-11e4-824e-20cf305cadbe}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {26143d25-4ff6-11e5-8d05-f813eabacc72}
device ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{26143d26-4ff6-11e5-8d05-f813eabacc72}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{26143d26-4ff6-11e5-8d05-f813eabacc72}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.exe
description Windows 8.1
locale en-US
inherit {bootloadersettings}
recoverysequence {26143d25-4ff6-11e5-8d05-f813eabacc72}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {41a39ea7-4ff5-11e5-8d05-f813eabacc72}
nx OptIn
bootmenupolicy Standard

Windows Boot Loader
-------------------
identifier {e7718843-c44c-11e3-9b88-865291c53616}
device ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{e7718844-c44c-11e3-9b88-865291c53616}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{e7718844-c44c-11e3-9b88-865291c53616}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {eb70c2b8-ae6d-11e3-bae8-ddc4a07b574f}
device unknown
path \Windows\system32\winload.exe
description Windows 8.1
locale en-US
inherit {bootloadersettings}
integrityservices Enable
recoveryenabled Yes
allowedinmemorysettings 0x15000075
osdevice unknown
systemroot \Windows
resumeobject {eb70c2b7-ae6d-11e3-bae8-ddc4a07b574f}
nx OptIn
bootmenupolicy Standard

Resume from Hibernate
---------------------
identifier {381a9354-c445-11e3-8271-806e6f6e6963}
device partition=C:
path \Windows\system32\winresume.exe
description Windows 8.1 Pro
locale en-US
inherit {resumeloadersettings}
recoverysequence {15ee57ce-af41-11e4-824e-20cf305cadbe}
recoveryenabled Yes
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {41a39ea7-4ff5-11e5-8d05-f813eabacc72}
device partition=C:
path \WINDOWS\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {26143d25-4ff6-11e5-8d05-f813eabacc72}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {eb70c2b7-ae6d-11e3-bae8-ddc4a07b574f}
device unknown
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice unknown
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {15ee57cf-af41-11e4-824e-20cf305cadbe}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {26143d26-4ff6-11e5-8d05-f813eabacc72}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {84f6ebe6-4f98-11e5-82e4-00030dad0bd1}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier {e7718844-c44c-11e3-9b88-865291c53616}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi



LastRegBack: 2015-09-20 17:00

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Administrator (2015-09-27 03:46:13)
Running from C:\Users\Administrator\Downloads
Windows 8.1 Pro (X64) (2015-08-31 14:55:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2273160904-4274275969-784373220-500 - Administrator - Enabled) => C:\Users\Administrator
dale (S-1-5-21-2273160904-4274275969-784373220-1001 - Administrator - Enabled) => C:\Users\dale
Guest (S-1-5-21-2273160904-4274275969-784373220-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2273160904-4274275969-784373220-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 12 Corporate (HKLM-x32\...\{F12000CE-0001-0000-0000-074957833700}) (Version: 12.1.439 - ABBYY Production LLC)
Ableton Live 9 Suite (HKLM\...\{D4EA4767-BB54-4094-A9F9-F058C2D47DA3}) (Version: 9.0.0.0 - Ableton)
Active@ File Recovery Professional 14 (HKLM\...\{C34F36E0-4D8B-42E8-90AD-50C76E1AE282}_is1) (Version: 14 - LSoft Technologies Inc)
ActivePerl 5.16.1 Build 1601 (64-bit) (HKLM\...\{653D48F0-098C-45C1-8267-86EA7B9D0EDB}) (Version: 5.16.1601 - ActiveState)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Allmyapps (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Allmyapps) (Version: 2.0.0.30 - Allmyapps)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Andy OS (HKLM-x32\...\Andy OS) (Version: 0.43 - Andy OS, Inc)
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARIA Engine v1.6.2.0 (HKLM\...\ARIA Engine_is1) (Version: v1.6.2.0 - Plogue Art et Technologie, Inc)
Ashampoo MP3 Cover Finder v.1.0.12 (HKLM-x32\...\{5A842CF6-7E61-52D7-C64C-2F20E9D408F1}_is1) (Version: 1.0.12 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoHotkey 1.1.19.02 (HKLM\...\AutoHotkey) (Version: 1.1.19.02 - Lexikos)
Avast Browser Cleanup (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Avast Browser Cleanup) (Version: 10.3.2223.101 - AVAST Software)
BBC iPlayer Downloads (HKLM-x32\...\{C3794B09-6C43-4B93-9CA8-F10BECCF2971}) (Version: 1.11.1 - BBC)
BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version: - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bluetooth Command Line Tools 1.2 (HKLM-x32\...\{2557A2FA-2A9A-4829-AD02-8DD95C7E4B8B}_is1) (Version: 1.2.0.56 - bluetoothinstaller.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chainer v1.0 (HKLM-x32\...\Chainer 1.0) (Version: - )
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Clipboard History (HKLM-x32\...\ClipboardHistory) (Version: 1.0 - Outertech)
COMODO Internet Security Premium (HKLM\...\{367D1EA4-24FD-402F-AFF0-08A678D2EE28}) (Version: 8.2.0.4674 - COMODO Security Solutions Inc.)
COMODO Programs Manager (HKLM\...\{D968E920-3A49-48EB-BA1D-8964DCDF0CA9}) (Version: 1.3_build_30 - COMODO)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CSR BlueSuite 2.5.0 (HKLM-x32\...\CSR BlueSuite 2.5.0_is1) (Version: - Cambridge Silicon Radio Ltd.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
DarkAdapted 3.0 (HKLM-x32\...\{FDA06822-011E-4A1E-9B2E-BF25D5C453F8}_is1) (Version: - AquilaDigital Partnership)
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.6.0 - oldsch00l)
Direct WAV MP3 Splitter version 2.7.0.25 (HKLM-x32\...\Direct WAV MP3 Splitter_is1) (Version: 2.7.0.25 - Piston Software)
DiskInternals Partition Recovery (HKLM-x32\...\DiskInternals Partition Recovery) (Version: 5.4 - DiskInternals Research)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Droid Explorer 0.9.0.2 (x64) (HKLM\...\{CEC12343-D6C5-4C69-9A3D-295A2459B37D}) (Version: 0.9.0.2 - Ryan Conrad)
EaseUS Data Recovery Wizard 8.6 (HKLM\...\EaseUS Data Recovery Wizard 8.6_is1) (Version: - EaseUS)
EaseUS Partition Master 10.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EaseUS Todo Backup Advanced Server 7.5 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 7.5 - CHENGDU YIWO Tech Development Co., Ltd)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
EKS Driver Pack 16.12.2010 (HKLM\...\EKS Driver Pack 16.12.2010) (Version: 16.12.2010 - EKS)
EPSON XP-225 Series Printer Uninstall (HKLM\...\EPSON XP-225 Series) (Version: - SEIKO EPSON Corporation)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 0.9.1 - )
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack)
EZdrummer 2 64-bit Update (HKLM\...\{11CC8964-9CB0-46E6-9218-CD39ED4A554D}) (Version: 2.0.1 - Toontrack)
EZkeys Grand Piano 64 (HKLM\...\{23CA8D91-FD3B-4EE6-BBDF-B5924E7E44EB}) (Version: 1.0.2 - Toontrack)
EZXPercussion (HKLM-x32\...\{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}) (Version: 1.0 - Toontrack)
Finale 2012 (HKLM-x32\...\Finale 2012) (Version: 2012.c.r13.4 - MakeMusic)
FreeFileSync 6.13 (HKLM-x32\...\FreeFileSync_is1) (Version: 6.13 - www.FreeFileSync.org)
Garritan ARIA Player v1.620 (HKLM\...\__ARIA_1012___is1) (Version: v1.6.2.0 - Garritan)
Garritan Instruments for Finale (HKLM\...\__ARIA_1013___is1) (Version: v2.0.0.0 - Garritan)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: - HDS)
HDD Raw Copy Tool v1.02 (HKLM-x32\...\HDD Raw Copy Tool_is1) (Version: - HDDGURU)
HeavyLoad V3.3 (64 bit) (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software)
Hit'n'Mix Play (HKLM-x32\...\Hit'n'Mix Play) (Version: 1.5.8 - Hit'n'Mix Ltd)
HWiNFO32 Version 4.50 (HKLM-x32\...\HWiNFO32_is1) (Version: 4.50 - Martin Malík - REALiX)
HWiNFO64 Version 4.50 (HKLM\...\HWiNFO64_is1) (Version: 4.50 - Martin Malík - REALiX)
Image for Windows 2.86 Trial (HKLM-x32\...\Image for Windows (V2)_is1) (Version: - TeraByte Unlimited)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
JBridge (HKLM-x32\...\JBridge) (Version: - JBridge)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.55.0 - JMicron Technology Corp.)
Jumplist Extender (HKLM-x32\...\{2D5349D5-167D-4D27-BD8C-9117A6C63FED}_is1) (Version: 0.4 - Marco Zafra)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
M-Audio ProKeysSono Driver 6.0.2 (x64) (HKLM\...\{5008FD09-0F0B-4B0B-93FF-A7302137F62E}) (Version: 6.0.2 - M-Audio)
Max 6.1.10 (x64) (HKLM\...\{C8F67FDD-EE0B-4F60-9FAD-1B49C4E2EB63}) (Version: 136.1.10 - Cycling '74)
MediaHint (HKLM-x32\...\{35487E7F-80C5-42AB-B6F4-13E603645E44}) (Version: 1.80.0000 - MediaHint)
MediaInfo 0.7.72 (HKLM\...\MediaInfo) (Version: 0.7.72 - MediaArea.net)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
MeldaProduction MTotalBundle64 8 (HKLM-x32\...\MeldaProduction MTotalBundle64 8) (Version: - MeldaProduction)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40620.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MIDI Yoke (HKLM-x32\...\{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}) (Version: 1.75.53 - JOConnell)
MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mp3tag v2.65a (HKLM-x32\...\Mp3tag) (Version: v2.65a - Florian Heidenreich)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.4.2.245 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: - Native Instruments)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Novation USB Audio Driver 2.6 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.6 - Novation DMS Ltd.)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.28 (HKLM\...\{E8BB81BC-E67C-4750-84EE-128DA5A7ADA5}) (Version: 4.3.28 - Oracle Corporation)
OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1015 - Passmark Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Oxford Spanish Dictionary (HKLM-x32\...\Oxford Spanish Dictionary) (Version: - )
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pianoteq v2.3.0 (HKLM-x32\...\Pianoteq23) (Version: - )
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
QtWeb Internet Browser 3.8.5 (HKLM-x32\...\{13C0E1F7-BB8A-4545-B25E-628D025A94AD}_is1) (Version: - QtWeb.NET)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Quod Libet - audio library tagger, manager, and player (HKLM-x32\...\Quod Libet) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7399 - Realtek Semiconductor Corp.)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
R-Studio 7.5 (HKLM-x32\...\R-Studio 7.5NSIS) (Version: 7.5.156292 - R-Tools Technology Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Seagate DiscWizard (HKLM-x32\...\{80AB2C3C-87B7-47C7-928C-ED5374631C97}) (Version: 16.0.5840 - Seagate)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Similarity 64-bit 1.9.2 (HKLM\...\{02F06E82-CCC3-4F71-ADC6-A65338E4A9DF}) (Version: 1.9.1941 - GAR Software)
Skype Web Plugin (HKLM-x32\...\{75BBD24C-C19A-4885-B8FD-EB15009277D3}) (Version: 7.5.0.123 - Skype Technologies S.A.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Snagit 12 (HKLM-x32\...\{d02e7440-ca9b-4c28-b0bf-f226a6c79efd}) (Version: 12.3.1.2879 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.3.1 - TechSmith Corporation) Hidden
SopCast 3.9.6 (HKLM-x32\...\SopCast) (Version: 3.9.6 - www.sopcast.com)
Spectrasonics Trilian Library version 1.0 (HKLM-x32\...\Spectrasonics Trilian Library_is1) (Version: - Copyright (C) 2009-2011 Spectrasonics)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Spotydl 0.9.37.0 (HKLM-x32\...\Spotydl_is1) (Version: 0.9.37.0 - spotydl.com)
SUPER © v2015.build.64+Recorder (2015/02/13) version v2015.buil (HKLM-x32\...\{8E2A29E2-96BF-8759-4DA7-5C16C90729A4}_is1) (Version: v2015.build.64+Recorder - eRightSoft)
Superior Drummer 64-bit (HKLM\...\{22029AEE-38DF-4E35-AEF4-FE8CA3F6667F}) (Version: 2.4.0 - Toontrack)
Superior Drummer Installer (HKLM-x32\...\{009AC76E-1A66-4682-82B7-417E77F3C648}) (Version: 2.0.1 - Toontrack)
Tag&Rename 3.8.6 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.8.6 - Softpointer Inc)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38475 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
TotalDocConverter (HKLM-x32\...\Total Doc Converter_is1) (Version: - Softplicity, Inc.)
Tunatic (HKLM-x32\...\Tunatic) (Version: - )
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TunnelBear (HKLM-x32\...\{a8a8801e-37a4-4866-a5dc-2d8b0943b84c}) (Version: 2.3.13.0 - TunnelBear)
TunnelBear (x32 Version: 2.3.13.0 - TunnelBear) Hidden
Undelete 360 (HKLM-x32\...\Undelete 360_is1) (Version: - File Recovery Ltd.)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Download Capture V4.8.0 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.8.0 - Apowersoft)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - )
Virtual Disk Driver (HKLM-x32\...\{6B6137AE-281D-419E-9F40-FFD1B42A740D}) (Version: 1.1.2141 - Acronis)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (02/03/2011 2.4.0.0) (HKLM\...\88C277C6E63CBDAF35A096E80A5B97A29A619D3A) (Version: 02/03/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (USBSPI) USB (01/21/2011 2.4.0.0) (HKLM\...\516F2BEA6007D982DCE90BA1592C17F0FFD75DBA) (Version: 01/21/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Xentone version 1.3.61 (HKLM-x32\...\{06AF433A-92A9-4DFB-A7F3-2F413BB35A8B}}_is1) (Version: 1.3.61 - H-Pi Instruments)
YouTubeByClick (HKLM-x32\...\{C05E2D5A-938F-41AD-98C5-A6BCBC69CE2F}) (Version: 2.2.10 - YouTubeByClick.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{59CA9673-A08B-489C-8932-1C3E0CF244D8}\localserver32 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{B982932A-124D-489C-A7B3-8BCD1FDB8DD3}\InprocServer32 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\EdgeCalling.exe (Skype Technologies S.A.)

==================== Restore Points =========================

02-09-2015 21:04:27 Removing COMODO Internet Security Premium
12-09-2015 00:46:54 Scheduled Checkpoint
20-09-2015 20:35:42 Scheduled Checkpoint
22-09-2015 23:56:41 JRT Pre-Junkware Removal
25-09-2015 23:47:08 Revo Uninstaller's restore point - TuneUp Utilities 2014

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-09-26 19:58 - 00001078 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0434ED0A-02E4-4377-BBBB-41A6936BAFBA} - System32\Tasks\AllmyappsUpdateTask => C:\Users\Administrator\AppData\Roaming\Allmyapps\Allmyapps.exe
Task: {19D06676-597C-4187-91A5-40B5DD2BD986} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-02-08] (Microsoft Corporation)
Task: {2169A334-3A15-4A69-BDA0-CBBB36AA7CA2} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2273160904-4274275969-784373220-500 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {3639B1A0-A9CF-408A-ADA1-8E55FE787F1C} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO)
Task: {46109DC7-8000-415A-A213-4BF66F55F88D} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {4DCF11D7-AD36-4436-9AB8-7F8208E69E71} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Administrator => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2015-02-08] (H.D.S. Hungary)
Task: {5D1B51F4-0905-4261-BBD2-E4E4AF6FA618} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {63989CE4-1A8E-4947-A2FD-438D717D2556} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2015-03-31] (TechSmith Corporation)
Task: {67ED5FDD-C06F-4446-9409-04952F093942} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-26] (Microsoft Corporation)
Task: {6B8FA50D-9D3A-4D0D-B316-8123EA8777D3} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {6E00464F-41BC-4880-A8DD-FCDEB99C1022} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2015-02-08] (Microsoft Corporation)
Task: {7253FF57-368F-4C82-B27A-338505140F6C} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {79B34201-A62A-47B6-A258-5FF0A398990A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9E3FCFDE-8796-498D-BA77-05CF3A0C710C} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO)
Task: {A0459977-33F3-4E0E-8396-DCD96DC1B94E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-02-08] (Microsoft Corporation)
Task: {BD797F8E-1326-41E3-811A-3310E17F39AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-26] (Microsoft Corporation)
Task: {C8E55F47-5233-4078-A0FB-0CE2C145C26C} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {CA01DE4C-DE0B-4178-9A20-9389B1F61957} - System32\Tasks\Restart Snagit => C:\Program Files (x86)\TechSmith\Snagit 12\snagit32.exe [2015-03-31] (TechSmith Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-10-01 22:36 - 2012-10-01 22:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-09-05 17:11 - 2011-09-05 17:11 - 00116032 _____ () C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
2005-09-13 18:27 - 2015-02-09 02:00 - 00054784 _____ () C:\WINDOWS\system32\lxbkcnv5.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00240680 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2015-02-08 16:28 - 2015-02-08 16:28 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2015-01-08 23:02 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-02-26 18:24 - 2015-02-26 18:24 - 00098824 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00031240 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00017416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00088584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 01296392 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00060936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00107528 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00075784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00030216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00068104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00158216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00275976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00072200 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00139784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00037384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00297512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00743976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00472616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00193032 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00255496 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00145928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00076808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00207880 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00024584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00020488 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00032264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00034824 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00064008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00022536 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00115720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00194056 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00135688 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00037896 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00135688 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00019976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00043016 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00096776 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00353800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00027144 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00137224 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00146952 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00050184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00061960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00089608 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00056328 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2015-02-26 18:24 - 2015-02-26 18:24 - 00223752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files (x86)\JumplistLauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\Ckconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\Ckrfresh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\lsb_un20.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\MASetupCaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\MusiccityDownload.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\Setup_ck.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AcpiServiceVnA64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AdobePDF.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AdobePDFUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AERTAC64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AERTAR64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audioLibVc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BcmBtRSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BootMan.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\btwdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BtwRSupportService.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Ckldrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\coin97ip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\coin97itp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Crypserv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CsrSecCoins.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CX64APO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDPA64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDPD64A.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDPO64A.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDPP64A.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSBoostDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPONS64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSLFXAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSLimiterDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSNeoPCDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSSymmetryDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PGFX64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PLFX64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PREC64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EuEpmGdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fbnative.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FMAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hpinkcoiB111.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hpinkinsB111.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hpinkstsB111LM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ICEsoundAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jmcricon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KAAPORT64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcnv4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcnv5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcomc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcoms.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcur.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkdrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkhbn3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkiesc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkih.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkinpa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkjswr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbklmpm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkpmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkpplc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkprox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkusb1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkvs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\M-AudioTaskBarIcon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO30.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO5064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO6064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPOShell64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioEQ64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioRealtek64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxSpeechAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO2064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxVolumeSDAPO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MISS_APO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICAPOlfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NahimicAPONSControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvnusbaudio_coinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RCoInstII64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RltkAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RP3DAA64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RP3DHT64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTCOM64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RtDataProc64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTEED64A.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTEEG64A.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTEEL64A.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTEEP64A.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RtkApi64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RtkCfg64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RtkCoLDR64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RtlCPAPI64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RtNicProp64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RtPgEx64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTSnMg64.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SFAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SFCOM64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SFNHK64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SFSS_APO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sl3apo64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\slcnt64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\slprp64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sltech64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRCOM64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRRPTR64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRSHP64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRSTSH64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRSTSX64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRSWOW64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo264.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tepeqapo64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tosade.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tosasfapo64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\toseaeapo64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tossaeapo64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VBoxNetFltNobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WavesGUILib64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdfcoinstaller01009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiafbdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\YamahaAE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ApowersoftScreenCapturing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ApowersoftScreenCapturingFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ApowersoftVideoMixerFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BootMan.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dgderapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\epmntdrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EuEpmGdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EuGdiDrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jmcricon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkcoms.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkih.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkppls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MASetupCleaner.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFC71ESP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\muzapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvStreaming.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Olepau32.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pncrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Redemption.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RltkAPO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupempdrv03.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SFCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\swscale-lav-2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TAKDSDecoder.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bcbtums.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthav.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btwampfl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\csrusbfilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dc3d.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtlitescsibus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\eksmidi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\eubakup.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EUBKMON.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\eudskacs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EuFdDisk.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\jmcr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MAudioProKeysSono.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MAudioProKeysSono_DFU.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\phylock.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rsdrvx64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rspLLL64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Rt630x64.sys:$CmdTcID
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\RTKVHD64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap-tb-0901.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosporte.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfbd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfbnp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfcom.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Tosrfhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfnds.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TosRfSnd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfusb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxDrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetAdp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxUSB.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vrtaucbl.sys:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Cookies:RxhZ9woyaG2Kyu070E6ze
AlternateDataStreams: C:\Users\Administrator\Desktop\Num_2._Art_4._Diane_Fromage.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Desktop\Run Explorer as System.bat:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\11760405_10153030110535679_1542847361_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part1.rar:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part1.rar:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part2.rar:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part2.rar:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\6jx107ww.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_4.207.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.005.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.005.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.008.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.008.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Amnesia - Mojito_Lite_feat._Tito_Nieves.mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Amnesia - Mojito_Lite_feat._Tito_Nieves.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Andy_Android_Emulator_v44_10.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\B00TFORUM8.htm:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Charge2_QSG_EN.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Charge2_SS_EN.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\cispremium_installer.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\cispremium_installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\epson378919eu.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\epson513359eu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\epson513359eu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(1).gp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(2).gp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp4:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp5:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(2).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\FileFormatConverters.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\FileFormatConverters.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Flash_tool_for_Xperia_6.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\gapa.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\gapa.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\interim-101-guidance-12-2014.PDF:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\JBL_CHARGE_2.7z:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\JDownloader2Setup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\JDownloader2Setup(2).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\JDownloader2Setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\JRT(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\JRT(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\jxpiinstall.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057 (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0(1):$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0(1):$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_2:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\net.pikanji.recentlyaddedcontacts-0.apk:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\NPE.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\phylock_ifw2.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\phylock_ifw2.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Pink-Tambourine.rar:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Pink-Tambourine.rar:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Pro027.xlsx:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\QQ截图20150707110501.png:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKillerX64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKillerX64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\setup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeWebPlugin.msi:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeWebPlugin.msi:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\SonyPCCompanion_Web.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\sunpentown-sd-014v-dehumidifier-manual.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam EXAMPLE.midi:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam README.rtf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam.tci:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\test-ramp-1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\third_year_progress_report_locked_2.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\UniversalAdbDriver.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\UniversalAdbDriver.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\uTorrentPortable_3-4-3-40298_online-paf.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\uTorrentPortable_3.4.4.40911_online.paf.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\YTDSetup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\YTDSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE
AlternateDataStreams: C:\ProgramData\TEMP:535FBEA2
AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9
AlternateDataStreams: C:\ProgramData\TEMP:89FAC91C
AlternateDataStreams: C:\ProgramData\TEMP:CF08C48A
AlternateDataStreams: C:\ProgramData\TEMP:DDCCB2FA
AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA
AlternateDataStreams: C:\Users\dale\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2273160904-4274275969-784373220-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv Firewall Service is not running.
MpsSvc Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: NvNetworkService => 3
MSCONFIG\Services: NvStreamSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 3
MSCONFIG\Services: TeamViewer => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "Snagit 12.lnk"
HKLM\...\StartupApproved\Run: => "Seagate Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "lxbkbmgr.exe"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "M-Audio Taskbar Icon"
HKLM\...\StartupApproved\Run: => "CsrHCRPServer"
HKLM\...\StartupApproved\Run: => "CsrAudioguiCtrl"
HKLM\...\StartupApproved\Run: => "CsrSyncMLServer"
HKLM\...\StartupApproved\Run: => "vksts"
HKLM\...\StartupApproved\Run: => "HarmonyUserStartup"
HKLM\...\StartupApproved\Run: => "CSRHarmonySkypePlugin"
HKLM\...\StartupApproved\Run: => "TrayApplication"
HKLM\...\StartupApproved\Run32: => "DiscWizardMonitor.exe"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => ""
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "Andy"
HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR12"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\StartupFolder: => "speedfan.exe - Shortcut.lnk"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\StartupFolder: => "Core Temp.lnk"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Allmyapps"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Allmyapps Update"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "JumplistWatcher"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "TunnelBear"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Gamma Panel executable"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Embtion"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => ""
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Sony PC Companion"
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0E3DBB5D-9AA8-4CD1-BF00-A5BCE1C1FE55}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{033BF356-B984-4958-B584-91A1372E18B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5141F975-0650-4626-A23C-7522CE51BDFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0C752913-45A1-4039-817C-6060C2C89110}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3860C4B0-E795-4F41-ACC2-E3FB090BA3FD}] => (Allow) F:\B\Ma\PROGRAM DATA AND PROJECTS ETC\uTorrent Software\uTorrentSoftware.exe
FirewallRules: [{1EF2B9E8-7AC1-4BCA-A986-B69047FC9B89}] => (Allow) F:\B\Ma\PROGRAM DATA AND PROJECTS ETC\uTorrent Software\uTorrentSoftware.exe
FirewallRules: [{CB635AB7-168B-418D-B5B7-995972C7EFDF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{7DD3B35C-6EFF-4A5D-8832-980DA8E1411A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{B47FB92A-9D42-4C41-A953-3DDB8071316A}] => (Allow) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{CCDF3E5D-873C-4A95-8E16-E4F8915FB36C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{10947210-F4B5-4040-826D-D6317AF7CB46}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{B9DAF5DF-E6FE-4999-A521-094A1F6AAA4B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{1DDDFB35-984E-4D04-BB81-A3F834FC965D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{2F4ACAA2-9C79-4F78-8591-9A42FEB5E507}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{AD96584F-67AC-4F82-9BBE-AD5C0E6E61A6}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{B5F4C02A-497F-4710-AC65-0EB1DE15435C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{1EC951D6-9F1D-43F4-BEC8-AB637508BE46}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{005841C4-B1CA-4065-879C-BD848B8714D1}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{39037797-C465-4832-9037-EDDF4C9DC3D4}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{E0214837-48B4-41EB-8C0B-DE2D2B0A3832}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{A106BA46-F08D-436B-87AB-45E6F5BDEE95}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{C1A96054-23C3-4B1A-A9BF-7520F4BB7F9A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{2AE87BD6-B282-44D1-AC90-ED6FB717BC16}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{2FD3DE22-6802-460E-8435-333FF067CE04}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{071EBA47-B5B0-464C-9000-603129FD4ED9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{2D92E39D-E942-4BB6-A452-053239D5FAB8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{B1677CDD-F448-4280-B537-A630A4C7B902}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{6B121315-D6E3-4BF0-B7E6-E89FE9E7FD06}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{2B4572F5-7D98-4AC1-8E08-F189EF61B055}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4AD873A6-E094-4FB6-924D-EAB11B3FD0A4}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{DD657591-C16D-46FB-B66B-515E384E577E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{92AC6E3A-022D-462E-A4CD-CEE2D29497E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3AAB0A6E-8633-40BE-9CE3-BFEABF561371}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BB857866-C605-4D99-B8A7-D429BF3FFE9D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AFEFDFB0-96A7-4F22-B04E-1F5B32D2ECEA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2783EB04-052E-4EE9-A29A-E7483E67E5A8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{873C1E69-0161-46DD-8EE5-CC77D7C020FF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{ACE7B793-4044-4754-A9AC-1BF4FD0BCC22}] => (Allow) C:\Users\Administrator\Desktop\uTorrentPortable\App\uTorrent\uTorrent.exe
FirewallRules: [{EF4EB667-3047-4D01-85B9-984B43672C92}] => (Allow) C:\Users\Administrator\Desktop\uTorrentPortable\App\uTorrent\uTorrent.exe
FirewallRules: [{0CC2EE16-BE00-4104-B8DB-9B2FFFB3E6E1}] => (Allow) C:\Windows\SysWOW64\lxbkcoms.exe
FirewallRules: [{6699580B-F3CB-4598-B23A-9EF2766A917A}] => (Allow) C:\Windows\SysWOW64\lxbkcoms.exe
FirewallRules: [{61ECE606-99BB-424F-951A-0A11B4FA9E06}] => (Allow) C:\Windows\System32\lxbkcoms.exe
FirewallRules: [{9FD5EC8A-58C5-4495-8E79-2FCB6E3A92F1}] => (Allow) C:\Windows\System32\lxbkcoms.exe
FirewallRules: [{40B93C68-5496-48CE-B8B4-698E85EE6317}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbkpswx.exe
FirewallRules: [{7D02A16B-51A1-4DBF-99E8-657051AE8B86}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbkpswx.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2015 12:42:34 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/26/2015 08:47:12 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/26/2015 08:46:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (09/26/2015 08:42:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17415, time stamp: 0x54503a3a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000037b0fd8
Faulting process id: 0x548
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (09/26/2015 08:29:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/26/2015 08:26:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17415, time stamp: 0x54503a3a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000062e0fd8
Faulting process id: 0x1f0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (09/26/2015 08:16:38 PM) (Source: MsiInstaller) (EventID: 11310) (User: Dales-PC)
Description: Product: Adobe Acrobat XI Pro -- Error 1310.Error writing to file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe. System error 0. Verify that you have access to that directory.

Error: (09/26/2015 08:08:50 PM) (Source: Windows Installer 3.1) (EventID: 4373) (User: )
Description: WindowsNot enough storage is available to process this command.

Error: (09/26/2015 07:52:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/26/2015 07:52:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (09/27/2015 12:05:06 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (09/26/2015 08:46:34 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with the following service-specific error:
%%2147944153

Error: (09/26/2015 08:45:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (09/26/2015 07:51:47 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with the following service-specific error:
%%2147944153

Error: (09/26/2015 07:50:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (09/26/2015 05:56:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with the following service-specific error:
%%2147944153

Error: (09/26/2015 05:55:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (09/26/2015 04:49:47 PM) (Source: DCOM) (EventID: 10010) (User: Dales-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/26/2015 04:00:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/26/2015 04:00:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Virtual Disk service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2015-09-27 02:35:39.886
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-27 01:52:17.098
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 23:32:09.948
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 20:49:28.476
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 19:57:14.380
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 18:06:48.740
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 17:59:16.302
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 16:53:39.802
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 16:19:41.017
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-26 15:43:30.298
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 59%
Total physical RAM: 2936.88 MB
Available physical RAM: 1198.14 MB
Total Virtual: 5880.88 MB
Available Virtual: 3313.47 MB

==================== Drives ================================

Drive c: (Windows 8.1) (Fixed) (Total:232.88 GB) (Free:63.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: EA270E9A)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    32.5 KB · Views: 3
Done. So far this appears to have done the trcik. Thanks so much.

If I may ask, how did you create the fixlist? Were the problems automatically flagged by FRST using its database, or did you or someone else have to manually scan the FRST scan log and add the lines to the fixlist.txt? Just thinking if it's automated I may be able to use this tool myself should need arise in the future.

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Administrator (2015-09-27 19:43:40) Run:1
Running from C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SECURITY
Loaded Profiles: Administrator (Available Profiles: dale & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\MountPoints2: {89bb100f-c06a-11e4-8293-001a7d0abf05} - "E:\Autoplay.exe" -auto
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File
ShortcutTarget: Core Temp.lnk -> C:\ProgramData\Allmyapps\apps\18327\Core Temp.exe (No File)
GroupPolicyScripts: Restriction <======= ATTENTION
2015-02-13 17:20 - 2015-06-29 12:26 - 0005256 _____ () C:\Program Files (x86)\settings.dat
2015-05-27 21:38 - 2015-05-27 21:45 - 0000539 _____ () C:\Users\Administrator\AppData\Roaming\DarkAdapted Preferences
2015-02-08 23:42 - 2015-02-08 23:42 - 0118724 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS
2015-02-08 23:42 - 2015-02-08 23:42 - 0000318 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part
2015-06-12 16:27 - 2015-06-12 16:27 - 0003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 10:43 - 2015-02-12 10:43 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.1.02.agreement
2015-02-17 20:38 - 2015-02-17 20:38 - 0000055 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.dir
2015-02-12 10:47 - 2015-07-25 18:40 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.filterindex
2015-02-12 10:44 - 2015-07-25 18:39 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.sourcedisk.index
2015-08-31 07:40 - 2015-08-31 07:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-05 18:14 - 2015-05-05 18:14 - 0010295 _____ () C:\ProgramData\regid.2011-06.com.youtubebyclick_3C521B99-9ACE-47EA-AC9F-26075467D03B.swidtag
C:\Users\Administrator\AppData\Local\Temp\130876732864096387.exe
C:\Users\Administrator\AppData\Local\Temp\13087673321430603253.exe
C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Administrator\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Administrator\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Administrator\AppData\Local\Temp\i4jdel0.exe
C:\Users\Administrator\AppData\Local\Temp\proxy_vole1413000634955814965.dll
C:\Users\Administrator\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Administrator\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Administrator\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Administrator\AppData\Local\Temp\sfareca00001.dll
C:\Users\Administrator\AppData\Local\Temp\sfareca00002.dll
C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\Program Files (x86)\JumplistLauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\Ckconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\Ckrfresh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\lsb_un20.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\MASetupCaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\MusiccityDownload.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\Setup_ck.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AcpiServiceVnA64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AdobePDF.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AdobePDFUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AERTAC64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AERTAR64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audioLibVc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BcmBtRSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BootMan.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\btwdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BtwRSupportService.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Ckldrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\coin97ip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\coin97itp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Crypserv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CsrSecCoins.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CX64APO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDPA64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDPD64A.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDPO64A.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDPP64A.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSBoostDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPONS64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSLFXAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSLimiterDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSNeoPCDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSSymmetryDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PGFX64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PLFX64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PREC64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EuEpmGdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fbnative.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FMAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hpinkcoiB111.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hpinkinsB111.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hpinkstsB111LM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ICEsoundAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jmcricon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KAAPORT64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcnv4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcnv5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcomc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcoms.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkcur.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkdrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkhbn3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkiesc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkih.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkinpa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkjswr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbklmpm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkpmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkpplc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkprox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkusb1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lxbkvs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\M-AudioTaskBarIcon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO30.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO5064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO6064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPOShell64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioEQ64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioRealtek64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxSpeechAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO2064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxVolumeSDAPO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MISS_APO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICAPOlfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NahimicAPONSControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvnusbaudio_coinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RCoInstII64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RltkAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RP3DAA64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RP3DHT64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTCOM64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RtDataProc64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTEED64A.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTEEG64A.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTEEL64A.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTEEP64A.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RtkApi64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RtkCfg64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RtkCoLDR64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RtlCPAPI64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RtNicProp64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RtPgEx64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTSnMg64.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SFAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SFCOM64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SFNHK64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SFSS_APO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sl3apo64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\slcnt64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\slprp64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sltech64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRAPO64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRCOM64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRRPTR64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRSHP64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRSTSH64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRSTSX64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRSWOW64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo264.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tepeqapo64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tosade.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tosasfapo64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\toseaeapo64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tossaeapo64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VBoxNetFltNobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WavesGUILib64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdfcoinstaller01009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiafbdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\YamahaAE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ApowersoftScreenCapturing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ApowersoftScreenCapturingFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ApowersoftVideoMixerFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BootMan.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dgderapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\epmntdrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EuEpmGdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EuGdiDrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jmcricon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkcoms.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkih.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkppls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MASetupCleaner.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFC71ESP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\muzapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvStreaming.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Olepau32.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pncrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Redemption.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RltkAPO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupempdrv03.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SFCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\swscale-lav-2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TAKDSDecoder.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bcbtums.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthav.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btwampfl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\csrusbfilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dc3d.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtlitescsibus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\eksmidi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\eubakup.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EUBKMON.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\eudskacs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EuFdDisk.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\jmcr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MAudioProKeysSono.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MAudioProKeysSono_DFU.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\phylock.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rsdrvx64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rspLLL64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Rt630x64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\RTKVHD64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap-tb-0901.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosporte.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfbd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfbnp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfcom.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Tosrfhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfnds.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TosRfSnd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfusb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxDrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetAdp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxUSB.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vrtaucbl.sys:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Cookies:RxhZ9woyaG2Kyu070E6ze
AlternateDataStreams: C:\Users\Administrator\Desktop\Num_2._Art_4._Diane_Fromage.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Desktop\Run Explorer as System.bat:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\11760405_10153030110535679_1542847361_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part1.rar:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part1.rar:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part2.rar:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part2.rar:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\6jx107ww.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_4.207.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.005.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.005.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.008.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.008.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Amnesia - Mojito_Lite_feat._Tito_Nieves.mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Amnesia - Mojito_Lite_feat._Tito_Nieves.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Andy_Android_Emulator_v44_10.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\B00TFORUM8.htm:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Charge2_QSG_EN.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Charge2_SS_EN.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\cispremium_installer.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\cispremium_installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\epson378919eu.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\epson513359eu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\epson513359eu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(1).gp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(2).gp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp4:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp5:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(2).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\FileFormatConverters.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\FileFormatConverters.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Flash_tool_for_Xperia_6.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\gapa.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\gapa.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\interim-101-guidance-12-2014.PDF:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\JBL_CHARGE_2.7z:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\JDownloader2Setup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\JDownloader2Setup(2).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\JDownloader2Setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\JRT(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\JRT(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\jxpiinstall.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057 (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0(1):$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0(1):$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_2:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\net.pikanji.recentlyaddedcontacts-0.apk:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\NPE.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\phylock_ifw2.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\phylock_ifw2.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Pink-Tambourine.rar:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Pink-Tambourine.rar:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Pro027.xlsx:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\QQ截图20150707110501.png:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKillerX64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKillerX64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\setup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeWebPlugin.msi:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeWebPlugin.msi:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\SonyPCCompanion_Web.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\sunpentown-sd-014v-dehumidifier-manual.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam EXAMPLE.midi:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam README.rtf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam.tci:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\test-ramp-1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\third_year_progress_report_locked_2.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\UniversalAdbDriver.zip:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\UniversalAdbDriver.zip:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\uTorrentPortable_3-4-3-40298_online-paf.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\uTorrentPortable_3.4.4.40911_online.paf.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\YTDSetup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\Downloads\YTDSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE
AlternateDataStreams: C:\ProgramData\TEMP:535FBEA2
AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9
AlternateDataStreams: C:\ProgramData\TEMP:89FAC91C
AlternateDataStreams: C:\ProgramData\TEMP:CF08C48A
AlternateDataStreams: C:\ProgramData\TEMP:DDCCB2FA
AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA
AlternateDataStreams: C:\Users\dale\OneDrive:ms-properties
 
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-2273160904-4274275969-784373220-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89bb100f-c06a-11e4-8293-001a7d0abf05}" => key removed successfully
HKCR\CLSID\{89bb100f-c06a-11e4-8293-001a7d0abf05} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor" => key removed successfully
HKCR\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} => key not found.
C:\ProgramData\Allmyapps\apps\18327\Core Temp.exe => not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\Program Files (x86)\settings.dat => moved successfully
C:\Users\Administrator\AppData\Roaming\DarkAdapted Preferences => moved successfully
C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS => moved successfully
C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part => moved successfully
C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Administrator\AppData\Local\RawCopy.1.02.agreement => moved successfully
C:\Users\Administrator\AppData\Local\RawCopy.savedialog.dir => moved successfully
C:\Users\Administrator\AppData\Local\RawCopy.savedialog.filterindex => moved successfully
C:\Users\Administrator\AppData\Local\RawCopy.sourcedisk.index => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"C:\ProgramData\regid.2011-06.com.youtubebyclick_3C521B99-9ACE-47EA-AC9F-26075467D03B.swidtag" => File/Folder not found.
C:\Users\Administrator\AppData\Local\Temp\130876732864096387.exe => moved successfully
C:\Users\Administrator\AppData\Local\Temp\13087673321430603253.exe => moved successfully
C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Administrator\AppData\Local\Temp\DseShExt-x64.dll => moved successfully
C:\Users\Administrator\AppData\Local\Temp\DseShExt-x86.dll => moved successfully
C:\Users\Administrator\AppData\Local\Temp\i4jdel0.exe => moved successfully
C:\Users\Administrator\AppData\Local\Temp\proxy_vole1413000634955814965.dll => moved successfully
C:\Users\Administrator\AppData\Local\Temp\SDShelEx-win32.dll => moved successfully
C:\Users\Administrator\AppData\Local\Temp\SDShelEx-x64.dll => moved successfully
C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll => moved successfully
C:\Users\Administrator\AppData\Local\Temp\sfamcc00002.dll => moved successfully
C:\Users\Administrator\AppData\Local\Temp\sfareca00001.dll => moved successfully
C:\Users\Administrator\AppData\Local\Temp\sfareca00002.dll => moved successfully
C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll => moved successfully
"C:\Program Files (x86)\JumplistLauncher.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\Ckconfig.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\Ckrfresh.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\lsb_un20.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\MASetupCaller.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\MusiccityDownload.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\Setup_ck.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AcpiServiceVnA64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AdobePDF.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AdobePDFUI.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AERTAC64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AERTAR64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\audioLibVc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BcmBtRSupport.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BootMan.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\btwdi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BtwRSupportService.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Ckldrv.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\coin97ip.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\coin97itp.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Crypserv.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CsrSecCoins.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CX64APO.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\d3dx10_43.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\d3dx11_43.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\D3DX9_43.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DDPA64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DDPD64A.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DDPO64A.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DDPP64A.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dns-sd.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DTSBoostDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DTSGFXAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DTSGFXAPONS64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DTSLFXAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DTSLimiterDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DTSNeoPCDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DTSSymmetryDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DTSU2PGFX64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DTSU2PLFX64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DTSU2PREC64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\EuEpmGdi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\fbnative.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\FMAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\hpinkcoiB111.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\hpinkinsB111.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\hpinkstsB111LM.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ICEsoundAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\jmcricon.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\KAAPORT64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkcfg.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkcfg.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkcnv4.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkcnv5.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkcoin.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkcomc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkcomm.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkcoms.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkcu.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkcur.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkdrs.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkg.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkhbn3.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkiesc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkih.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkinpa.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkjswr.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbklmpm.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkpmui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkpplc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkprox.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkserv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkusb1.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkutil.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lxbkvs.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\M-AudioTaskBarIcon.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MaxxAudioAPO20.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MaxxAudioAPO30.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MaxxAudioAPO4064.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MaxxAudioAPO5064.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MaxxAudioAPO6064.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MaxxAudioAPOShell64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MaxxAudioEQ64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MaxxAudioRealtek64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MaxxSpeechAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MaxxVoiceAPO2064.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MaxxVoiceAPO3064.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MaxxVolumeSDAPO.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MISS_APO.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MRT.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\NAHIMICAPOlfx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\NahimicAPONSControl.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\nvaudcap64v.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\nvnusbaudio_coinst.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\nvvsvc.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\OpenCL.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RCoInstII64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RltkAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RP3DAA64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RP3DHT64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RTCOM64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RtDataProc64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RTEED64A.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RTEEG64A.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RTEEL64A.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RTEEP64A.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RtkApi64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RtkCfg64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RtkCoLDR64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RtlCPAPI64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RtNicProp64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RtPgEx64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\rtscan.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\RTSnMg64.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\SFAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\SFCOM64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\SFNHK64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\SFSS_APO.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\sl3apo64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\slcnt64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\slprp64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\sltech64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\SRAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\SRCOM.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\SRCOM64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\SRRPTR64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\SRSHP64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\SRSTSH64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\SRSTSX64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\SRSWOW64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\tadefxapo.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\tadefxapo264.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\tepeqapo64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\tosade.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\tosasfapo64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\toseaeapo64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\tossaeapo64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\TsWpfWrp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\VBoxNetFltNobj.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\WavesGUILib64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\WdfCoInstaller01007.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wdfcoinstaller01009.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wiafbdrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\WinUSBCoInstaller.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\YamahaAE.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ApowersoftScreenCapturing.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ApowersoftScreenCapturingFilter.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ApowersoftVideoMixerFilter.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\BootMan.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\d3dx10_43.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\d3dx11_43.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\d3dx9_31.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\D3DX9_43.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\dgderapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\dns-sd.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\drvc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\epmntdrv.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\EuEpmGdi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\EuGdiDrv.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\jmcricon.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\lxbkcfg.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\lxbkcoms.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\lxbkih.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\lxbkppls.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\MASetupCleaner.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\MFC71ESP.DLL" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\muzapp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\nvaudcap32v.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\nvStreaming.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\Olepau32.ax" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\OpenCL.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\pncrt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\Redemption.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\RltkAPO.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\setupempdrv03.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\SFCOM.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\SRCOM.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\swscale-lav-2.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\TAKDSDecoder.ax" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\TsWpfWrp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\bcbtums.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\bthav.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\btwampfl.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\csrusbfilter.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\dc3d.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\dtlitescsibus.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\eksmidi.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\eubakup.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\EUBKMON.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\eudskacs.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\EuFdDisk.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\jmcr.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\MAudioProKeysSono.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\MAudioProKeysSono_DFU.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\nvvad64v.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\phylock.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\rsdrvx64.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\rspLLL64.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\Rt630x64.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\RTKVHD64.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\ssudbus.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\ssudmdm.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\tap-tb-0901.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\tosporte.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\tosrfbd.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\tosrfbnp.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\tosrfcom.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\Tosrfhid.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\tosrfnds.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\TosRfSnd.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\tosrfusb.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\usbscan.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\VBoxDrv.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\VBoxNetAdp.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\VBoxUSB.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\vrtaucbl.sys" => ":$CmdTcID" ADS not found.
"C:\Users\Administrator\Cookies" => ":RxhZ9woyaG2Kyu070E6ze" ADS not found.
C:\Users\Administrator\Desktop\Num_2._Art_4._Diane_Fromage.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Desktop\Run Explorer as System.bat" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\11760405_10153030110535679_1542847361_o.jpg => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\12337_Adv.part1.rar" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\12337_Adv.part1.rar => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\12337_Adv.part2.rar" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\12337_Adv.part2.rar => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\6jx107ww.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\adwcleaner_4.207.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\adwcleaner_5.005.exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\adwcleaner_5.005.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\adwcleaner_5.008.exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\adwcleaner_5.008.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Amnesia - Mojito_Lite_feat._Tito_Nieves.mp3" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Amnesia - Mojito_Lite_feat._Tito_Nieves.mp3 => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\Andy_Android_Emulator_v44_10.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\B00TFORUM8.htm => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\Charge2_QSG_EN.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\Charge2_SS_EN.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\ChromeSetup(1).exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\ChromeSetup(1).exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\ChromeSetup.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3 => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\cispremium_installer.exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\cispremium_installer.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\epson378919eu.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\epson513359eu.exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\epson513359eu.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(1).gp3 => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(2).gp3 => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp3 => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp4 => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp3 => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp5 => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3 => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3 => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\FicheroCliente(1).pdf" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\FicheroCliente(1).pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\FicheroCliente(2).pdf" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\FicheroCliente(2).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\FicheroCliente.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\FileFormatConverters.exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\FileFormatConverters.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\Flash_tool_for_Xperia_6.zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\FRST64.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Administrator\Downloads\FRST64.exe" => ":$CmdZnID" ADS not found.
"C:\Users\Administrator\Downloads\gapa.zip" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\gapa.zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\HojaDeFirmas(1).pdf" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\HojaDeFirmas(1).pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\HojaDeFirmas.pdf" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\HojaDeFirmas.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\interim-101-guidance-12-2014.PDF => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\JBL_CHARGE_2.7z => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\JDownloader2Setup(1).exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\JDownloader2Setup(2).exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\JDownloader2Setup.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\JRT(1).exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\JRT(1).exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\JRT.exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\JRT.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\jxpiinstall.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057 (1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Administrator\Downloads\Movimiento_0" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Movimiento_0 => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Movimiento_0(1)" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Movimiento_0(1) => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\Movimiento_2 => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\net.pikanji.recentlyaddedcontacts-0.apk => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\NPE.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\phylock_ifw2.zip" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\phylock_ifw2.zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Pink-Tambourine.rar" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Pink-Tambourine.rar => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\Pro027.xlsx => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\QQ截图20150707110501.png => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\RogueKiller(1).exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\RogueKiller(1).exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\RogueKiller.exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\RogueKiller.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\RogueKillerX64.exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\RogueKillerX64.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\setup(1).exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\setup.exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\setup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\SkypeSetup.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\SkypeWebPlugin.msi" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\SkypeWebPlugin.msi => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\SonyPCCompanion_Web.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3 => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\sunpentown-sd-014v-dehumidifier-manual.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\Tambo by ahjteam EXAMPLE.midi => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\Tambo by ahjteam README.rtf => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\Tambo by ahjteam.tci => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\test-ramp-1.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\third_year_progress_report_locked_2.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\UniversalAdbDriver.zip" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\UniversalAdbDriver.zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\uTorrentPortable_3-4-3-40298_online-paf.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\uTorrentPortable_3.4.4.40911_online.paf.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3 => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe" => ":$CmdTcID" ADS not found.
C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\YTDSetup(1).exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Administrator\Downloads\YTDSetup.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part" => ":$CmdTcID" ADS not found.
C:\ProgramData\TEMP => ":4ABA35EE" ADS removed successfully.
C:\ProgramData\TEMP => ":535FBEA2" ADS removed successfully.
C:\ProgramData\TEMP => ":6DDED7D9" ADS removed successfully.
C:\ProgramData\TEMP => ":89FAC91C" ADS removed successfully.
C:\ProgramData\TEMP => ":CF08C48A" ADS removed successfully.
C:\ProgramData\TEMP => ":DDCCB2FA" ADS removed successfully.
C:\ProgramData\TEMP => ":E8BE05FA" ADS removed successfully.
"C:\Users\dale\OneDrive" => ":ms-properties" ADS not found.


The system needed a reboot..

==== End of Fixlog 19:43:53 ====
 
Good news :)
I have to create each fixlist manually by looking through all log lines.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Redirect returned. I am looking into whther the sync to my mobile caused the malware to be reloaded into my firefox profile on the laptop. Will update on this and the sophos scan results.
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
635
Feng Lengshun
F
Daniel Sims
Marketing scam targets kids with Fortnite and Roblox offers
Replies
3
Views
453
BuckarooBonzaii
B
B
  • Locked
Inactive-A Unknown virus / malware
Replies
13
Views
3K
Broni
Broni

Latest posts

Back