Jump to content

Kaze

Honorary Members
  • Posts

    51
  • Joined

  • Last visited

Everything posted by Kaze

  1. That's great to know man thank you so much. The work this community does is underrated
  2. I have an email from myself sent by my email say I've been recorded and this person has gained access to my pc via RAT However I have no webcam nor mic If this is real what are my options, any help is greatly appreciated As soon as I get home I'm going to be disconnecting my PC from my wifi Below are my screenshots
  3. I started a scan with MBAM and left for a few hours, I came back and all though there was no infection detected - a window called Microsoft Mouse and Keyboard Center popped up asking if I wanted to activate some features of my keyboard and mousse. Here is a picture of it in task manager
  4. It's okay, the malware is in quarantine with MBAM, should I delete it? Also, if a malware is running on my computer, it would definitely show up on my processes right?
  5. Hi, thank you for your help, here are the attachments you've requested FRST.txt Addition.txt
  6. Hi, I got infected yesterday with this malware, I quickly ran a full scan with MBAM but it didin't get detected. I then rebooted in safemode and ran the scan again but no luck. Still feeling uneasy I ran the scan again today and it caught it. Spoolsv.exe - which I uploaded to virustotal and came back negative. It's in quarantine right now, but I'd like to get some further assistance if I have more sneaky malware. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 23/08/2015 Scan Time: 7:54:43 PM Logfile: Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.08.23.05 Rootkit Database: v2015.08.16.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: owner Scan Type: Threat Scan Result: Completed Objects Scanned: 521478 Time Elapsed: 45 min, 36 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Heuristics.Reserved.Word.Exploit, C:\Users\owner\Desktop\spoolsv.exe, Quarantined, [54ed32da7912e056694db7a38d78867a], Physical Sectors: 0 (No malicious items detected) (end)
  7. My antivirus found a trojan in that download. http://puu.sh/gIOhy/57b21658a2.jpg
  8. yeah sorry, just noticed it was missing, pasted the log
  9. All processes killed ========== FILES ========== File/Folder C:\Program Files (x86)\Mozilla Firefox\nsprotector.js not found. File/Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0 not found. File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0 not found. C:\Users\owner\Desktop\Downloads\CrystalDiskInfo5_6_2Shizuku-en.exe moved successfully. C:\Users\raniakhaled\AppData\LocalLow\ToggleEN\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll moved successfully. C:\Windows\Installer\24d2a89.msi moved successfully. C:\Windows\Installer\e64dc8a.msi moved successfully. C:\Windows\Installer\MSI91E5.tmp moved successfully. C:\Windows\Installer\MSIB76F.tmp moved successfully. C:\Windows\Installer\MSIDEDC.tmp moved successfully. H:\raniakhaled\AppData\LocalLow\ToggleEN\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: hedev ->Temp folder emptied: 0 bytes User: owner ->Temp folder emptied: 2922797 bytes ->Temporary Internet Files folder emptied: 12431 bytes ->Java cache emptied: 396019 bytes ->FireFox cache emptied: 373615460 bytes ->Google Chrome cache emptied: 6345103 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 1431 bytes User: Public ->Temp folder emptied: 0 bytes User: raniakhaled ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6582 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 52356466 bytes Total Files Cleaned = 416.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 03202015_195953 Files moved on Reboot... C:\Users\owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot. File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. Registry entries deleted on Reboot...
  10. Results of screen317's Security Check version 0.99.99 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! COMODO Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Adobe Flash Player 16.0.0.305 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (36.0.1) Google Chrome (41.0.2272.101) Google Chrome (41.0.2272.89) ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! Comodo Firewall cmdagent.exe Malwarebytes Secure Backup SUpdateNotifier.exe mbae-svc.exe mbae64.exe mbamscheduler.exe Malwarebytes Secure Backup SAgent.Service.exe Malwarebytes Secure Backup mbsbscan.exe Malwarebytes Secure Backup SMessaging.exe mbae.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  11. nothing as far as I know, everything looks good! Would you recomend me changing passwords?
  12. Sorry about that, i forgot to include it Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by owner at 2015-03-20 12:25:47 Run:1 Running from C:\Users\owner\Desktop Loaded Profiles: owner & (Available profiles: owner) Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKLM\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION S3 ALSysIO; \??\C:\Users\owner\AppData\Local\Temp\ALSysIO64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz136; \??\C:\Users\owner\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] S3 dump_wmimmc; \??\C:\Program Files (x86)\GameGuard\dump_wmimmc.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X] S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] 2014-06-17 21:01 - 2014-06-17 21:01 - 6010880 _____ () C:\Program Files (x86)\GUT7154.tmp 2014-06-21 09:02 - 2014-06-21 09:03 - 6010880 _____ () C:\Program Files (x86)\GUT74B3.tmp 2012-12-22 02:01 - 2009-07-17 13:37 - 0606208 _____ (~Tag-X~) C:\Program Files (x86)\Res-X.exe 2010-06-19 09:46 - 2010-06-19 09:46 - 0000056 ____H () C:\ProgramData\ezsidmv.dat C:\Users\owner\Network_Meter_Data.js C:\Users\owner\AppData\Local\Temp\dllnt_dump.dll C:\Users\owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk2iuzy.dll C:\Users\owner\AppData\Local\Temp\Quarantine.exe C:\Users\owner\AppData\Local\Temp\sqlite3.dll C:\Windows\System32\MSVCR71.DLL CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{1EAE75EA-588A-11DF-91A3-CA6ADFD72085}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File Path AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\VEN2232.OLB:$CmdTcID AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xliveinstallhost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\blackberryncm6_AMD64.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\RimUsb_AMD64.sys:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\001.jpg:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\008-06-005E.pdf:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\1425626594441.gif:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\adwcleaner_4.112.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\adwcleaner_4.112.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\BlackBerryDesktopSoftware1_1_b29.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\BlackBerryDesktopSoftware1_1_b29.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\ChromeSetup.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Digital-Licence-11098442.pdf:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\ENG4CC_Unit1_MSalam.docx:com.dropbox.attributes AlternateDataStreams: C:\Users\owner\Desktop\FRST64.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\FRST64.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\HitmanPro_x64.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\HitmanPro_x64.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\hokage_minato_mobile_wallpaper_by_sl4eva-d8lea28.rar:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\hokage_minato_mobile_wallpaper_by_sl4eva-d8lea28.rar:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Interview_Ticket.pdf:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\JRT.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\JRT.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\JRT_NEW.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\kek.txt:com.dropbox.attributes AlternateDataStreams: C:\Users\owner\Desktop\mbae-setup-1.05.1.1016.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\mbae-setup-1.05.1.1016.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Pearson IT Sims – Module 3- File Management (1).pdf:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Pearson IT Sims – Module 3- File Management (2).pdf:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Pearson IT Sims – Module 3- File Management (3).pdf:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Pearson IT Sims – Module 3- File Management.pdf:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Rainmeter-3.1.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Reading Strategies.pptx:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\RogueKillerX64.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\RogueKillerX64.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Treatment plan to sign to see Dr. Lawson.zip:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\Treatment plan to sign to see Dr. Lawson.zip:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\W_CH02_EXPV1_H1.zip:$CmdZnID EmptyTemp: end ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\RestrictRun => value deleted successfully. HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\RestrictRun => value deleted successfully. "HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. ALSysIO => Service deleted successfully. catchme => Service deleted successfully. cpuz136 => Service deleted successfully. dump_wmimmc => Service deleted successfully. EagleX64 => Service deleted successfully. MREMP50 => Service deleted successfully. MREMP50a64 => Service deleted successfully. MREMPR5 => Service deleted successfully. MRENDIS5 => Service deleted successfully. MRESP50 => Service deleted successfully. MRESP50a64 => Service deleted successfully. X6va012 => Service deleted successfully. X6va013 => Service deleted successfully. C:\Program Files (x86)\GUT7154.tmp => Moved successfully. C:\Program Files (x86)\GUT74B3.tmp => Moved successfully. C:\Program Files (x86)\Res-X.exe => Moved successfully. C:\ProgramData\ezsidmv.dat => Moved successfully. C:\Users\owner\Network_Meter_Data.js => Moved successfully. C:\Users\owner\AppData\Local\Temp\dllnt_dump.dll => Moved successfully. "C:\Users\owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk2iuzy.dll" => File/Directory not found. C:\Users\owner\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\owner\AppData\Local\Temp\sqlite3.dll => Moved successfully. C:\Windows\System32\MSVCR71.DLL => Moved successfully. "HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{1EAE75EA-588A-11DF-91A3-CA6ADFD72085}" => Key deleted successfully. "HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}" => Key deleted successfully. "HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully. "C:\Windows\system32\adtschema.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\aeinv.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\aepdu.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\aepic.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\aitstatic.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\apisetschema.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\appidapi.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\appidcertstorecheck.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\appidpolicyconverter.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\appidsvc.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\appraiser.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\atmfd.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\atmlib.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\audiodg.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\AudioEng.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\AUDIOKSE.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\AudioSes.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\audiosrv.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\auditpol.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\blackbox.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\credssp.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\crypt32.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\cryptnet.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\cryptsp.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\cryptsvc.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\cryptui.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\csrsrv.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\dciman32.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\devinv.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\drmmgrtn.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\drmv2clt.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\dxmasf.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\dxtmsft.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\dxtrans.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\EncDump.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\evr.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\fontsub.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\generaltel.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\ie4uinit.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\ieapfltr.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\iedkcs32.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\ieetwcollector.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\ieetwcollectorres.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\ieetwproxystub.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\ieframe.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\iernonce.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\iertutil.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\iesetup.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\ieui.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\ieUnatt.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\inetcpl.cpl" => ":$CmdTcID" ADS not found. "C:\Windows\system32\invagent.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\jscript9.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\jscript9diag.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\jsproxy.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\kerberos.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\lpk.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\lsasrv.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\lsass.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\mf.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\mferror.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\mfplat.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\mfpmp.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\mfps.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\MpSigStub.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\MRT.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\msaudite.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\msctf.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\msdxm.ocx" => ":$CmdTcID" ADS not found. "C:\Windows\system32\msfeeds.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\mshtml.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\MshtmlDac.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\mshtmled.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\mshtmlmedia.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\msmmsp.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\msnetobj.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\msobjs.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\msrating.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\msscp.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\MsSpellCheckingFacility.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\msv1_0.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\ncrypt.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\nlasvc.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\ntoskrnl.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\oleaut32.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\pcadm.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\pcaevts.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\pcalua.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\pcasvc.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\pcawrk.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\perftrack.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\powertracker.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\profsvc.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\qdvd.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\quartz.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\rdpcorets.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\RdpGroupPolicyExtension.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\rdpudd.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\rrinstaller.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\rstrui.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\scesrv.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\schannel.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\secur32.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\setbcdlocale.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\shell32.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\smss.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\spwmp.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\srclient.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\srcore.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\sspicli.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\sspisrv.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\TSpkg.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\TSWbPrxy.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\ubpm.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\urlmon.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\vbscript.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\VEN2232.OLB" => ":$CmdTcID" ADS not found. "C:\Windows\system32\wdi.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\wdigest.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\win32k.sys" => ":$CmdTcID" ADS not found. "C:\Windows\system32\WindowsCodecs.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\wininet.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\winload.efi" => ":$CmdTcID" ADS not found. "C:\Windows\system32\winload.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\winresume.efi" => ":$CmdTcID" ADS not found. "C:\Windows\system32\wintrust.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\wmdrmsdk.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\wmp.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\WMPhoto.dll" => ":$CmdTcID" ADS not found. "C:\Windows\system32\wmploc.DLL" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\adtschema.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\apisetschema.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\appidapi.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\atmfd.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\atmlib.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\AudioEng.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\AUDIOKSE.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\AudioSes.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\auditpol.exe" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\blackbox.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\credssp.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\crypt32.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\cryptnet.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\cryptsp.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\cryptsvc.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\cryptui.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\dciman32.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\drmmgrtn.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\drmv2clt.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\dxmasf.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\dxtmsft.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\dxtrans.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\evr.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\fontsub.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\ieapfltr.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\iedkcs32.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\ieetwproxystub.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\ieframe.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\iernonce.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\iertutil.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\iesetup.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\ieui.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\ieUnatt.exe" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\inetcpl.cpl" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\jscript9.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\jscript9diag.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\jsproxy.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\kerberos.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\lpk.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\mf.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\mferror.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\mfplat.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\mfpmp.exe" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\mfps.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\msaudite.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\msctf.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\msdxm.ocx" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\msfeeds.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\MshtmlDac.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\mshtmled.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\mshtmlmedia.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\msnetobj.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\msobjs.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\msrating.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\msscp.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\msv1_0.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\ncrypt.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\ncsi.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\nlaapi.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\ntkrnlpa.exe" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\ntoskrnl.exe" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\oleaut32.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\qdvd.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\quartz.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\rrinstaller.exe" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\scesrv.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\schannel.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\secur32.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\shell32.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\spwmp.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\srclient.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\sspicli.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\TSpkg.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\ubpm.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\urlmon.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\vbscript.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\wdi.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\wdigest.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\WindowsCodecs.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\wininet.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\wintrust.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\wmdrmsdk.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\wmp.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\WMPhoto.dll" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\wmploc.DLL" => ":$CmdTcID" ADS not found. "C:\Windows\SysWOW64\xliveinstallhost.exe" => ":$CmdTcID" ADS not found. "C:\Windows\system32\Drivers\appid.sys" => ":$CmdTcID" ADS not found. "C:\Windows\system32\Drivers\blackberryncm6_AMD64.sys" => ":$CmdTcID" ADS not found. "C:\Windows\system32\Drivers\cng.sys" => ":$CmdTcID" ADS not found. "C:\Windows\system32\Drivers\ksecdd.sys" => ":$CmdTcID" ADS not found. "C:\Windows\system32\Drivers\ksecpkg.sys" => ":$CmdTcID" ADS not found. "C:\Windows\system32\Drivers\mountmgr.sys" => ":$CmdTcID" ADS not found. "C:\Windows\system32\Drivers\mrxdav.sys" => ":$CmdTcID" ADS not found. "C:\Windows\system32\Drivers\PEAuth.sys" => ":$CmdTcID" ADS not found. "C:\Windows\system32\Drivers\RimUsb_AMD64.sys" => ":$CmdTcID" ADS not found. C:\Users\owner\Desktop\001.jpg => ":$CmdZnID" ADS removed successfully. C:\Users\owner\Desktop\008-06-005E.pdf => ":$CmdZnID" ADS removed successfully. C:\Users\owner\Desktop\1425626594441.gif => ":$CmdZnID" ADS removed successfully. "C:\Users\owner\Desktop\adwcleaner_4.112.exe" => ":$CmdTcID" ADS not found. C:\Users\owner\Desktop\adwcleaner_4.112.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\owner\Desktop\BlackBerryDesktopSoftware1_1_b29.exe" => ":$CmdTcID" ADS not found. C:\Users\owner\Desktop\BlackBerryDesktopSoftware1_1_b29.exe => ":$CmdZnID" ADS removed successfully. C:\Users\owner\Desktop\ChromeSetup.exe => ":$CmdZnID" ADS removed successfully. C:\Users\owner\Desktop\Digital-Licence-11098442.pdf => ":$CmdZnID" ADS removed successfully. C:\Users\owner\Desktop\ENG4CC_Unit1_MSalam.docx => ":com.dropbox.attributes" ADS removed successfully. "C:\Users\owner\Desktop\FRST64.exe" => ":$CmdTcID" ADS not found. C:\Users\owner\Desktop\FRST64.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\owner\Desktop\HitmanPro_x64.exe" => ":$CmdTcID" ADS not found. C:\Users\owner\Desktop\HitmanPro_x64.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\owner\Desktop\hokage_minato_mobile_wallpaper_by_sl4eva-d8lea28.rar" => ":$CmdTcID" ADS not found. C:\Users\owner\Desktop\hokage_minato_mobile_wallpaper_by_sl4eva-d8lea28.rar => ":$CmdZnID" ADS removed successfully. C:\Users\owner\Desktop\Interview_Ticket.pdf => ":$CmdZnID" ADS removed successfully. "C:\Users\owner\Desktop\JRT.exe" => ":$CmdTcID" ADS not found. C:\Users\owner\Desktop\JRT.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\owner\Desktop\JRT_NEW.exe" => ":$CmdTcID" ADS not found. C:\Users\owner\Desktop\kek.txt => ":com.dropbox.attributes" ADS removed successfully. "C:\Users\owner\Desktop\mbae-setup-1.05.1.1016.exe" => ":$CmdTcID" ADS not found. C:\Users\owner\Desktop\mbae-setup-1.05.1.1016.exe => ":$CmdZnID" ADS removed successfully. C:\Users\owner\Desktop\Pearson IT Sims – Module 3- File Management (1).pdf => ":$CmdZnID" ADS removed successfully. C:\Users\owner\Desktop\Pearson IT Sims – Module 3- File Management (2).pdf => ":$CmdZnID" ADS removed successfully. C:\Users\owner\Desktop\Pearson IT Sims – Module 3- File Management (3).pdf => ":$CmdZnID" ADS removed successfully. C:\Users\owner\Desktop\Pearson IT Sims – Module 3- File Management.pdf => ":$CmdZnID" ADS removed successfully. C:\Users\owner\Desktop\Rainmeter-3.1.exe => ":$CmdZnID" ADS removed successfully. C:\Users\owner\Desktop\Reading Strategies.pptx => ":$CmdZnID" ADS removed successfully. "C:\Users\owner\Desktop\RogueKillerX64.exe" => ":$CmdTcID" ADS not found. C:\Users\owner\Desktop\RogueKillerX64.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\owner\Desktop\Treatment plan to sign to see Dr. Lawson.zip" => ":$CmdTcID" ADS not found. C:\Users\owner\Desktop\Treatment plan to sign to see Dr. Lawson.zip => ":$CmdZnID" ADS removed successfully. C:\Users\owner\Desktop\W_CH02_EXPV1_H1.zip => ":$CmdZnID" ADS removed successfully. EmptyTemp: => Removed 1.5 GB temporary data. The system needed a reboot. ==== End of Fixlog 12:27:30 ====
  13. # AdwCleaner v4.112 - Logfile created 20/03/2015 at 12:00:40 # Updated 09/03/2015 by Xplode # Database : 2015-03-15.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : owner - OWNER-PC # Running from : C:\Users\owner\Desktop\AdwCleaner.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\GeekBuddyRSP Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17689 -\\ Mozilla Firefox v36.0.1 (x86 en-US) -\\ Google Chrome v41.0.2272.89 [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} -\\ Comodo Dragon v36.1.1.21 [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [5011 bytes] - [03/05/2014 17:28:22] AdwCleaner[R10].txt - [2276 bytes] - [16/03/2015 13:28:58] AdwCleaner[R11].txt - [2292 bytes] - [20/03/2015 11:55:04] AdwCleaner[R1].txt - [1854 bytes] - [24/06/2014 22:33:36] AdwCleaner[R2].txt - [2533 bytes] - [04/07/2014 01:31:54] AdwCleaner[R3].txt - [3213 bytes] - [31/08/2014 19:34:13] AdwCleaner[R4].txt - [3500 bytes] - [09/09/2014 11:35:23] AdwCleaner[R5].txt - [3560 bytes] - [09/09/2014 12:14:03] AdwCleaner[R6].txt - [4102 bytes] - [25/11/2014 23:01:00] AdwCleaner[R7].txt - [3364 bytes] - [21/12/2014 18:15:33] AdwCleaner[R8].txt - [1842 bytes] - [22/01/2015 20:39:23] AdwCleaner[R9].txt - [2517 bytes] - [14/03/2015 16:59:26] AdwCleaner[s0].txt - [5134 bytes] - [03/05/2014 17:29:54] AdwCleaner[s1].txt - [1933 bytes] - [24/06/2014 22:34:48] AdwCleaner[s2].txt - [3362 bytes] - [31/08/2014 19:38:15] AdwCleaner[s3].txt - [3540 bytes] - [09/09/2014 12:16:37] AdwCleaner[s4].txt - [4321 bytes] - [25/11/2014 23:13:18] AdwCleaner[s5].txt - [3603 bytes] - [21/12/2014 18:18:37] AdwCleaner[s6].txt - [2049 bytes] - [22/01/2015 20:41:09] AdwCleaner[s7].txt - [2693 bytes] - [14/03/2015 17:11:24] AdwCleaner[s8].txt - [2491 bytes] - [16/03/2015 13:31:07] AdwCleaner[s9].txt - [2366 bytes] - [20/03/2015 12:00:40] ########## EOF - C:\AdwCleaner\AdwCleaner[s9].txt - [2425 bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.5 (03.17.2015:1) OS: Windows 7 Home Premium x64 Ran by owner on 20/03/2015 at 12:37:45.42 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 20/03/2015 at 12:56:19.06 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ here you go
  14. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by owner (administrator) on OWNER-PC on 20-03-2015 12:23:27 Running from C:\Users\owner\Desktop Loaded Profiles: owner & (Available profiles: owner) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe (Akamai Technologies, Inc.) C:\Users\owner\AppData\Local\Akamai\netsession_win.exe () H:\puush.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Spotify Ltd) C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Dropbox, Inc.) C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Akamai Technologies, Inc.) C:\Users\owner\AppData\Local\Akamai\netsession_win.exe () H:\Rainmeter.exe (RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe (IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (www.IslamicFinder.org) C:\Program Files (x86)\Athan\Athan.exe (Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Samsung Electronics Co., Ltd.) H:\Kies\KiesTrayAgent.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe (Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Secure Backup\mbsbscan.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe () C:\OEM\USBDECTION\USBS3S4Detection.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor) HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297624 2015-02-04] (COMODO) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [295512 2014-01-20] (RealNetworks, Inc.) HKLM-x32\...\Run: [sOSUAUI] => C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [55704 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [sMessaging] => C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe [65432 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-12-18] (BlackBerry Limited) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => H:\Malwarebytes Anti-Exploit\mbae.exe [2561848 2015-03-13] (Malwarebytes Corporation) HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation) HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] () HKLM-x32\...\Run: [Gateway Photo Frame] => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [124416 2009-07-20] (IOI) HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [244480 2009-08-12] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [Athan] => C:\Program Files (x86)\Athan\Athan.exe [1146880 2010-03-27] (www.IslamicFinder.org) HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AccountCreatorRunner] => C:\Program Files (x86)\Malwarebytes Secure Backup\AccountCreatorRunner.exe [22424 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.) HKLM-x32\...\Run: [KiesTrayAgent] => H:\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4857592 2014-12-18] (BlackBerry Limited) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2013-07-29] () HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Run: [blackBerryLink.exe] => C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe [1475320 2014-12-18] (Research In Motion) HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Run: [Akamai NetSession Interface] => C:\Users\owner\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Run: [puush] => H:\puush.exe [567880 2014-09-25] () HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Run: [spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-29] (Spotify Ltd) HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-3519416599-1403306863-3896355811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2013-07-29] () HKU\S-1-5-21-3519416599-1403306863-3896355811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [blackBerryLink.exe] => C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe [1475320 2014-12-18] (Research In Motion) HKU\S-1-5-21-3519416599-1403306863-3896355811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\owner\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-3519416599-1403306863-3896355811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [puush] => H:\puush.exe [567880 2014-09-25] () HKU\S-1-5-21-3519416599-1403306863-3896355811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-29] (Spotify Ltd) HKU\S-1-5-21-3519416599-1403306863-3896355811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-3519416599-1403306863-3896355811-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Gateway.scr [425984 2009-08-05] () Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> H:\Rainmeter.exe () ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => No File ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => No File ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) BootExecute: autocheck autochk * bootdeletesdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3519416599-1403306863-3896355811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3519416599-1403306863-3896355811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3519416599-1403306863-3896355811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3519416599-1403306863-3896355811-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360610p416p0455v1h5k4501r55p HKU\S-1-5-21-3519416599-1403306863-3896355811-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360610p416p0455v1h5k4501r55p SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000 -> {2C91ED3A-FFC1-4B89-9601-3448D86B6F8F} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000 -> {E8F6233F-31D0-4FCF-8610-E8B7FEA29659} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2C91ED3A-FFC1-4B89-9601-3448D86B6F8F} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E8F6233F-31D0-4FCF-8610-E8B7FEA29659} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3519416599-1403306863-3896355811-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKU\S-1-5-21-3519416599-1403306863-3896355811-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-3519416599-1403306863-3896355811-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {FED80ED7-2DB6-4DDA-9789-B926E6B34249} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=382950&p={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3519416599-1403306863-3896355811-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - No File DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{E25B824F-697C-4F74-B3B2-56FDE4F29F67}: [NameServer] 156.154.70.22,156.154.71.22 FireFox: ======== FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430 FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.) FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-07-29] (Pando Networks) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-01-20] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-01-20] (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-11-28] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems) FF Plugin HKU\S-1-5-21-3519416599-1403306863-3896355811-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-06] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3519416599-1403306863-3896355811-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-07-29] (Pando Networks) FF Plugin HKU\S-1-5-21-3519416599-1403306863-3896355811-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-05-15] () FF Plugin HKU\S-1-5-21-3519416599-1403306863-3896355811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-06] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3519416599-1403306863-3896355811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-07-29] (Pando Networks) FF Plugin HKU\S-1-5-21-3519416599-1403306863-3896355811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-05-15] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-21] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2014-01-20] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2014-01-20] (RealPlayer) FF SearchPlugin: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\searchplugins\youtube.xml [2015-02-08] FF Extension: Youtube MP3 Podcaster - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2015-03-12] FF Extension: FT DeepDark - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-02-28] FF Extension: Disconnect - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\2.0@disconnect.me.xpi [2015-02-08] FF Extension: Clear Console - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\clearConsole@penzil.com.xpi [2015-02-08] FF Extension: YouTube Video and Audio Downloader - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-02-08] FF Extension: Ghostery - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\firefox@ghostery.com.xpi [2015-02-08] FF Extension: MEGA - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\firefox@mega.co.nz.xpi [2015-02-08] FF Extension: Noosfeer - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\jid1-BJzLmy1Bk1nR6Q@jetpack.xpi [2015-02-08] FF Extension: Pushbullet - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2015-02-08] FF Extension: Lightbeam - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-02-08] FF Extension: RedditNotifier - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\jid1-jz0wH8To7NqwdQ@jetpack.xpi [2015-02-08] FF Extension: Youtube MP3 Downloader using youtube-mp3.org - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\jid1-xKH0EoS44u1a2w@jetpack.xpi [2015-02-08] FF Extension: Reddit Enhancement Suite - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2015-02-08] FF Extension: μ Adblock - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\jid1-yIDO6R3DGl4u2Q@jetpack.xpi [2015-02-08] FF Extension: Stylish - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-02-08] FF Extension: Bluhell Firewall - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-02-08] FF Extension: NoScript - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-08] FF Extension: YouTube High Definition - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2015-02-08] FF Extension: Google Reverse Image Search - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2015-02-08] FF Extension: YouTube HTML5 Player - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{b6b1a201-b252-484f-b9fe-68efbb273fbd}.xpi [2015-02-08] FF Extension: Adblock Plus - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-08] FF Extension: Adblock Edge - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-02-08] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-05] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-05] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-20] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119776&tt=0313_7&babsrc=HP_ss&mntrId=14c9424a00000000000070f1a14d7da0 CHR StartupUrls: Default -> "hxxp://google.ca/" CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14] CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14] CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-14] CHR Extension: (Adblock Plus) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-13] CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14] CHR Extension: (SoundCloud Download Finder) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggklngmkhplepnjhhnenbgfbeagdfil [2014-12-12] CHR Extension: (Word Online) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2014-11-03] CHR Extension: (Stylish) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-11-14] CHR Extension: (The QR Code Generator) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2014-11-03] CHR Extension: (Dropbox) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-11-03] CHR Extension: (Reddit Enhancement Suite) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-01-14] CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2014-01-29] CHR Extension: (Little Alchemy) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-11-03] CHR Extension: (Auto HD For YouTube™) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-09-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Into The Mist) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2014-11-14] CHR Extension: (Ghostery) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-11-03] CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-14] CHR Extension: (Adblock Pro) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-11-03] CHR Extension: (My Chrome Theme) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-11-03] CHR Extension: (ScriptSafe) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-05-22] CHR Extension: (Outlook.com) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-11-03] CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14] CHR Extension: (http://www.whyislam.org/) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhplojoefipkjmnpanljkoiklgphklf [2014-05-22] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-25] (Avira Operations GmbH & Co. KG) [File not signed] S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-25] (Avira Operations GmbH & Co. KG) [File not signed] R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-12-18] (BlackBerry Limited) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-02-04] (COMODO) R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-02-04] (COMODO) R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.) R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.) R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] S2 MbaeSvc; H:\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2015-03-13] (Malwarebytes Corporation) S2 MBAMScheduler; H:\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S3 Origin Client Service; H:\Origin\OriginClientService.exe [1900400 2014-12-16] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-29] () R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-12-16] (Paramount Software UK Ltd) R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2014-12-18] (Apple Inc.) R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1348344 2014-12-18] (BlackBerry Limited) R2 sagentservice; C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe [41880 2014-03-19] (Malwarebytes Secure Backup) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D) S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-25] (Avira Operations GmbH & Co. KG) S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-12-18] (BlackBerry) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2015-01-30] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-01-30] (COMODO) R1 ESProtectionDriver; H:\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-03-13] () R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-01-30] (COMODO) S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) [File not signed] S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-12-18] (BlackBerry Limited) R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-05-07] (Research in Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed] S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation) S3 ALSysIO; \??\C:\Users\owner\AppData\Local\Temp\ALSysIO64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz136; \??\C:\Users\owner\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] S3 dump_wmimmc; \??\C:\Program Files (x86)\GameGuard\dump_wmimmc.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X] S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-20 12:09 - 2015-03-20 12:09 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3519416599-1403306863-3896355811-1000 2015-03-20 12:09 - 2015-03-20 12:09 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3519416599-1403306863-3896355811-1000 2015-03-20 12:08 - 2015-03-20 12:08 - 00002505 _____ () C:\Users\owner\Desktop\AdwCleaner[s9].txt 2015-03-20 11:51 - 2015-03-20 11:51 - 02171392 _____ () C:\Users\owner\Desktop\AdwCleaner.exe 2015-03-20 00:01 - 2015-03-20 00:13 - 00000000 ____D () C:\Users\owner\Documents\Enpass 2015-03-20 00:01 - 2015-03-20 00:01 - 00000950 _____ () C:\Users\owner\Desktop\Enpass.lnk 2015-03-20 00:01 - 2015-03-20 00:01 - 00000000 ____D () C:\Program Files (x86)\Enpass 2015-03-20 00:00 - 2015-03-20 00:01 - 29911696 _____ () C:\Users\owner\Desktop\EnpassSetup-4.5.1.exe 2015-03-19 21:05 - 2015-03-19 21:06 - 00070478 _____ () C:\Users\owner\Desktop\Addition.txt 2015-03-19 21:04 - 2015-03-20 12:23 - 00045765 _____ () C:\Users\owner\Desktop\FRST.txt 2015-03-19 21:03 - 2015-03-20 12:23 - 00000000 ____D () C:\FRST 2015-03-19 21:01 - 2015-03-20 12:23 - 02095616 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe 2015-03-19 14:57 - 2015-03-19 13:56 - 759024412 _____ () C:\Users\owner\Desktop\[HorribleSubs] Tokyo Ghoul Root A - 11 [1080p].mkv 2015-03-19 13:23 - 2015-03-19 13:23 - 00001310 _____ () C:\Users\owner\Desktop\2.txt 2015-03-19 13:22 - 2015-03-19 21:03 - 00001054 _____ () C:\Users\owner\Desktop\1.txt 2015-03-19 03:27 - 2015-03-19 03:27 - 00000600 _____ () C:\Users\Public\Desktop\Shared Space.lnk 2015-03-19 03:00 - 2015-03-19 03:00 - 00001041 _____ () C:\Users\owner\Desktop\JRT.txt 2015-03-19 02:41 - 2015-03-19 02:41 - 01388672 _____ (Thisisu) C:\Users\owner\Desktop\JRT.exe 2015-03-19 02:18 - 2015-03-19 02:17 - 10995632 _____ (SurfRight B.V.) C:\Users\owner\Desktop\HitmanPro_x64.exe 2015-03-18 12:52 - 2015-03-18 12:52 - 00072353 _____ () C:\Users\owner\Desktop\Treatment plan to sign to see Dr. Lawson.zip 2015-03-18 01:15 - 2015-03-20 11:35 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps 2015-03-17 13:03 - 2015-03-17 13:23 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-03-17 13:03 - 2015-03-17 13:03 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-03-17 12:49 - 2015-03-17 12:49 - 18816600 _____ () C:\Users\owner\Desktop\RogueKillerX64.exe 2015-03-17 12:47 - 2015-03-17 12:48 - 00000000 ____D () C:\Users\owner\Desktop\RK_Quarantine 2015-03-17 02:08 - 2015-03-17 02:08 - 00002226 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-17 02:08 - 2015-03-17 02:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-17 02:07 - 2015-03-17 02:07 - 00880208 _____ (Google Inc.) C:\Users\owner\Desktop\ChromeSetup.exe 2015-03-16 12:39 - 2015-03-16 12:39 - 00028446 _____ () C:\Users\owner\Desktop\bookmarks_3_16_15.html 2015-03-15 23:16 - 2015-03-15 23:25 - 00000000 ____D () C:\Users\owner\Desktop\tokyo ghoul 2015-03-15 18:39 - 2015-03-15 19:05 - 00000000 ____D () C:\Users\owner\Desktop\Tokyo Ghoul Zakki 2015-03-15 18:34 - 2015-03-15 18:36 - 524534621 _____ () C:\Users\owner\Desktop\Tokyo Ghoul Zakki.rar 2015-03-14 16:56 - 2015-03-14 16:56 - 02171392 _____ () C:\Users\owner\Desktop\adwcleaner_4.112.exe 2015-03-13 20:34 - 2015-03-13 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-03-13 20:32 - 2015-03-13 20:32 - 02967032 _____ (Malwarebytes ) C:\Users\owner\Desktop\mbae-setup-1.05.1.1016.exe 2015-03-12 20:48 - 2015-03-12 20:49 - 00000000 ____D () C:\Users\owner\Desktop\hue 2015-03-12 20:46 - 2015-03-12 20:47 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Rainmeter 2015-03-12 20:46 - 2015-03-12 20:46 - 02294104 _____ () C:\Users\owner\Desktop\Rainmeter-3.1.exe 2015-03-12 20:46 - 2015-03-12 20:46 - 00000477 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk 2015-03-12 20:46 - 2015-03-12 20:46 - 00000000 ____D () C:\Users\owner\Documents\Rainmeter 2015-03-12 11:33 - 2015-03-12 11:33 - 01217715 _____ () C:\Users\owner\Desktop\hokage_minato_mobile_wallpaper_by_sl4eva-d8lea28.rar 2015-03-11 10:59 - 2015-03-11 11:00 - 160946904 _____ (BlackBerry) C:\Users\owner\Desktop\BlackBerryDesktopSoftware1_1_b29.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 09:30 - 2015-03-11 09:30 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 09:30 - 2015-03-11 09:30 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-11 09:30 - 2015-03-11 09:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 09:30 - 2015-03-11 09:30 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-11 09:30 - 2015-03-11 09:30 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 09:30 - 2015-03-11 09:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 09:30 - 2015-03-11 09:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 09:30 - 2015-03-11 09:30 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 09:30 - 2015-03-11 09:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 09:29 - 2015-03-11 09:29 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 09:29 - 2015-03-11 09:29 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 09:29 - 2015-03-11 09:29 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 09:29 - 2015-03-11 09:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 09:29 - 2015-03-11 09:29 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 09:29 - 2015-03-11 09:29 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 09:29 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 09:29 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-10 11:42 - 2014-08-13 12:49 - 21572466 _____ () C:\Users\owner\Desktop\VID_20140813_124924.mp4 2015-03-10 11:42 - 2014-08-13 12:39 - 59065466 _____ () C:\Users\owner\Desktop\VID_20140813_123827.mp4 2015-03-10 11:42 - 2014-07-15 19:25 - 43666008 _____ () C:\Users\owner\Desktop\VID_20140715_192435.mp4 2015-03-10 11:42 - 2014-06-17 18:37 - 36542871 _____ () C:\Users\owner\Desktop\VID_20140617_183646.mp4 2015-03-09 16:48 - 2015-03-09 16:48 - 00000000 __SHD () C:\Users\owner\AppData\Local\EmieBrowserModeList 2015-03-05 22:46 - 2015-03-05 22:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-05 15:47 - 2015-03-05 15:47 - 00000000 ____D () C:\Users\owner\Desktop\New folder 2015-02-25 11:30 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 11:30 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-20 12:04 - 2015-02-20 12:05 - 00000000 ____D () C:\Users\owner\AppData\Roaming\SpaceEngineers 2015-02-19 14:34 - 2015-02-19 14:34 - 00003891 _____ () C:\ads_err.adt 2015-02-19 14:34 - 2015-02-19 14:34 - 00003072 _____ () C:\ads_err.adi 2015-02-19 14:34 - 2015-02-19 14:34 - 00002048 _____ () C:\ads_err.adm ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-20 12:23 - 2012-06-06 17:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-20 12:23 - 2011-10-02 15:20 - 00000000 ____D () C:\Users\owner\AppData\Local\PMB Files 2015-03-20 12:22 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-20 12:22 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-20 12:19 - 2015-02-12 12:00 - 00004958 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for owner-PC-owner owner-PC 2015-03-20 12:19 - 2010-04-01 11:55 - 01915538 _____ () C:\Windows\WindowsUpdate.log 2015-03-20 12:18 - 2014-06-10 09:46 - 00000490 _____ () C:\Windows\Tasks\Online Backup Update Notifier.job 2015-03-20 12:16 - 2013-07-25 17:06 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat 2015-03-20 12:14 - 2013-07-20 14:49 - 00251588 _____ () C:\Windows\system32\Drivers\fvstore.dat 2015-03-20 12:12 - 2014-03-20 14:38 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Dropbox 2015-03-20 12:07 - 2013-07-12 19:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce7f5a2a0df8c2.job 2015-03-20 12:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-20 12:07 - 2009-07-14 00:51 - 00210272 _____ () C:\Windows\setupact.log 2015-03-20 12:00 - 2014-05-03 17:28 - 00000000 ____D () C:\AdwCleaner 2015-03-20 11:40 - 2012-05-24 20:45 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-03-20 03:44 - 2010-06-12 15:11 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5D5D5F6B-43BE-4ECD-AF2A-842B28D0ED5E} 2015-03-20 03:28 - 2010-11-22 21:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-20 02:59 - 2014-05-17 10:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-20 02:00 - 2014-08-28 02:00 - 00000000 ____D () C:\Users\owner\AppData\Local\Adobe 2015-03-19 19:42 - 2013-01-23 10:32 - 00000000 ____D () C:\Users\owner\AppData\Roaming\uTorrent 2015-03-19 13:39 - 2012-01-11 19:13 - 00001771 _____ () C:\Users\owner\AppData\Roaming\Rim.Desktop.Exception.log 2015-03-19 02:40 - 2015-01-25 22:32 - 01388672 _____ (Thisisu) C:\Users\owner\Desktop\JRT_NEW.exe 2015-03-17 13:33 - 2009-07-14 01:13 - 00903444 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-17 11:15 - 2009-12-01 05:14 - 14468314 _____ () C:\Windows\PFRO.log 2015-03-17 02:08 - 2010-06-19 09:40 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-15 21:12 - 2014-07-18 18:28 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2015-03-13 17:13 - 2014-09-11 14:03 - 00000132 _____ () C:\Users\owner\AppData\Roaming\Adobe PNG Format CC Prefs 2015-03-12 21:40 - 2015-02-12 12:19 - 00000000 ____D () C:\Users\owner\Documents\Outlook Files 2015-03-12 17:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2015-03-12 10:09 - 2014-06-10 10:10 - 00000530 _____ () C:\Windows\Tasks\Malwarebytes Secure Backup - mdsalam1994@hotmail.com.job 2015-03-12 09:27 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-11 14:39 - 2014-03-01 23:32 - 00000000 ____D () C:\Users\owner\Desktop\Writing Portfolio 2015-03-11 12:03 - 2009-07-14 00:45 - 05163488 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 11:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-11 11:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-11 11:46 - 2015-02-11 23:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-03-11 11:46 - 2009-12-01 04:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-11 11:35 - 2013-07-13 10:39 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 11:35 - 2009-07-13 22:34 - 00000531 _____ () C:\Windows\win.ini 2015-03-11 11:23 - 2010-06-11 11:52 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-11 09:08 - 2014-03-20 14:38 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-09 16:47 - 2013-12-10 16:14 - 00008798 _____ () C:\Windows\IE11_main.log 2015-03-06 10:18 - 2010-09-09 23:03 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-03-06 10:08 - 2012-05-03 09:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-05 15:45 - 2014-12-29 11:53 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Spotify 2015-03-04 22:18 - 2011-01-20 00:11 - 00000000 ____D () C:\Users\owner\Desktop\Stuff 2015-02-27 20:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-02-26 01:36 - 2014-08-28 21:36 - 00000000 ____D () C:\Users\owner\AppData\Roaming\vlc ==================== Files in the root of some directories ======= 2014-06-17 21:01 - 2014-06-17 21:01 - 6010880 _____ () C:\Program Files (x86)\GUT7154.tmp 2014-06-21 09:02 - 2014-06-21 09:03 - 6010880 _____ () C:\Program Files (x86)\GUT74B3.tmp 2012-12-22 02:01 - 2009-07-17 13:37 - 0606208 _____ (~Tag-X~) C:\Program Files (x86)\Res-X.exe 2014-09-11 14:03 - 2015-03-13 17:13 - 0000132 _____ () C:\Users\owner\AppData\Roaming\Adobe PNG Format CC Prefs 2012-12-18 20:12 - 2013-02-28 19:51 - 0000546 _____ () C:\Users\owner\AppData\Roaming\All CPU MeterV3_Settings.ini 2013-07-07 17:59 - 2013-07-07 18:00 - 0001080 _____ () C:\Users\owner\AppData\Roaming\Network Meter_Settings.ini 2013-07-07 19:23 - 2013-07-07 19:23 - 0000020 _____ () C:\Users\owner\AppData\Roaming\Network Meter_Usage.ini 2012-01-11 19:13 - 2015-03-19 13:39 - 0001771 _____ () C:\Users\owner\AppData\Roaming\Rim.Desktop.Exception.log 2012-01-11 19:12 - 2012-01-11 19:12 - 0000807 _____ () C:\Users\owner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2010-10-25 16:05 - 2011-11-20 23:08 - 0000202 _____ () C:\Users\owner\AppData\Roaming\wklnhst.dat 2014-10-01 18:57 - 2014-10-01 18:57 - 0001456 _____ () C:\Users\owner\AppData\Local\Adobe Save for Web 13.0 Prefs 2013-07-20 02:45 - 2013-07-20 02:45 - 0180431 _____ () C:\Users\owner\AppData\Local\ars.cache 2013-07-20 02:45 - 2013-07-20 02:45 - 0938638 _____ () C:\Users\owner\AppData\Local\census.cache 2010-08-12 13:41 - 2014-12-09 01:01 - 0010240 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-20 02:33 - 2013-07-20 02:33 - 0000036 _____ () C:\Users\owner\AppData\Local\housecall.guid.cache 2010-06-23 13:03 - 2014-10-31 02:37 - 0007638 _____ () C:\Users\owner\AppData\Local\Resmon.ResmonCfg 2010-06-19 09:46 - 2010-06-19 09:46 - 0000056 ____H () C:\ProgramData\ezsidmv.dat Files to move or delete: ==================== C:\Users\owner\Network_Meter_Data.js Some content of TEMP: ==================== C:\Users\owner\AppData\Local\Temp\dllnt_dump.dll C:\Users\owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi4otad.dll C:\Users\owner\AppData\Local\Temp\Quarantine.exe C:\Users\owner\AppData\Local\Temp\sqlite3.dll Some zero byte size files/folders: ========================== C:\Windows\System32\MSVCR71.DLL ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-15 00:53 ==================== End Of Log ============================ ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=bbdcb22b0a997e409e2b3dbadb119898 # engine=14647 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-08-04 04:30:35 # local_time=2013-08-04 12:30:35 (-0500, Eastern Daylight Time) # country="Canada" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3074 16777213 100 84 0 13207879 0 0 # compatibility_mode=5893 16776573 100 94 0 127177285 0 0 # scanned=224647 # found=6 # cleaned=0 # scan_time=4308 sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe" sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\Program Files (x86)\Mozilla Firefox\nsprotector.js" sh=D00319B864EFCD8E154198D643D60FB67D37DC96 ft=1 fh=b032ce9de072ffda vn="multiple threats" ac=I fn="C:\Users\owner\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe" sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="probably a variant of Win32/CNETInstaller.A application" ac=I fn="C:\Users\owner\Desktop\cbsidlm-cbsi118-Revo_Uninstaller-ORG-10687648.exe" sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0" sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=bbdcb22b0a997e409e2b3dbadb119898 # engine=23004 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-03-20 10:04:38 # local_time=2015-03-20 06:04:38 (-0500, Eastern Daylight Time) # country="Canada" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='COMODO Antivirus' # compatibility_mode=3074 16777213 100 84 0 64463122 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 0 178432528 0 0 # scanned=405679 # found=16 # cleaned=0 # scan_time=18085 sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\nsprotector.js.vir" sh=5E2483E90156237A5412A0561F0CF528DE73D8F3 ft=1 fh=8db433fbbf5523cb vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkhlakkdjfjbohpngmfpijfgmlpnamd\10.16.4.12_0\plugins\ConduitChromeApiPlugin.dll.vir" sh=86A59CA365945FC2C07FA26489B10BFAA7707D17 ft=1 fh=853eeb18c1db5e7e vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe" sh=8CB06BCA312ED2BFA02C7F9344F2717D02ECD931 ft=1 fh=ae24f2cd7ccbd608 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\owner\Desktop\Downloads\CheatEngine64.exe" sh=17A106F24567BC34031A9C31CF89D667A85E7149 ft=1 fh=f64ac014a281092f vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\owner\Desktop\Downloads\CrystalDiskInfo5_6_2Shizuku-en.exe" sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\Users\raniakhaled\AppData\LocalLow\ToggleEN\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll" sh=C53462209F30DE063DA5569DEBFDC97724CCEF70 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Babylon.Q potentially unwanted application" ac=I fn="C:\Windows\Installer\24d2a89.msi" sh=3AF1BA9E69234EAD2DAAF2130CA4CD869020E5FB ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Windows\Installer\e64dc8a.msi" sh=ECDA90B8E629A493521BA25CEACA474B3558ED37 ft=1 fh=86f2a7c08fc69591 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI91E5.tmp" sh=ECDA90B8E629A493521BA25CEACA474B3558ED37 ft=1 fh=86f2a7c08fc69591 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSIB76F.tmp" sh=ECDA90B8E629A493521BA25CEACA474B3558ED37 ft=1 fh=86f2a7c08fc69591 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSIDEDC.tmp" sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe" sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe" sh=860EFD5893E4DD4E820227B7DEAD144F974456AC ft=1 fh=c0b9ed8dfe12ffb8 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application" ac=I fn="H:\Cheat Engine 6.4\standalonephase1.dat" sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="H:\raniakhaled\AppData\LocalLow\ToggleEN\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
  15. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by owner at 2015-03-19 21:05:32 Running from C:\Users\owner\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC} FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2.0 (HKLM-x32\...\Free Video to GIF Converter_is1) (Version: 2.0 - www.video-gif-converter.com) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.2 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated) Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.) Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden Afterfall InSanity Extended Edition (HKLM-x32\...\Steam App 224420) (Version: - Intoxicate Studios) Akamai NetSession Interface (HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment) AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Archeblade (HKLM-x32\...\Steam App 207230) (Version: - CodeBrush Games) Ascend: Hand of Kul (HKLM-x32\...\Steam App 233630) (Version: - Signal Studios) Assassin's Creed Liberation (HKLM-x32\...\Steam App 260210) (Version: - Ubisoft Sofia) Athan Basic 3.9 (HKLM-x32\...\Athan) (Version: - ) Avidemux 2.6 (HKLM-x32\...\Avidemux 2.6 (64-bit)) (Version: 2.6.1.8321 - ) Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB) BitTorrent Sync (HKLM\...\BitTorrent Sync) (Version: 1.4.106 - BitTorrent Inc.) BlackBerry 10 Desktop Software (HKLM-x32\...\{ddaa6aab-c1ec-45ea-a8f2-a95d10f57295}) (Version: 1.1.0.21 - BlackBerry) BlackBerry Blend (x32 Version: 1.1.0.17 - BlackBerry Ltd.) Hidden BlackBerry Communication Drivers (x32 Version: 8.0.0.118 - BlackBerry Ltd.) Hidden BlackBerry Desktop Software 6.0 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.0.0.40 - Research In Motion Ltd.) BlackBerry Desktop Software 6.0 (x32 Version: 6.0.0.40 - Research In Motion Ltd.) Hidden BlackBerry Device Drivers (x32 Version: 8.0.0.118 - BlackBerry Ltd.) Hidden BlackBerry Device Software Updater (HKLM-x32\...\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}) (Version: 6.0.1.37 - Research In Motion Ltd) BlackBerry Link (x32 Version: 1.2.4.27 - BlackBerry) Hidden BlackBerry Link Remover (x32 Version: 1.2.4.0 - BlackBerry Ltd.) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Box Sync (x32 Version: 4.0.5059.0 - Box Inc.) Hidden Capsized (HKLM-x32\...\Steam App 95300) (Version: - Alientrap Games Inc) CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) Combined Community Codec Pack 2013-03-25 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.03.25.0 - CCCP Project) Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo) COMODO Internet Security Premium (HKLM\...\{5969857A-B3B6-4CB8-8AC0-240E1A099246}) (Version: 6.2.23257.2860 - COMODO Security Solutions Inc.) Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu) CPUID HWMonitor 1.17 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) CrystalDiskInfo 5.6.2 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) Dead Space 2 (HKLM-x32\...\Steam App 47780) (Version: - Visceral Games) Dead Space™ (HKLM-x32\...\{4D87DC92-C328-46EC-A7B4-9C88129DC696}) (Version: 1.0.222.0 - Electronic Arts) Defy Gravity (HKLM-x32\...\Steam App 96100) (Version: - Fish Factory Games) Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal) Dropbox (HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) F.E.A.R. 3 (HKLM-x32\...\Steam App 21100) (Version: - Day 1 Studios) ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - ) Fraps (HKLM-x32\...\Fraps) (Version: - ) Fraps v3.5.99 Build 15618 (HKLM-x32\...\Fraps v3.5.99 Build 156183.5.99) (Version: 3.5.99 - Friends in War) Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated) Gateway MyBackup (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems) Gateway Photo Frame 4.2.3.10 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.10 - I/O Interconnect) Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Gateway Incorporated) Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated) Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0812 - Gateway Incorporated) GeekBuddy (HKLM-x32\...\{79B9250E-3714-4877-A2B0-D6C1E93E471A}) (Version: 4.18.121 - Comodo Security Solutions Inc) Geeks3D FurMark 1.11.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D) GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Haunted Memories (HKLM-x32\...\Steam App 241640) (Version: - MadMan Theory Games) HAWKEN (HKLM-x32\...\Steam App 271290) (Version: - Adhesive Games) HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software) Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto) Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive) Hitman: Sniper Challenge (HKLM-x32\...\Steam App 205930) (Version: - IO Interactive) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Gateway Incorporated) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 5.3.7220 - Paramount Software (UK) Ltd.) Hidden Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios) Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Malwarebytes Secure Backup (HKLM-x32\...\{E8FF0AA9-9733-49D5-86B9-3FB75F9E4D60}) (Version: 5.12.2.745 - Malwarebytes Corporation) Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) mIRC (HKLM-x32\...\mIRC) (Version: 7.36 - mIRC Co. Ltd.) MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.) Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) My Game Long Name (HKLM\...\UDK-1a6e4662-05e2-467c-8767-e5bfa4e772ae) (Version: - Epic Games, Inc.) My Game Long Name (HKLM\...\UDK-bf4c8c01-ee7b-4545-b8ee-10ff3b24cfa7) (Version: - Epic Games, Inc.) My Game Long Name (HKLM\...\UDK-c0d7074c-7bb9-4072-b161-69ae0f7861ae) (Version: - Epic Games, Inc.) MyFreeCodec (HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\MyFreeCodec) (Version: - ) NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version: - CyberConnect 2) NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version: - NCsoft) Nero 9 Essentials (HKLM-x32\...\{f531dd03-45ef-45e9-ab97-2a0ab4f14907}) (Version: - Nero AG) No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version: - No More Room in Hell Team) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - ) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.) osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.) PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software) PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden Personal Finances Pro v5.2 (HKLM-x32\...\Personal Finances Pro_is1) (Version: - Alzex) PrivDog (HKLM-x32\...\PrivDog) (Version: 2.1.0.23 - privdog.com) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert) RAGE (HKLM-x32\...\Steam App 9200) (Version: - id Software) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - ) RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Rise of Incarnates (HKLM-x32\...\Steam App 258160) (Version: - BANDAI NAMCO Studio) Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Sandboxie 3.76 (64-bit) (HKLM\...\Sandboxie) (Version: 3.76 - SANDBOXIE L.T.D) Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Space Engineers (HKLM-x32\...\Steam App 244850) (Version: - Keen Software House) Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform) Spotify (HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Strike Vector (HKLM-x32\...\Steam App 246700) (Version: - Ragequit Corporation) Sunless Sea (HKLM-x32\...\Steam App 304650) (Version: - Failbetter Games) System Requirements Lab (HKLM-x32\...\{9E1BAB75-EB78-440D-94C0-A3857BE2E733}) (Version: 4.1.71.0 - Husdawg, LLC) System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC) System Requirements Lab Detection (HKLM-x32\...\{9BB01E26-0A22-4458-96FD-6679895902B5}) (Version: 2.2.1.0 - Husdawg, LLC) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl) The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe) The Swapper (HKLM-x32\...\Steam App 231160) (Version: - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano) Transistor (HKLM-x32\...\Steam App 237930) (Version: - Supergiant Games) Unity Web Player (HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft) Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.7.0 - Flagship Industries, Inc.) Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment) Waterfox 34.0 (x64 en-US) (HKLM\...\Waterfox 34.0 (x64 en-US)) (Version: 34.0 - Mozilla) Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3008 - Gateway Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation) WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH) XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games) Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{1EAE75EA-588A-11DF-91A3-CA6ADFD72085}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 15-03-2015 19:00:48 Windows Backup 17-03-2015 11:25:34 Windows Update 19-03-2015 02:36:08 Checkpoint by HitmanPro 19-03-2015 02:38:59 Checkpoint by HitmanPro ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2014-09-30 17:26 - 00449906 ___RA C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {025925D6-D454-495F-B554-064F897C8EEF} - System32\Tasks\{B004BB46-FB3E-4483-9AF3-41C187389736} => pcalua.exe -a "C:\Program Files (x86)\Vuze\uninstall.exe" Task: {08CC10A5-B291-45EC-BC1D-EB3CB4967EE5} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe Task: {148AA2B4-236E-4860-B3D5-AB6B468BA323} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-02-11] (Microsoft Corporation) Task: {194E1267-2C6E-4E0D-A44A-E5BFB52889A8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {23AEA264-4204-4F42-A1A5-AE9BF8321FF7} - System32\Tasks\RunOW => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe Task: {24879911-F2A9-4ECF-B5FF-1E54A556B671} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {2727A816-AFD4-4FCC-84F1-0BFE4626E9B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.) Task: {2FEB615E-7DE2-4218-B533-DBB6D6E96ACE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {316711A0-E0C8-49C3-8969-1DAE50FBE7EA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-02-11] (Microsoft Corporation) Task: {3313B13F-5D56-4159-A600-310E71B5A756} - System32\Tasks\{1C84E84E-7E52-4311-B3DE-822926149A55} => Firefox.exe http://ui.skype.com/ui/0/5.3.0.116/en/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled Task: {417BF047-9F3A-4C5E-A0A6-13CC0A3CF1DF} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO) Task: {42A1B290-4ECF-443D-8C9A-574E507E47EA} - System32\Tasks\Microsoft Office 15 Sync Maintenance for owner-PC-owner owner-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-03-11] (Microsoft Corporation) Task: {451134EF-8666-4C34-B90C-44EAB1696642} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2015-02-11] (Microsoft Corporation) Task: {4EA88396-1695-4161-8316-EB502B900BA8} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO) Task: {5070C93A-FA34-4BF3-A353-7E76224299D2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3519416599-1403306863-3896355811-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {56EE59C2-C447-4491-BCA9-66C4B7FCC77B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO) Task: {5C924340-798A-40D8-89FE-B5D583693F36} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3519416599-1403306863-3896355811-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {67812F76-62EB-4D1D-A977-1329D57BBCA5} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3519416599-1403306863-3896355811-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {69435B4C-0732-495E-9721-F6F40ED560E4} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO) Task: {6D657874-7223-4DF7-BE96-A64506040EB8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {6FD7E877-8DD6-4743-8C11-39D220C494DD} - System32\Tasks\AdobeAAMUpdater-1.0-owner-PC-owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated) Task: {74AAA1E9-4143-4020-9F8F-58AE7DFF942D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd) Task: {7B7517D1-8C32-40F5-99CC-938B36DC03C7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3519416599-1403306863-3896355811-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {7BCB9C0F-7BD0-4C66-A2E5-51990523B161} - System32\Tasks\GoogleUpdateTaskMachineCore1ce7f5a2a0df8c2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.) Task: {82DE18B7-9D3A-4B47-9D9D-2162B8E2916D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {98A8D2EB-FECB-46AD-BF73-C1950BA1D50F} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe Task: {A7781115-1EF3-4D95-8C63-32EDCC9C3033} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3519416599-1403306863-3896355811-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {B00487C5-1D69-4486-A98B-CC3B110A0540} - System32\Tasks\{5310E013-339B-47AC-A929-DD29B646B85E} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.) Task: {B1A25000-AE6B-4815-A65A-EAB5090A5C87} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-02-04] (COMODO) Task: {C59DCC4D-9108-4D16-AC6C-3FFAF3EDBE43} - System32\Tasks\{690CF01E-2700-45D1-B98D-E9ED72251D96} => pcalua.exe -a "C:\Users\owner\Desktop\AirRivals Mods\Uninstall.exe" -d "C:\Users\owner\Desktop\AirRivals Mods" Task: {C896A4E3-52CF-4C99-B897-2DD8FD242E92} - System32\Tasks\{E5D02A03-3B2A-473C-BC8F-C01D58433A05} => pcalua.exe -a C:\Users\owner\Desktop\12sky2_us_20100823.exe -d C:\Users\owner\Desktop Task: {CE73A170-651C-4A83-8373-79983F8861B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.) Task: {D0FA3FF5-B3D7-4FA2-AD70-E99B73DD9381} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3519416599-1403306863-3896355811-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {E99BA766-7F86-44FC-9F52-0B7A445FC48D} - System32\Tasks\Malwarebytes Secure Backup - mdsalam1994@hotmail.com => C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [2014-03-19] (Malwarebytes Secure Backup) Task: {EBA152C2-E882-41E1-9B1E-EDA9279B0744} - System32\Tasks\Online Backup Update Notifier => C:\Program Files (x86)\Malwarebytes Secure Backup\SUpdateNotifier.exe [2014-03-19] (Malwarebytes Secure Backup) Task: {EC64F10F-2A6E-4C3A-BEFE-677E0B3BA2D5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {F95921D0-1D48-4A70-AF9A-F7498FF8C0F7} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe Task: {FC7718AD-75B9-449E-957C-E24E5145AC01} - System32\Tasks\PlayClaw 3 => C:\Program Files (x86)\PlayClaw3\PlayClaw3.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce7f5a2a0df8c2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Malwarebytes Secure Backup - mdsalam1994@hotmail.com.job => C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe3 backupnow mdsalam1994@hotmail.com Task: C:\Windows\Tasks\Online Backup Update Notifier.job => C:\Program Files (x86)\Malwarebytes Secure Backup\SUpdateNotifier.exe ==================== Loaded Modules (whitelisted) ============== 2015-01-21 16:01 - 2015-01-21 16:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2010-06-18 08:28 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2015-02-03 17:14 - 2015-02-03 17:14 - 00102912 _____ () H:\SyncShellContextMenu.dll 2011-10-02 15:20 - 2013-07-29 13:19 - 04287536 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe 2012-01-10 14:41 - 2014-09-25 17:15 - 00567880 _____ () H:\puush.exe 2014-05-25 10:18 - 2015-03-12 20:46 - 00036536 _____ () H:\Rainmeter.exe 2014-05-25 10:18 - 2014-05-25 10:18 - 00747192 _____ () H:\Rainmeter.dll 2014-03-19 14:25 - 2014-03-19 14:25 - 00035224 _____ () C:\Program Files (x86)\Malwarebytes Secure Backup\SOS.SharedEverywhere.dll 2014-03-19 14:25 - 2014-03-19 14:25 - 00037272 _____ () C:\Program Files (x86)\Malwarebytes Secure Backup\SOS.Contracts.CentralManagement.dll 2012-05-25 06:51 - 2014-05-29 01:55 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-03-19 14:25 - 2014-03-19 14:25 - 00040344 _____ () C:\Program Files (x86)\Malwarebytes Secure Backup\SOS.Utils.Rc.dll 2014-03-19 14:25 - 2014-03-19 14:25 - 00019864 _____ () C:\Program Files (x86)\Malwarebytes Secure Backup\SOS.Contracts.RemoteControl.dll 2009-12-13 22:19 - 2009-12-09 05:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe 2013-04-15 18:39 - 2013-04-15 18:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-01-21 16:01 - 2015-01-21 16:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-03-04 18:08 - 2015-03-04 18:08 - 00750080 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-19 12:20 - 2015-03-19 12:20 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk2iuzy.dll 2015-03-04 18:08 - 2015-03-04 18:08 - 00047616 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 18:08 - 2015-03-04 18:08 - 00865280 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 18:07 - 2015-03-04 18:07 - 00200704 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2009-06-12 19:37 - 2009-06-12 19:37 - 00032768 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll 2009-06-12 19:37 - 2009-06-12 19:37 - 00025088 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll 2009-02-02 21:33 - 2009-02-02 21:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll 2009-08-22 19:18 - 2004-12-25 06:37 - 00258121 _____ () C:\Program Files (x86)\Athan\vbh.dll 2009-08-22 19:18 - 2010-03-08 15:08 - 00282697 _____ () C:\Program Files (x86)\Athan\vbp.dll 2009-08-22 19:18 - 2004-03-20 08:49 - 00229444 _____ () C:\Program Files (x86)\Athan\vbq.dll 2014-06-18 15:39 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-09-17 23:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-06-18 15:39 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-11-28 12:18 - 2014-11-28 12:18 - 00094208 _____ () C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll 2008-09-28 21:55 - 2008-09-28 21:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll 2014-12-04 19:40 - 2014-12-04 19:40 - 00788728 _____ () C:\Program Files (x86)\BlackBerry\BlackBerry Blend\libGLESv2.dll 2014-12-04 19:40 - 2014-12-04 19:40 - 00055544 _____ () C:\Program Files (x86)\BlackBerry\BlackBerry Blend\libEGL.dll 2015-02-05 02:23 - 2015-02-05 02:23 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll 2013-03-30 11:17 - 2011-09-08 15:01 - 00556032 _____ () C:\Program Files (x86)\Combined Community Codec Pack\Filters\Haali\splitter.ax 2013-03-30 11:17 - 2011-09-08 14:59 - 00080384 _____ () C:\Program Files (x86)\Combined Community Codec Pack\Filters\Haali\mkzlib.dll 2013-03-30 11:17 - 2011-09-08 14:59 - 00024576 _____ () C:\Program Files (x86)\Combined Community Codec Pack\Filters\Haali\mkunicode.dll 2013-03-30 11:17 - 2011-09-08 15:00 - 00150528 _____ () C:\Program Files (x86)\Combined Community Codec Pack\Filters\Haali\mkx.dll 2013-03-30 11:17 - 2013-03-22 16:32 - 00450102 _____ () C:\Program Files (x86)\Combined Community Codec Pack\Filters\LAVFilters\avutil-lav-52.dll 2013-03-30 11:17 - 2013-03-22 16:32 - 07891323 _____ () C:\Program Files (x86)\Combined Community Codec Pack\Filters\LAVFilters\avcodec-lav-55.dll 2013-03-30 11:17 - 2013-03-22 16:32 - 00476038 _____ () C:\Program Files (x86)\Combined Community Codec Pack\Filters\LAVFilters\swscale-lav-2.dll 2013-03-30 11:17 - 2013-03-22 16:32 - 00248505 _____ () C:\Program Files (x86)\Combined Community Codec Pack\Filters\LAVFilters\avfilter-lav-3.dll 2013-03-08 14:06 - 2012-04-09 01:40 - 03470848 _____ () C:\Program Files (x86)\ffdshow\ffdshow.ax 2013-03-30 11:17 - 2013-03-22 16:32 - 01437866 _____ () C:\Program Files (x86)\Combined Community Codec Pack\Filters\LAVFilters\avformat-lav-55.dll 2013-03-30 11:17 - 2013-03-22 16:32 - 00236069 _____ () C:\Program Files (x86)\Combined Community Codec Pack\Filters\LAVFilters\avresample-lav-1.dll 2013-03-12 17:10 - 2015-03-11 20:16 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-10 02:02 - 2014-12-01 20:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-01-10 02:02 - 2015-01-10 02:03 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-10 02:02 - 2015-01-10 02:03 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-05-21 23:38 - 2015-03-19 20:11 - 02370752 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-28 16:27 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-28 16:27 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-28 16:27 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-28 16:27 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-08-28 16:27 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2012-05-24 20:47 - 2015-03-19 18:37 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2012-05-24 20:47 - 2015-02-25 01:28 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2014-08-14 21:04 - 2015-02-24 21:58 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\VEN2232.OLB:$CmdTcID AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xliveinstallhost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\blackberryncm6_AMD64.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\RimUsb_AMD64.sys:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\001.jpg:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\008-06-005E.pdf:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\1425626594441.gif:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\adwcleaner_4.112.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\adwcleaner_4.112.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\BlackBerryDesktopSoftware1_1_b29.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\BlackBerryDesktopSoftware1_1_b29.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\ChromeSetup.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Digital-Licence-11098442.pdf:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\ENG4CC_Unit1_MSalam.docx:com.dropbox.attributes AlternateDataStreams: C:\Users\owner\Desktop\FRST64.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\FRST64.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\HitmanPro_x64.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\HitmanPro_x64.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\hokage_minato_mobile_wallpaper_by_sl4eva-d8lea28.rar:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\hokage_minato_mobile_wallpaper_by_sl4eva-d8lea28.rar:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Interview_Ticket.pdf:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\JRT.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\JRT.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\JRT_NEW.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\kek.txt:com.dropbox.attributes AlternateDataStreams: C:\Users\owner\Desktop\mbae-setup-1.05.1.1016.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\mbae-setup-1.05.1.1016.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Pearson IT Sims – Module 3- File Management (1).pdf:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Pearson IT Sims – Module 3- File Management (2).pdf:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Pearson IT Sims – Module 3- File Management (3).pdf:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Pearson IT Sims – Module 3- File Management.pdf:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Rainmeter-3.1.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Reading Strategies.pptx:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\RogueKillerX64.exe:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\RogueKillerX64.exe:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\Treatment plan to sign to see Dr. Lawson.zip:$CmdTcID AlternateDataStreams: C:\Users\owner\Desktop\Treatment plan to sign to see Dr. Lawson.zip:$CmdZnID AlternateDataStreams: C:\Users\owner\Desktop\W_CH02_EXPV1_H1.zip:$CmdZnID ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 - 156.154.70.22 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe MSCONFIG\startupreg: PrivDogService => "C:\Program Files (x86)\AdTrustMedia\PrivDog\2.1.0.23\trustedadssvc.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe" ==================== Accounts: ============================= Administrator (S-1-5-21-3519416599-1403306863-3896355811-500 - Administrator - Disabled) Guest (S-1-5-21-3519416599-1403306863-3896355811-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3519416599-1403306863-3896355811-1002 - Limited - Enabled) owner (S-1-5-21-3519416599-1403306863-3896355811-1000 - Administrator - Enabled) => C:\Users\owner ==================== Faulty Device Manager Devices ============= Name: Lexmark X422 Description: Lexmark X422 Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Lexmark Service: usbscan Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Generic- MS/MS-Pro/HG USB Device Description: Disk drive Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard disk drives) Service: disk Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (03/19/2015 00:32:13 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(Invoke_3724E1A42CF145C7_EB1071DDFFCE0B4A._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (03/19/2015 00:32:13 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(Invoke_3724E1A42CF145C7_EB1071DDFFCE0B4A._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (03/19/2015 00:32:13 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(Invoke_3724E1A42CF145C7_EB1071DDFFCE0B4A._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (03/19/2015 00:32:13 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(Invoke_3724E1A42CF145C7_EB1071DDFFCE0B4A._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (03/19/2015 00:19:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Creative Cloud.exe, version: 2.7.1.418, time stamp: 0x53ce4a43 Faulting module name: NEX.dll, version: 2.7.0.413, time stamp: 0x53b4832a Exception code: 0xc0000005 Fault offset: 0x00002308 Faulting process id: 0xd54 Faulting application start time: 0xCreative Cloud.exe0 Faulting application path: Creative Cloud.exe1 Faulting module path: Creative Cloud.exe2 Report Id: Creative Cloud.exe3 System errors: ============= Error: (03/19/2015 08:11:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (03/19/2015 08:11:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (03/19/2015 00:20:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: %%1053 Error: (03/19/2015 00:20:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect. Error: (03/19/2015 00:20:35 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {4A7B0739-7726-42C6-847D-D3E2AF93458A} Error: (03/19/2015 00:20:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: %%1053 Error: (03/19/2015 00:20:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect. Error: (03/19/2015 00:19:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMScheduler service failed to start due to the following error: %%1053 Error: (03/19/2015 00:19:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect. Error: (03/19/2015 00:18:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Malwarebytes Anti-Exploit Service service failed to start due to the following error: %%1053 Microsoft Office Sessions: ========================= Error: (03/19/2015 00:32:13 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(Invoke_3724E1A42CF145C7_EB1071DDFFCE0B4A._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (03/19/2015 00:32:13 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(Invoke_3724E1A42CF145C7_EB1071DDFFCE0B4A._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (03/19/2015 00:32:13 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(Invoke_3724E1A42CF145C7_EB1071DDFFCE0B4A._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (03/19/2015 00:32:13 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(Invoke_3724E1A42CF145C7_EB1071DDFFCE0B4A._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (03/19/2015 00:19:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Creative Cloud.exe2.7.1.41853ce4a43NEX.dll2.7.0.41353b4832ac000000500002308d5401d062604a90b9d9C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\NEX\NEX.dllc713b7ec-ce53-11e4-84da-0290c3150901 ==================== Memory info =========================== Processor: Intel® Core i5 CPU 750 @ 2.67GHz Percentage of memory in use: 54% Total physical RAM: 8151.09 MB Available physical RAM: 3715.75 MB Total Pagefile: 16600.38 MB Available Pagefile: 11281.14 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (Gateway) (Fixed) (Total:476.33 GB) (Free:45.3 GB) NTFS Drive h: (SOME stuff) (Fixed) (Total:438.08 GB) (Free:230.16 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 517E4158) Partition 1: (Not Active) - (Size=17 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=476.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=438.1 GB) - (Type=OF Extended) ==================== End Of Log ============================
  16. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 19/03/2015 Scan Time: 8:26:06 PM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.03.19.10 Rootkit Database: v2015.02.25.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: owner Scan Type: Threat Scan Result: Completed Objects Scanned: 454672 Time Elapsed: 30 min, 10 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by owner (administrator) on OWNER-PC on 19-03-2015 21:04:14 Running from C:\Users\owner\Desktop Loaded Profiles: owner (Available profiles: owner) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (AMD) C:\Windows\System32\atiesrxx.exe (SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe (Akamai Technologies, Inc.) C:\Users\owner\AppData\Local\Akamai\netsession_win.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe () H:\puush.exe (Akamai Technologies, Inc.) C:\Users\owner\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Spotify Ltd) C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Dropbox, Inc.) C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe () H:\Rainmeter.exe (RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (www.IslamicFinder.org) C:\Program Files (x86)\Athan\Athan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Samsung Electronics Co., Ltd.) H:\Kies\KiesTrayAgent.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Secure Backup\mbsbscan.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe () C:\OEM\USBDECTION\USBS3S4Detection.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (BlackBerry Limited. All rights reserved) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\Blend.exe (BlackBerry Limited. All rights reserved) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\DesktopInvokeProxy.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor) HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297624 2015-02-04] (COMODO) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [295512 2014-01-20] (RealNetworks, Inc.) HKLM-x32\...\Run: [sOSUAUI] => C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [55704 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [sMessaging] => C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe [65432 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-12-18] (BlackBerry Limited) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => H:\Malwarebytes Anti-Exploit\mbae.exe [2561848 2015-03-13] (Malwarebytes Corporation) HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation) HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] () HKLM-x32\...\Run: [Gateway Photo Frame] => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [124416 2009-07-20] (IOI) HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [244480 2009-08-12] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [Athan] => C:\Program Files (x86)\Athan\Athan.exe [1146880 2010-03-27] (www.IslamicFinder.org) HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AccountCreatorRunner] => C:\Program Files (x86)\Malwarebytes Secure Backup\AccountCreatorRunner.exe [22424 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.) HKLM-x32\...\Run: [KiesTrayAgent] => H:\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4857592 2014-12-18] (BlackBerry Limited) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2013-07-29] () HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Run: [blackBerryLink.exe] => C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe [1475320 2014-12-18] (Research In Motion) HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Run: [Akamai NetSession Interface] => C:\Users\owner\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Run: [puush] => H:\puush.exe [567880 2014-09-25] () HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Run: [spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-29] (Spotify Ltd) HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\...\Policies\Explorer: [RestrictRun] 0 Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> H:\Rainmeter.exe () ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => No File ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => No File ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) BootExecute: autocheck autochk * bootdeletesdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3519416599-1403306863-3896355811-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000 -> {2C91ED3A-FFC1-4B89-9601-3448D86B6F8F} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-3519416599-1403306863-3896355811-1000 -> {E8F6233F-31D0-4FCF-8610-E8B7FEA29659} URL = https://www.google.com/search?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation) DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{E25B824F-697C-4F74-B3B2-56FDE4F29F67}: [NameServer] 156.154.70.22,156.154.71.22 FireFox: ======== FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430 FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.) FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-07-29] (Pando Networks) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-01-20] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-01-20] (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-11-28] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems) FF Plugin HKU\S-1-5-21-3519416599-1403306863-3896355811-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-06] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3519416599-1403306863-3896355811-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-07-29] (Pando Networks) FF Plugin HKU\S-1-5-21-3519416599-1403306863-3896355811-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-05-15] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-21] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2014-01-20] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2014-01-20] (RealPlayer) FF SearchPlugin: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\searchplugins\youtube.xml [2015-02-08] FF Extension: Youtube MP3 Podcaster - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2015-03-12] FF Extension: FT DeepDark - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-02-28] FF Extension: Disconnect - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\2.0@disconnect.me.xpi [2015-02-08] FF Extension: Clear Console - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\clearConsole@penzil.com.xpi [2015-02-08] FF Extension: YouTube Video and Audio Downloader - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-02-08] FF Extension: Ghostery - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\firefox@ghostery.com.xpi [2015-02-08] FF Extension: MEGA - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\firefox@mega.co.nz.xpi [2015-02-08] FF Extension: Noosfeer - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\jid1-BJzLmy1Bk1nR6Q@jetpack.xpi [2015-02-08] FF Extension: Pushbullet - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2015-02-08] FF Extension: Lightbeam - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-02-08] FF Extension: RedditNotifier - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\jid1-jz0wH8To7NqwdQ@jetpack.xpi [2015-02-08] FF Extension: Youtube MP3 Downloader using youtube-mp3.org - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\jid1-xKH0EoS44u1a2w@jetpack.xpi [2015-02-08] FF Extension: Reddit Enhancement Suite - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2015-02-08] FF Extension: μ Adblock - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\jid1-yIDO6R3DGl4u2Q@jetpack.xpi [2015-02-08] FF Extension: Stylish - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-02-08] FF Extension: Bluhell Firewall - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-02-08] FF Extension: NoScript - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-08] FF Extension: YouTube High Definition - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2015-02-08] FF Extension: Google Reverse Image Search - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2015-02-08] FF Extension: YouTube HTML5 Player - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{b6b1a201-b252-484f-b9fe-68efbb273fbd}.xpi [2015-02-08] FF Extension: Adblock Plus - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-08] FF Extension: Adblock Edge - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\odzr28wl.default-1423435385430\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-02-08] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-05] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-05] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-20] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.ca/" CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14] CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14] CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-14] CHR Extension: (Adblock Plus) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-13] CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14] CHR Extension: (SoundCloud Download Finder) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggklngmkhplepnjhhnenbgfbeagdfil [2014-12-12] CHR Extension: (Word Online) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2014-11-03] CHR Extension: (Stylish) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-11-14] CHR Extension: (The QR Code Generator) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2014-11-03] CHR Extension: (Dropbox) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-11-03] CHR Extension: (Reddit Enhancement Suite) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-01-14] CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2014-01-29] CHR Extension: (Little Alchemy) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-11-03] CHR Extension: (Auto HD For YouTube™) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-09-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Into The Mist) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2014-11-14] CHR Extension: (Ghostery) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-11-03] CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-14] CHR Extension: (Adblock Pro) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-11-03] CHR Extension: (My Chrome Theme) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-11-03] CHR Extension: (ScriptSafe) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-05-22] CHR Extension: (Outlook.com) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-11-03] CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14] CHR Extension: (http://www.whyislam.org/) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhplojoefipkjmnpanljkoiklgphklf [2014-05-22] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-25] (Avira Operations GmbH & Co. KG) [File not signed] S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-25] (Avira Operations GmbH & Co. KG) [File not signed] R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-12-18] (BlackBerry Limited) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-02-04] (COMODO) R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-02-04] (COMODO) R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.) R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.) R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] S2 MbaeSvc; H:\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2015-03-13] (Malwarebytes Corporation) S2 MBAMScheduler; H:\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S3 Origin Client Service; H:\Origin\OriginClientService.exe [1900400 2014-12-16] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-29] () R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-12-16] (Paramount Software UK Ltd) R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2014-12-18] (Apple Inc.) R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1348344 2014-12-18] (BlackBerry Limited) R2 sagentservice; C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe [41880 2014-03-19] (Malwarebytes Secure Backup) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D) S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-25] (Avira Operations GmbH & Co. KG) S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-12-18] (BlackBerry) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2015-01-30] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-01-30] (COMODO) R1 ESProtectionDriver; H:\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-03-13] () R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-01-30] (COMODO) S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) [File not signed] S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-12-18] (BlackBerry Limited) R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-05-07] (Research in Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed] S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation) S3 ALSysIO; \??\C:\Users\owner\AppData\Local\Temp\ALSysIO64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz136; \??\C:\Users\owner\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] S3 dump_wmimmc; \??\C:\Program Files (x86)\GameGuard\dump_wmimmc.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X] S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 21:04 - 2015-03-19 21:05 - 00040236 _____ () C:\Users\owner\Desktop\FRST.txt 2015-03-19 21:03 - 2015-03-19 21:04 - 00000000 ____D () C:\FRST 2015-03-19 21:01 - 2015-03-19 21:01 - 02095616 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe 2015-03-19 14:57 - 2015-03-19 13:56 - 759024412 _____ () C:\Users\owner\Desktop\[HorribleSubs] Tokyo Ghoul Root A - 11 [1080p].mkv 2015-03-19 13:23 - 2015-03-19 13:23 - 00001310 _____ () C:\Users\owner\Desktop\2.txt 2015-03-19 13:22 - 2015-03-19 21:03 - 00001054 _____ () C:\Users\owner\Desktop\1.txt 2015-03-19 12:19 - 2015-03-19 12:19 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3519416599-1403306863-3896355811-1000 2015-03-19 12:19 - 2015-03-19 12:19 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3519416599-1403306863-3896355811-1000 2015-03-19 03:27 - 2015-03-19 03:27 - 00000600 _____ () C:\Users\Public\Desktop\Shared Space.lnk 2015-03-19 03:00 - 2015-03-19 03:00 - 00001041 _____ () C:\Users\owner\Desktop\JRT.txt 2015-03-19 02:41 - 2015-03-19 02:41 - 01388672 _____ (Thisisu) C:\Users\owner\Desktop\JRT.exe 2015-03-19 02:18 - 2015-03-19 02:17 - 10995632 _____ (SurfRight B.V.) C:\Users\owner\Desktop\HitmanPro_x64.exe 2015-03-18 12:52 - 2015-03-18 12:52 - 00072353 _____ () C:\Users\owner\Desktop\Treatment plan to sign to see Dr. Lawson.zip 2015-03-18 01:15 - 2015-03-19 12:22 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps 2015-03-17 13:03 - 2015-03-17 13:23 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-03-17 13:03 - 2015-03-17 13:03 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-03-17 12:49 - 2015-03-17 12:49 - 18816600 _____ () C:\Users\owner\Desktop\RogueKillerX64.exe 2015-03-17 12:47 - 2015-03-17 12:48 - 00000000 ____D () C:\Users\owner\Desktop\RK_Quarantine 2015-03-17 02:08 - 2015-03-17 02:08 - 00002226 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-17 02:08 - 2015-03-17 02:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-17 02:07 - 2015-03-17 02:07 - 00880208 _____ (Google Inc.) C:\Users\owner\Desktop\ChromeSetup.exe 2015-03-16 12:39 - 2015-03-16 12:39 - 00028446 _____ () C:\Users\owner\Desktop\bookmarks_3_16_15.html 2015-03-15 23:16 - 2015-03-15 23:25 - 00000000 ____D () C:\Users\owner\Desktop\tokyo ghoul 2015-03-15 18:39 - 2015-03-15 19:05 - 00000000 ____D () C:\Users\owner\Desktop\Tokyo Ghoul Zakki 2015-03-15 18:34 - 2015-03-15 18:36 - 524534621 _____ () C:\Users\owner\Desktop\Tokyo Ghoul Zakki.rar 2015-03-14 16:56 - 2015-03-14 16:56 - 02171392 _____ () C:\Users\owner\Desktop\adwcleaner_4.112.exe 2015-03-13 20:34 - 2015-03-13 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-03-13 20:32 - 2015-03-13 20:32 - 02967032 _____ (Malwarebytes ) C:\Users\owner\Desktop\mbae-setup-1.05.1.1016.exe 2015-03-12 20:48 - 2015-03-12 20:49 - 00000000 ____D () C:\Users\owner\Desktop\hue 2015-03-12 20:46 - 2015-03-12 20:47 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Rainmeter 2015-03-12 20:46 - 2015-03-12 20:46 - 02294104 _____ () C:\Users\owner\Desktop\Rainmeter-3.1.exe 2015-03-12 20:46 - 2015-03-12 20:46 - 00000477 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk 2015-03-12 20:46 - 2015-03-12 20:46 - 00000000 ____D () C:\Users\owner\Documents\Rainmeter 2015-03-12 11:33 - 2015-03-12 11:33 - 01217715 _____ () C:\Users\owner\Desktop\hokage_minato_mobile_wallpaper_by_sl4eva-d8lea28.rar 2015-03-11 10:59 - 2015-03-11 11:00 - 160946904 _____ (BlackBerry) C:\Users\owner\Desktop\BlackBerryDesktopSoftware1_1_b29.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 09:30 - 2015-03-11 09:30 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 09:30 - 2015-03-11 09:30 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-11 09:30 - 2015-03-11 09:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 09:30 - 2015-03-11 09:30 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-11 09:30 - 2015-03-11 09:30 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 09:30 - 2015-03-11 09:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 09:30 - 2015-03-11 09:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 09:30 - 2015-03-11 09:30 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 09:30 - 2015-03-11 09:30 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 09:30 - 2015-03-11 09:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-11 09:30 - 2015-03-11 09:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 09:29 - 2015-03-11 09:29 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 09:29 - 2015-03-11 09:29 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 09:29 - 2015-03-11 09:29 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 09:29 - 2015-03-11 09:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 09:29 - 2015-03-11 09:29 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 09:29 - 2015-03-11 09:29 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 09:29 - 2015-03-11 09:29 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 09:29 - 2015-03-11 09:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 09:29 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 09:29 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-10 11:42 - 2014-08-13 12:49 - 21572466 _____ () C:\Users\owner\Desktop\VID_20140813_124924.mp4 2015-03-10 11:42 - 2014-08-13 12:39 - 59065466 _____ () C:\Users\owner\Desktop\VID_20140813_123827.mp4 2015-03-10 11:42 - 2014-07-15 19:25 - 43666008 _____ () C:\Users\owner\Desktop\VID_20140715_192435.mp4 2015-03-10 11:42 - 2014-06-17 18:37 - 36542871 _____ () C:\Users\owner\Desktop\VID_20140617_183646.mp4 2015-03-09 16:48 - 2015-03-09 16:48 - 00000000 __SHD () C:\Users\owner\AppData\Local\EmieBrowserModeList 2015-03-05 22:46 - 2015-03-05 22:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-05 15:47 - 2015-03-05 15:47 - 00000000 ____D () C:\Users\owner\Desktop\New folder 2015-02-25 11:30 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 11:30 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-20 12:04 - 2015-02-20 12:05 - 00000000 ____D () C:\Users\owner\AppData\Roaming\SpaceEngineers 2015-02-19 14:34 - 2015-02-19 14:34 - 00003891 _____ () C:\ads_err.adt 2015-02-19 14:34 - 2015-02-19 14:34 - 00003072 _____ () C:\ads_err.adi 2015-02-19 14:34 - 2015-02-19 14:34 - 00002048 _____ () C:\ads_err.adm 2015-02-17 15:30 - 2015-02-17 15:30 - 01691808 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 21:05 - 2011-10-02 15:20 - 00000000 ____D () C:\Users\owner\AppData\Local\PMB Files 2015-03-19 20:56 - 2013-07-25 17:06 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat 2015-03-19 20:41 - 2010-06-12 15:11 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5D5D5F6B-43BE-4ECD-AF2A-842B28D0ED5E} 2015-03-19 20:28 - 2013-07-12 19:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce7f5a2a0df8c2.job 2015-03-19 20:28 - 2010-11-22 21:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-19 20:23 - 2012-06-06 17:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-19 20:11 - 2012-05-24 20:45 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-03-19 19:57 - 2013-07-20 14:49 - 00251588 _____ () C:\Windows\system32\Drivers\fvstore.dat 2015-03-19 19:42 - 2013-01-23 10:32 - 00000000 ____D () C:\Users\owner\AppData\Roaming\uTorrent 2015-03-19 19:32 - 2014-05-17 10:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-19 13:39 - 2012-01-11 19:13 - 00001771 _____ () C:\Users\owner\AppData\Roaming\Rim.Desktop.Exception.log 2015-03-19 12:33 - 2015-02-12 12:00 - 00004958 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for owner-PC-owner owner-PC 2015-03-19 12:28 - 2014-06-10 09:46 - 00000490 _____ () C:\Windows\Tasks\Online Backup Update Notifier.job 2015-03-19 12:27 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-19 12:27 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-19 12:25 - 2010-04-01 11:55 - 01875272 _____ () C:\Windows\WindowsUpdate.log 2015-03-19 12:21 - 2014-03-20 14:38 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Dropbox 2015-03-19 12:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-19 12:17 - 2009-07-14 00:51 - 00210160 _____ () C:\Windows\setupact.log 2015-03-19 02:40 - 2015-01-25 22:32 - 01388672 _____ (Thisisu) C:\Users\owner\Desktop\JRT_NEW.exe 2015-03-19 02:01 - 2014-08-28 02:00 - 00000000 ____D () C:\Users\owner\AppData\Local\Adobe 2015-03-17 13:33 - 2009-07-14 01:13 - 00903444 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-17 11:15 - 2009-12-01 05:14 - 14468314 _____ () C:\Windows\PFRO.log 2015-03-17 02:08 - 2010-06-19 09:40 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-16 13:31 - 2014-05-03 17:28 - 00000000 ____D () C:\AdwCleaner 2015-03-15 21:12 - 2014-07-18 18:28 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2015-03-13 17:13 - 2014-09-11 14:03 - 00000132 _____ () C:\Users\owner\AppData\Roaming\Adobe PNG Format CC Prefs 2015-03-12 21:40 - 2015-02-12 12:19 - 00000000 ____D () C:\Users\owner\Documents\Outlook Files 2015-03-12 17:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2015-03-12 10:09 - 2014-06-10 10:10 - 00000530 _____ () C:\Windows\Tasks\Malwarebytes Secure Backup - mdsalam1994@hotmail.com.job 2015-03-12 09:27 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-11 14:39 - 2014-03-01 23:32 - 00000000 ____D () C:\Users\owner\Desktop\Writing Portfolio 2015-03-11 12:03 - 2009-07-14 00:45 - 05163488 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 11:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-11 11:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-11 11:46 - 2015-02-11 23:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-03-11 11:46 - 2009-12-01 04:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-11 11:35 - 2013-07-13 10:39 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 11:35 - 2009-07-13 22:34 - 00000531 _____ () C:\Windows\win.ini 2015-03-11 11:23 - 2010-06-11 11:52 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-11 09:08 - 2014-03-20 14:38 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-09 16:47 - 2013-12-10 16:14 - 00008798 _____ () C:\Windows\IE11_main.log 2015-03-06 10:18 - 2010-09-09 23:03 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-03-06 10:08 - 2012-05-03 09:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-05 15:45 - 2014-12-29 11:53 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Spotify 2015-03-04 22:18 - 2011-01-20 00:11 - 00000000 ____D () C:\Users\owner\Desktop\Stuff 2015-02-27 20:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-02-26 01:36 - 2014-08-28 21:36 - 00000000 ____D () C:\Users\owner\AppData\Roaming\vlc ==================== Files in the root of some directories ======= 2014-06-17 21:01 - 2014-06-17 21:01 - 6010880 _____ () C:\Program Files (x86)\GUT7154.tmp 2014-06-21 09:02 - 2014-06-21 09:03 - 6010880 _____ () C:\Program Files (x86)\GUT74B3.tmp 2012-12-22 02:01 - 2009-07-17 13:37 - 0606208 _____ (~Tag-X~) C:\Program Files (x86)\Res-X.exe 2014-09-11 14:03 - 2015-03-13 17:13 - 0000132 _____ () C:\Users\owner\AppData\Roaming\Adobe PNG Format CC Prefs 2012-12-18 20:12 - 2013-02-28 19:51 - 0000546 _____ () C:\Users\owner\AppData\Roaming\All CPU MeterV3_Settings.ini 2013-07-07 17:59 - 2013-07-07 18:00 - 0001080 _____ () C:\Users\owner\AppData\Roaming\Network Meter_Settings.ini 2013-07-07 19:23 - 2013-07-07 19:23 - 0000020 _____ () C:\Users\owner\AppData\Roaming\Network Meter_Usage.ini 2012-01-11 19:13 - 2015-03-19 13:39 - 0001771 _____ () C:\Users\owner\AppData\Roaming\Rim.Desktop.Exception.log 2012-01-11 19:12 - 2012-01-11 19:12 - 0000807 _____ () C:\Users\owner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2010-10-25 16:05 - 2011-11-20 23:08 - 0000202 _____ () C:\Users\owner\AppData\Roaming\wklnhst.dat 2014-10-01 18:57 - 2014-10-01 18:57 - 0001456 _____ () C:\Users\owner\AppData\Local\Adobe Save for Web 13.0 Prefs 2013-07-20 02:45 - 2013-07-20 02:45 - 0180431 _____ () C:\Users\owner\AppData\Local\ars.cache 2013-07-20 02:45 - 2013-07-20 02:45 - 0938638 _____ () C:\Users\owner\AppData\Local\census.cache 2010-08-12 13:41 - 2014-12-09 01:01 - 0010240 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-20 02:33 - 2013-07-20 02:33 - 0000036 _____ () C:\Users\owner\AppData\Local\housecall.guid.cache 2010-06-23 13:03 - 2014-10-31 02:37 - 0007638 _____ () C:\Users\owner\AppData\Local\Resmon.ResmonCfg 2010-06-19 09:46 - 2010-06-19 09:46 - 0000056 ____H () C:\ProgramData\ezsidmv.dat Files to move or delete: ==================== C:\Users\owner\Network_Meter_Data.js Some content of TEMP: ==================== C:\Users\owner\AppData\Local\Temp\dllnt_dump.dll C:\Users\owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk2iuzy.dll C:\Users\owner\AppData\Local\Temp\Quarantine.exe C:\Users\owner\AppData\Local\Temp\sqlite3.dll Some zero byte size files/folders: ========================== C:\Windows\System32\MSVCR71.DLL ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-15 00:53 ==================== End Of Log ============================
  17. I've litterly tried everything, JRT, MAB, SBS&D and Adwarecleaner. This thing is NOT going away. I tried reinstalling Chrome but it's still there with a new install Help please 1.txt 2.txt
  18. I ran a scan with MAB today and found 2 objects, both are PUP wiseconverts, I deleted those and restarted my computer, I then went to run Adware cleaner just to be safe. Heres a log, is it safe to delete these? as in if I DO delete this something gets curropted? Help is appriciated. thanks AdwCleanerR4.txt
  19. Hi, I've quarantined Spigot, but prior to this I haven't had problems like being redirected. It says it's Registry Key, does this mean that it contains some essential for windows 7 that I shouldn't delete? Here;s the log. ThanksPUP.spigot.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.