Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP!!! removing Backdoor.Win32.CmjSpy (A)


  • This topic is locked This topic is locked
10 replies to this topic

#1 Crisbeq

Crisbeq

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 01 March 2014 - 06:42 PM

I am totally stuck with this bl**dy virus/Trojan! I am at the end of my tether.......

 

I have run Emisoft anti malware, which reports back to me with a diagnosis that I have 'Backdoor.Win32.CmjSpy (A) which is a high risk registry key apparently. This appears to be a nasty bit of 'software' if I believe what Emisoft say....

 

Having run various online Virus killers and malware scanners, its still there. Any ideas please?

 

Thanks in advance

 

Crisbeq



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 02 March 2014 - 06:18 AM

Hi,

can you please post up the full report of Emsisoft Anti-Malware? I need to see what exactly has been found.
And also run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Crisbeq

Crisbeq
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 02 March 2014 - 06:58 AM

Hi Aharonov

 

Thanks in advance for you reponse. The logs requested are;

 

EMISOFT ANTI-MALWARE

 

Emsisoft Anti-Malware - Version 8.1
Last update: 01/03/2014 15:44:46
User account: Aquarium\Neil

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, E:\, F:\

Detect PUPs: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 02/03/2014 11:28:11
C:\Users\Neil\AppData\Local\genienext  detected: Application.AdGenie (A)
C:\Users\Neil\AppData\Local\Mobogenie  detected: Application.AdGenie (A)
C:\Users\Neil\My Documents\Mobogenie  detected: Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MOBOGENIEADD  detected: Application.AdGenie (A)
C:\Users\Neil\AppData\Roaming\digitalsite  detected: Application.AppInstall (A)
C:\Users\Neil\AppData\Roaming\dsite  detected: Application.AppInstall (A)
C:\Users\Neil\AppData\Roaming\dvdvideosoftiehelpers  detected: Application.AppInstall (A)
C:\ProgramData\pc optimizer pro  detected: Application.AppInstall (A)
C:\Users\Neil\AppData\Local\apn  detected: Application.AppInstall (A)
C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd  detected: Application.InstallExt (A)
C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp  detected: Application.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.BANDOBJECTATTRIBUTE  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.DOCKINGPANEL  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.IESMARTBAR  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.IESMARTBARBANDOBJECT  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.SMARTBARDISPLAYSTATE  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.SMARTBARMENUFORM  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SCRIPTHELPER.SCRIPTHELPERAPI  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SCRIPTHELPER.SCRIPTHELPERAPI.1  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE.1  detected: Application.AdReg (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS -> {ACAA314B-EEBA-48E4-AD47-84E31C44796C}  detected: Application.FireExt (A)
Key: HKEY_USERS\S-1-5-21-2173030873-2861752262-2005351207-1000\SOFTWARE\ILIVID  detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2173030873-2861752262-2005351207-1000\SOFTWARE\SOFTONIC  detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\BABYLON  detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\IB UPDATER  detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\DLNEMBNFBCPJNEPMFJMNGJENHHAJPDFD  detected: Application.WebExt (A)
Key: HKEY_USERS\S-1-5-21-2173030873-2861752262-2005351207-1004\SOFTWARE\INSTALLCORE  detected: Application.AdTool (A)
Key: HKEY_USERS\S-1-5-21-2173030873-2861752262-2005351207-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}  detected: Application.AdSome (A)
C:\Program Files (x86)\Conduit  detected: Application.AppInstall (A)
C:\Users\Neil\AppData\Local\SwvUpdater  detected: Application.AppInstall (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> MONITOR  detected: Backdoor.Win32.CmjSpy (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\DATAMNGR  detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2173030873-2861752262-2005351207-1000\SOFTWARE\CONDUIT  detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2173030873-2861752262-2005351207-1000\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}  detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2173030873-2861752262-2005351207-1000\SOFTWARE\DSITEPRODUCTS  detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2173030873-2861752262-2005351207-1000\SOFTWARE\INSTALLEDBROWSEREXTENSIONS  detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2173030873-2861752262-2005351207-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}  detected: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}  detected: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}  detected: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\ESRV.EXE  detected: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROD.CAP  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\INSTALLCORE  detected: Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32  detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS  detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MYBABYLONTB_RASAPI32  detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MYBABYLONTB_RASMANCS  detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TASKSCHEDULER_RASAPI32  detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TASKSCHEDULER_RASMANCS  detected: Application.Win32.InstallExt (A)

Scanned 206259
Found 63

Scan end: 02/03/2014 11:44:08
Scan time: 0:15:57

 

FABAR - FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2014 01
Ran by Neil (administrator) on AQUARIUM on 02-03-2014 11:51:10
Running from C:\Users\Neil\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(LeapFrog Enterprises, Inc.) E:\Program Files (x86)\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\HTC Home\Clock.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
() C:\Users\Neil\Documents\GIGABYTE\AIVIA GHOST\Tilt.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
() C:\Users\Neil\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(LeapFrog Enterprises, Inc.) E:\Program Files (x86)\LeapFrog Connect\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Windows\system32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [LogiScrollApp] - C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2486296 2014-03-02] ()
HKLM-x32\...\Run: [Tilt] - C:\Users\Neil\Documents\GIGABYTE\AIVIA GHOST\Tilt.exe [733184 2013-06-28] ()
HKLM-x32\...\Run: [ghost] - C:\Users\Neil\Documents\GIGABYTE\AIVIA GHOST\ghostopen.exe [191488 2012-09-18] ()
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Monitor] - E:\Program Files (x86)\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-01] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2173030873-2861752262-2005351207-1000\...\Run: [Clock Widget (HTC Home)] - C:\Program Files (x86)\HTC Home\Clock.exe [2036736 2011-11-28] ()
HKU\S-1-5-21-2173030873-2861752262-2005351207-1000\...\Run: [SpyEmergency] - C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
HKU\S-1-5-21-2173030873-2861752262-2005351207-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2173030873-2861752262-2005351207-1000\...\MountPoints2: {4b70f0ef-543c-11e2-b89e-bc5ff420bf90} - K:\LaunchU3.exe -a
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-02-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll => "c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll" File Not Found
AppInit_DLLs-x32: , c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1384560494&from=cor&uid=WDCXWD3200AAKS-00L9A0_WD-WCAV2A92109421094&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1384560494&from=cor&uid=WDCXWD3200AAKS-00L9A0_WD-WCAV2A92109421094&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1384560494&from=cor&uid=WDCXWD3200AAKS-00L9A0_WD-WCAV2A92109421094&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1384560494&from=cor&uid=WDCXWD3200AAKS-00L9A0_WD-WCAV2A92109421094&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1384560494&from=cor&uid=WDCXWD3200AAKS-00L9A0_WD-WCAV2A92109421094&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEtBtD0B0FzytDyD0BtDtCtN0D0Tzu0CyCtDtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=162405395&ir=
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1384560494&from=cor&uid=WDCXWD3200AAKS-00L9A0_WD-WCAV2A92109421094&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=GB&userid=0c833ce0-f80c-4244-af93-ac2a5ffd9185&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 - {37065DF9-CD0B-40CF-A6C8-F5A4D331349B URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEtBtD0B0FzytDyD0BtDtCtN0D0Tzu0CyCtDtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=162405395&ir=
SearchScopes: HKLM-x32 - {3EA4492C-38A8-0C19-EC6E-6EA579F1BF60} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319612&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE2F282AC-5729-4AC0-AA0E-7669A9D4099B&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319612&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE2F282AC-5729-4AC0-AA0E-7669A9D4099B&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {3704C18F-1EC3-AAAD-DB7C-225ED3A5B44E} URL =
BHO: Weather It Up - {11111111-1111-1111-1111-110411911136} - C:\Program Files (x86)\Weather It Up\Weather It Up-bho64.dll No File
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll No File
BHO: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEtBtD0B0FzytDyD0BtDtCtN0D0Tzu0CyCtDtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=162405395&ir="
CHR DefaultSearchKeyword: isearch.avg.com
CHR DefaultSearchURL: http://isearch.avg.com/search?cid={DD7CF73F-1A00-49F9-8D0F-EF9F4065960E}&mid=7a9a88d417f047d098fa6d16b2c45663-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=gf011&pr=sa&d=2013-09-04 22:01:40&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-17]
CHR Extension: (Google Search) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-17]
CHR Extension: (No Name) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2012-11-03]
CHR Extension: (No Name) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp [2013-09-11]
CHR Extension: (Gmail) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-17]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-05-17]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Neil\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2012-05-17]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-05-17]
CHR HKLM-x32\...\Chrome\Extension: [geooogfhpjdpeiphckpbgkhpbeobcaoi] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-09-06]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx [2012-09-06]

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-16] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-01] (AVAST Software)
R2 LeapFrog Connect Device Service; E:\Program Files (x86)\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S4 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2010-10-29] (Nero AG)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-01] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [1142768 2014-01-24] (Paramount Software UK Ltd)
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [19456 2013-06-05] (Clarus, Inc.)
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-08] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-08-25] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-04-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-04-28] (Emsisoft GmbH)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-03-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-01] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-01] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-16] (Emsisoft GmbH)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\atBIOS\GPCIDrv64.sys [14376 2010-02-04] ()
S3 GPUZ; C:\Windows\TEMP\GPUZ.sys [27008 2013-10-21] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2014-02-02] (Nicomsoft Ltd.)
R3 ALSysIO; \??\C:\Users\Neil\AppData\Local\Temp\ALSysIO64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 EtronHub3; System32\Drivers\EtronHub3.sys [X]
S3 EtronXHCI; System32\Drivers\EtronXHCI.sys [X]
S1 fstknsdj; \??\C:\Windows\system32\drivers\fstknsdj.sys [X]
S1 kimdfhbr; \??\C:\Windows\system32\drivers\kimdfhbr.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-02 11:51 - 2014-03-02 11:51 - 00020132 _____ () C:\Users\Neil\Desktop\FRST.txt
2014-03-02 11:48 - 2014-03-02 11:51 - 00000000 ____D () C:\FRST
2014-03-02 11:47 - 2014-03-02 11:47 - 02156544 _____ (Farbar) C:\Users\Neil\Desktop\FRST64.exe
2014-03-02 11:44 - 2014-03-02 11:44 - 00015554 _____ () C:\Users\Neil\Desktop\a2scan_140302-112811.txt
2014-03-01 22:49 - 2014-03-01 22:49 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\QuickScan
2014-03-01 22:47 - 2014-03-01 22:48 - 00000000 ___HD () C:\Windows\AxInstSV
2014-03-01 20:56 - 2014-03-01 20:56 - 00000085 _____ () C:\Windows\wininit.ini
2014-03-01 20:13 - 2014-03-01 20:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-01 20:13 - 2014-03-01 20:13 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-01 18:02 - 2014-03-01 18:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-01 18:02 - 2014-03-01 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-01 16:56 - 2014-03-01 16:56 - 00000000 ____D () C:\Users\Neil\AppData\Local\SpyZooka
2014-03-01 16:55 - 2014-03-01 16:57 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyZooka
2014-03-01 16:06 - 2014-03-01 16:27 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-01 16:06 - 2014-03-01 16:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-01 16:06 - 2014-03-01 16:06 - 00000000 _____ () C:\autoexec.bat
2014-03-01 14:16 - 2014-03-01 14:16 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\AVAST Software
2014-03-01 14:15 - 2014-03-01 20:05 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-01 14:15 - 2014-03-01 14:15 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-01 14:15 - 2014-03-01 14:15 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-01 14:15 - 2014-03-01 14:15 - 00001976 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-01 14:14 - 2014-03-01 14:14 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-28 20:41 - 2014-02-28 20:41 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-28 20:40 - 2014-02-08 16:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-02-28 20:38 - 2014-02-08 18:34 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-28 20:38 - 2014-02-08 18:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-02-28 18:38 - 2014-02-28 18:38 - 00000000 ____D () C:\Windows\pss
2014-02-28 12:05 - 2014-02-28 12:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-28 12:05 - 2014-02-28 12:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-28 12:05 - 2014-02-28 12:05 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-28 12:05 - 2014-02-28 12:05 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-28 09:27 - 2014-02-28 11:07 - 00000000 ____D () C:\Program Files\Conduit
2014-02-28 09:27 - 2014-02-28 09:27 - 00000000 _____ () C:\END
2014-02-28 07:49 - 2014-01-09 02:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-28 07:49 - 2014-01-03 22:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-16 21:22 - 2014-02-16 21:22 - 00892184 _____ () C:\Windows\Minidump\021614-6723-01.dmp
2014-02-16 20:58 - 2014-02-16 21:22 - 641886944 _____ () C:\Windows\MEMORY.DMP
2014-02-16 20:58 - 2014-02-16 20:58 - 00296176 _____ () C:\Windows\Minidump\021614-6754-01.dmp
2014-02-14 21:28 - 2014-02-14 21:28 - 00013824 _____ () C:\Users\Neil\Desktop\Bon.xls
2014-02-13 09:16 - 2014-02-13 09:16 - 00001021 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2014-02-13 09:16 - 2014-02-13 09:16 - 00000000 ____D () C:\Program Files (x86)\PowerISO
2014-02-13 09:16 - 2010-04-12 08:55 - 00091568 _____ (PowerISO Computing, Inc.) C:\Windows\system32\Drivers\scdemu.sys
2014-02-12 16:45 - 2014-02-12 16:45 - 00000000 ____D () C:\Users\Neil\AppData\Local\newplayer
2014-02-12 16:37 - 2014-02-12 16:37 - 00000000 ____D () C:\Windows\SysWOW64\Dell
2014-02-12 15:59 - 2014-02-06 12:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 15:59 - 2014-02-06 11:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 15:59 - 2014-02-06 11:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 15:59 - 2014-02-06 11:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 15:59 - 2014-02-06 11:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 15:59 - 2014-02-06 11:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 15:59 - 2014-02-06 10:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 15:59 - 2014-02-06 10:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 15:59 - 2014-02-06 10:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 15:59 - 2014-02-06 10:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 15:59 - 2014-02-06 10:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 15:59 - 2014-02-06 10:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 15:59 - 2014-02-06 10:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 15:59 - 2014-02-06 10:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 15:59 - 2014-02-06 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 15:59 - 2014-02-06 10:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 15:59 - 2014-02-06 10:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 15:59 - 2014-02-06 10:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 15:59 - 2014-02-06 10:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 15:59 - 2014-02-06 09:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 15:59 - 2014-02-06 09:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 15:59 - 2014-02-06 09:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 15:59 - 2014-02-06 09:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 15:59 - 2014-02-06 09:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 15:59 - 2014-02-06 09:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 15:59 - 2014-02-06 09:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 15:59 - 2014-02-06 09:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 15:59 - 2014-02-06 09:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 15:59 - 2014-02-06 09:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 15:59 - 2014-02-06 09:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 15:59 - 2014-02-06 09:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 15:59 - 2014-02-06 09:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 15:59 - 2014-02-06 09:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 15:59 - 2014-02-06 09:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 15:59 - 2014-02-06 08:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 15:59 - 2014-02-06 08:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 15:59 - 2014-02-06 08:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 15:59 - 2014-02-06 08:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 15:59 - 2014-02-06 08:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 15:59 - 2013-12-21 09:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 15:59 - 2013-12-21 08:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 15:58 - 2013-12-24 23:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 15:58 - 2013-12-24 22:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 15:58 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 15:58 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 15:58 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 15:58 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 15:58 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 15:58 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 15:58 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 15:58 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 15:58 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 15:58 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 15:58 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 15:58 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 15:58 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 15:58 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 15:58 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 15:58 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 15:58 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 15:58 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 15:58 - 2013-11-26 08:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 15:58 - 2013-11-22 22:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 15:57 - 2013-12-31 23:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 15:57 - 2013-12-31 23:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 15:57 - 2013-12-06 02:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 15:57 - 2013-12-06 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 15:57 - 2013-12-06 02:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 15:57 - 2013-12-06 02:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-11 18:38 - 2014-02-11 18:57 - 00000000 ____D () C:\Users\Neil\Desktop\War of the Worlds
2014-02-10 20:30 - 2014-02-10 20:30 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\U3
2014-02-10 20:28 - 2014-02-10 20:28 - 00001005 _____ () C:\Users\Neil\Desktop\MakeMKV.lnk
2014-02-10 20:28 - 2014-02-10 20:28 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2014-02-10 20:28 - 2014-02-10 20:28 - 00000000 ____D () C:\Users\Neil\.MakeMKV
2014-02-10 20:28 - 2014-02-10 20:28 - 00000000 ____D () C:\Program Files (x86)\MakeMKV
2014-02-10 18:58 - 2014-02-10 18:58 - 00002127 _____ () C:\Users\Neil\Desktop\Microsoft Security Essentials.lnk
2014-02-10 18:48 - 2014-02-10 18:48 - 00000000 ____D () C:\Program Files (x86)\DVD43 Plug-in
2014-02-10 18:48 - 2013-02-21 15:59 - 01692672 _____ () C:\Windows\SysWOW64\DVD43.dll
2014-02-10 11:44 - 2014-02-10 16:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-09 09:14 - 2014-02-09 09:14 - 00001106 _____ () C:\Users\Neil\Desktop\MSI Kombustor 2.5.lnk
2014-02-09 09:14 - 2014-02-09 09:14 - 00000000 ____D () C:\Program Files (x86)\MSI Kombustor 2.5
2014-02-08 12:41 - 2014-02-08 12:41 - 00000000 ____D () C:\Users\Neil\AppData\Local\Clarus
2014-02-07 09:35 - 2014-02-28 18:46 - 00000000 ____D () C:\Users\Neil\Documents\Reflect
2014-02-07 09:31 - 2014-03-01 23:02 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk
2014-02-07 09:31 - 2014-02-07 09:31 - 00000000 ____D () C:\Program Files\Macrium
2014-02-06 20:07 - 2014-02-06 20:07 - 00000041 _____ () C:\script.txt
2014-02-06 20:07 - 2014-02-06 20:07 - 00000031 _____ () C:\Windows\script.txt
2014-02-06 19:44 - 2014-02-06 19:44 - 00000000 ____D () C:\Program Files\LSoft Technologies
2014-02-06 19:36 - 2014-02-06 19:44 - 20338264 _____ (LSoft Technologies Inc ) C:\Users\Neil\Desktop\KillDiskSuiteFree-Setup.exe
2014-02-06 19:20 - 2014-02-06 19:20 - 00001862 _____ () C:\Users\Public\Desktop\Data Migration.lnk
2014-02-06 19:18 - 2014-02-06 19:18 - 00003290 _____ () C:\Windows\System32\Tasks\{5FB08C7F-1E8E-4C85-AB5F-178E4C784EBF}
2014-02-05 20:35 - 2014-02-05 20:35 - 00000000 ____D () C:\Users\Neil\AppData\Local\Realmware
2014-02-05 20:34 - 2014-02-05 20:34 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Realmware
2014-02-03 22:12 - 2014-02-07 17:38 - 00000000 ____D () C:\ProgramData\Macrium
2014-02-03 22:12 - 2014-02-07 09:30 - 00000000 ____D () C:\Users\Neil\Downloads\Macrium
2014-02-03 21:32 - 2014-03-02 08:08 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-02-03 15:01 - 2014-02-03 15:01 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-02 22:00 - 2013-12-27 18:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-02-02 22:00 - 2013-12-27 18:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

==================== One Month Modified Files and Folders =======

2014-03-02 11:51 - 2014-03-02 11:51 - 00020132 _____ () C:\Users\Neil\Desktop\FRST.txt
2014-03-02 11:51 - 2014-03-02 11:48 - 00000000 ____D () C:\FRST
2014-03-02 11:47 - 2014-03-02 11:47 - 02156544 _____ (Farbar) C:\Users\Neil\Desktop\FRST64.exe
2014-03-02 11:46 - 2012-07-17 21:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-02 11:44 - 2014-03-02 11:44 - 00015554 _____ () C:\Users\Neil\Desktop\a2scan_140302-112811.txt
2014-03-02 11:44 - 2012-07-05 08:05 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-03-02 11:29 - 2009-07-14 04:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-02 11:29 - 2009-07-14 04:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-02 11:28 - 2013-10-20 19:28 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2014-03-02 11:28 - 2013-10-20 19:28 - 00000000 ____D () C:\Program Files (x86)\EVGA Precision X
2014-03-02 11:27 - 2012-09-22 20:51 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\vlc
2014-03-02 11:26 - 2009-07-14 05:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-02 11:25 - 2012-05-16 18:10 - 01257057 _____ () C:\Windows\WindowsUpdate.log
2014-03-02 11:21 - 2013-04-14 21:08 - 00144514 _____ () C:\Windows\setupact.log
2014-03-02 11:21 - 2012-11-03 07:57 - 00000000 ____D () C:\Program Files (x86)\HTC Home
2014-03-02 11:20 - 2013-04-14 21:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-02 11:20 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-02 08:56 - 2013-09-04 20:56 - 00000282 _____ () C:\Windows\Tasks\DSite.job
2014-03-02 08:08 - 2014-02-03 21:32 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-02 08:03 - 2013-09-04 21:01 - 00000000 ____D () C:\Users\Neil\AppData\Local\AVG Secure Search
2014-03-02 08:02 - 2013-09-04 21:01 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-03-01 23:02 - 2014-02-07 09:31 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk
2014-03-01 22:49 - 2014-03-01 22:49 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\QuickScan
2014-03-01 22:48 - 2014-03-01 22:47 - 00000000 ___HD () C:\Windows\AxInstSV
2014-03-01 22:36 - 2012-05-17 19:10 - 00000000 ____D () C:\ProgramData\Origin
2014-03-01 21:06 - 2012-05-17 19:41 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-01 20:59 - 2012-05-17 19:10 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-01 20:56 - 2014-03-01 20:56 - 00000085 _____ () C:\Windows\wininit.ini
2014-03-01 20:56 - 2014-03-01 20:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-01 20:56 - 2013-04-28 17:06 - 00403772 _____ () C:\Windows\PFRO.log
2014-03-01 20:13 - 2014-03-01 20:13 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-01 20:05 - 2014-03-01 14:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-01 19:04 - 2012-05-17 19:41 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-03-01 18:45 - 2013-11-14 09:46 - 00012738 _____ () C:\Windows\IE11_main.log
2014-03-01 18:45 - 2012-05-19 20:20 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-03-01 18:02 - 2014-03-01 18:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-01 18:02 - 2014-03-01 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-01 18:02 - 2012-05-17 14:35 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-01 16:57 - 2014-03-01 16:55 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyZooka
2014-03-01 16:56 - 2014-03-01 16:56 - 00000000 ____D () C:\Users\Neil\AppData\Local\SpyZooka
2014-03-01 16:27 - 2014-03-01 16:06 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-01 16:06 - 2014-03-01 16:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-01 16:06 - 2014-03-01 16:06 - 00000000 _____ () C:\autoexec.bat
2014-03-01 14:16 - 2014-03-01 14:16 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\AVAST Software
2014-03-01 14:15 - 2014-03-01 14:15 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-01 14:15 - 2014-03-01 14:15 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-01 14:15 - 2014-03-01 14:15 - 00001976 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-01 14:14 - 2014-03-01 14:14 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-01 11:19 - 2013-03-24 07:27 - 01042104 _____ () C:\Users\Neil\AppData\Local\census.cache
2014-03-01 11:19 - 2013-03-24 07:27 - 00122057 _____ () C:\Users\Neil\AppData\Local\ars.cache
2014-02-28 20:44 - 2013-05-25 09:11 - 00001361 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-02-28 20:41 - 2014-02-28 20:41 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-28 20:40 - 2012-05-16 22:30 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-28 18:46 - 2014-02-07 09:35 - 00000000 ____D () C:\Users\Neil\Documents\Reflect
2014-02-28 18:38 - 2014-02-28 18:38 - 00000000 ____D () C:\Windows\pss
2014-02-28 18:38 - 2012-05-16 18:10 - 00000000 ___RD () C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-28 12:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-02-28 12:05 - 2014-02-28 12:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-28 12:05 - 2014-02-28 12:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-28 12:05 - 2014-02-28 12:05 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-28 12:05 - 2014-02-28 12:05 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-28 12:05 - 2013-07-01 18:06 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-28 11:07 - 2014-02-28 09:27 - 00000000 ____D () C:\Program Files\Conduit
2014-02-28 11:07 - 2013-08-21 16:25 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-02-28 11:07 - 2013-05-31 19:50 - 00000000 ____D () C:\Users\Neil\AppData\Local\SwvUpdater
2014-02-28 09:46 - 2012-07-17 21:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-28 09:46 - 2012-05-18 06:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-28 09:46 - 2012-05-18 06:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-28 09:27 - 2014-02-28 09:27 - 00000000 _____ () C:\END
2014-02-16 21:45 - 2012-05-21 20:45 - 00000000 ____D () C:\Program Files\PeerBlock
2014-02-16 21:22 - 2014-02-16 21:22 - 00892184 _____ () C:\Windows\Minidump\021614-6723-01.dmp
2014-02-16 21:22 - 2014-02-16 20:58 - 641886944 _____ () C:\Windows\MEMORY.DMP
2014-02-16 21:22 - 2012-05-31 06:36 - 00000000 ____D () C:\Windows\Minidump
2014-02-16 20:58 - 2014-02-16 20:58 - 00296176 _____ () C:\Windows\Minidump\021614-6754-01.dmp
2014-02-14 21:28 - 2014-02-14 21:28 - 00013824 _____ () C:\Users\Neil\Desktop\Bon.xls
2014-02-13 11:09 - 2014-01-10 17:33 - 00000000 ____D () C:\Users\Neil\AppData\Local\genienext
2014-02-13 10:50 - 2012-08-01 21:05 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\uTorrent
2014-02-13 09:16 - 2014-02-13 09:16 - 00001021 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2014-02-13 09:16 - 2014-02-13 09:16 - 00000000 ____D () C:\Program Files (x86)\PowerISO
2014-02-12 16:45 - 2014-02-12 16:45 - 00000000 ____D () C:\Users\Neil\AppData\Local\newplayer
2014-02-12 16:37 - 2014-02-12 16:37 - 00000000 ____D () C:\Windows\SysWOW64\Dell
2014-02-12 16:02 - 2013-07-20 20:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 16:02 - 2012-05-19 19:55 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 16:00 - 2012-05-17 14:35 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-11 18:57 - 2014-02-11 18:38 - 00000000 ____D () C:\Users\Neil\Desktop\War of the Worlds
2014-02-10 20:55 - 2013-04-23 20:28 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-10 20:51 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-10 20:30 - 2014-02-10 20:30 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\U3
2014-02-10 20:28 - 2014-02-10 20:28 - 00001005 _____ () C:\Users\Neil\Desktop\MakeMKV.lnk
2014-02-10 20:28 - 2014-02-10 20:28 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2014-02-10 20:28 - 2014-02-10 20:28 - 00000000 ____D () C:\Users\Neil\.MakeMKV
2014-02-10 20:28 - 2014-02-10 20:28 - 00000000 ____D () C:\Program Files (x86)\MakeMKV
2014-02-10 20:28 - 2012-05-16 18:10 - 00000000 ____D () C:\Users\Neil
2014-02-10 18:58 - 2014-02-10 18:58 - 00002127 _____ () C:\Users\Neil\Desktop\Microsoft Security Essentials.lnk
2014-02-10 18:48 - 2014-02-10 18:48 - 00000000 ____D () C:\Program Files (x86)\DVD43 Plug-in
2014-02-10 16:53 - 2013-04-17 22:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-10 16:50 - 2014-02-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-09 09:14 - 2014-02-09 09:14 - 00001106 _____ () C:\Users\Neil\Desktop\MSI Kombustor 2.5.lnk
2014-02-09 09:14 - 2014-02-09 09:14 - 00000000 ____D () C:\Program Files (x86)\MSI Kombustor 2.5
2014-02-09 09:14 - 2013-04-23 20:33 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Samsung
2014-02-09 09:14 - 2013-04-23 20:33 - 00000000 ____D () C:\Users\Neil\AppData\Local\Samsung
2014-02-09 09:14 - 2013-04-23 20:28 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-08 18:34 - 2014-02-28 20:38 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-08 18:34 - 2014-02-28 20:38 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-02-08 18:34 - 2013-04-14 21:09 - 18257576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-02-08 18:34 - 2013-04-14 21:09 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-08 18:34 - 2012-12-20 18:27 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-02-08 18:34 - 2012-08-10 13:17 - 03090184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-02-08 18:34 - 2012-08-10 13:17 - 00947296 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-02-08 18:34 - 2012-08-10 13:17 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-02-08 18:34 - 2012-08-10 13:17 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-02-08 17:42 - 2013-09-23 07:30 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-02-08 17:42 - 2013-04-14 21:10 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-02-08 17:42 - 2013-04-14 21:10 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-02-08 17:42 - 2013-04-14 21:10 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-02-08 17:42 - 2013-04-14 21:10 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-02-08 17:42 - 2012-08-10 13:18 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-02-08 16:18 - 2014-02-28 20:40 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-02-08 12:41 - 2014-02-08 12:41 - 00000000 ____D () C:\Users\Neil\AppData\Local\Clarus
2014-02-07 17:38 - 2014-02-03 22:12 - 00000000 ____D () C:\ProgramData\Macrium
2014-02-07 17:37 - 2012-11-13 18:47 - 00001080 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-07 09:31 - 2014-02-07 09:31 - 00000000 ____D () C:\Program Files\Macrium
2014-02-07 09:30 - 2014-02-03 22:12 - 00000000 ____D () C:\Users\Neil\Downloads\Macrium
2014-02-06 20:32 - 2014-01-19 07:31 - 00000766 _____ () C:\Users\Neil\Desktop\u Torrent Downloads.lnk
2014-02-06 20:23 - 2009-07-14 05:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-02-06 20:23 - 2009-07-14 05:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-02-06 20:07 - 2014-02-06 20:07 - 00000041 _____ () C:\script.txt
2014-02-06 20:07 - 2014-02-06 20:07 - 00000031 _____ () C:\Windows\script.txt
2014-02-06 19:44 - 2014-02-06 19:44 - 00000000 ____D () C:\Program Files\LSoft Technologies
2014-02-06 19:44 - 2014-02-06 19:36 - 20338264 _____ (LSoft Technologies Inc ) C:\Users\Neil\Desktop\KillDiskSuiteFree-Setup.exe
2014-02-06 19:20 - 2014-02-06 19:20 - 00001862 _____ () C:\Users\Public\Desktop\Data Migration.lnk
2014-02-06 19:18 - 2014-02-06 19:18 - 00003290 _____ () C:\Windows\System32\Tasks\{5FB08C7F-1E8E-4C85-AB5F-178E4C784EBF}
2014-02-06 19:07 - 2012-05-18 01:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-06 12:16 - 2014-02-12 15:59 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:30 - 2014-02-12 15:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:30 - 2014-02-12 15:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 - 2014-02-12 15:59 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 11:07 - 2014-02-12 15:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:06 - 2014-02-12 15:59 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 15:59 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:56 - 2014-02-12 15:59 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:52 - 2014-02-12 15:59 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:49 - 2014-02-12 15:59 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:48 - 2014-02-12 15:59 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:48 - 2014-02-12 15:59 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:38 - 2014-02-12 15:59 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 10:32 - 2014-02-12 15:59 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:20 - 2014-02-12 15:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 10:17 - 2014-02-12 15:59 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:11 - 2014-02-12 15:59 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:01 - 2014-02-12 15:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 10:00 - 2014-02-12 15:59 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 09:57 - 2014-02-12 15:59 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 09:57 - 2014-02-12 15:59 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 09:52 - 2014-02-12 15:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 09:52 - 2014-02-12 15:59 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 09:50 - 2014-02-12 15:59 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 09:49 - 2014-02-12 15:59 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 09:47 - 2014-02-12 15:59 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 09:46 - 2014-02-12 15:59 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 09:25 - 2014-02-12 15:59 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 09:25 - 2014-02-12 15:59 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 09:24 - 2014-02-12 15:59 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:22 - 2014-02-12 15:59 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:13 - 2014-02-12 15:59 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 09:09 - 2014-02-12 15:59 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 09:03 - 2014-02-12 15:59 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 08:55 - 2014-02-12 15:59 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 08:41 - 2014-02-12 15:59 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 08:40 - 2014-02-12 15:59 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 08:36 - 2014-02-12 15:59 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 08:34 - 2014-02-12 15:59 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 22:15 - 2014-01-24 23:28 - 00001983 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-02-05 22:11 - 2013-04-23 20:25 - 00000000 ____D () C:\Users\Neil\AppData\Local\Downloaded Installations
2014-02-05 21:20 - 2012-10-07 16:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-05 20:35 - 2014-02-05 20:35 - 00000000 ____D () C:\Users\Neil\AppData\Local\Realmware
2014-02-05 20:34 - 2014-02-05 20:34 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Realmware
2014-02-05 17:59 - 2012-05-16 18:22 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-02-05 17:52 - 2012-08-10 13:18 - 03573739 _____ () C:\Windows\system32\nvcoproc.bin
2014-02-05 11:49 - 2012-06-02 19:57 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4
2014-02-05 09:31 - 2013-11-01 13:42 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-02-05 09:30 - 2013-11-01 13:42 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-02-03 15:01 - 2014-02-03 15:01 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-02 21:54 - 2012-09-13 20:53 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\DVD Flick
2014-02-02 00:05 - 2012-07-03 19:27 - 00155528 _____ (Nicomsoft Ltd.) C:\Windows\system32\DDCHELPER.dll
2014-02-02 00:05 - 2012-07-03 19:27 - 00020832 _____ (Nicomsoft Ltd.) C:\Windows\system32\Drivers\ddcdrv.sys
2014-02-01 02:31 - 2012-05-21 20:45 - 00001792 _____ () C:\Users\Neil\Desktop\PeerBlock.lnk

ZeroAccess:
C:\Windows\Installer\{eb180144-a45f-1183-0f1f-b751a0fa4802}

Some content of TEMP:
====================
C:\Users\Neil\AppData\Local\Temp\UNINSTALL.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-28 12:34

==================== End Of Log ============================

 

FABAR ADDITIONS

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2014 01
Ran by Neil at 2014-03-02 11:51:23
Running from C:\Users\Neil\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Active@ KillDisk 8.0 (HKLM\...\{E593CA8F-29AB-4AED-9867-5A61AEF3AF94}_is1) (Version: 8.0 - LSoft Technologies Inc)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AIVIA GHOST (HKLM-x32\...\{4E711815-5F4E-47F2-B1E1-C0B43A8D57F3}) (Version: 1.06.0000 - GIGABYTE)
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.1.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
BurnAware Free 6.4 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4255 - CDBurnerXP)
Company of Heroes 2 - Beta Stress Test (HKLM-x32\...\Steam App 231550) (Version:  - )
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.13 - NCH Software)
Driver Fusion (HKLM-x32\...\{100C8F3B-82D6-4B14-BB7A-5E8C3FF810C8}_is1) (Version: 1.2.0 - Treexy)
Driver Sweeper version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD43 Plug-in v1.0.0.6 (HKLM-x32\...\DVD43 Plug-in_is1) (Version:  - )
DVDFab 8.2.1.5 (10/10/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 6.6 - Emsisoft GmbH)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIGABYTE VGA @BIOS (HKLM-x32\...\{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}) (Version: 5.3 - GIGABYTE)
HTC Home Apis (HKLM-x32\...\HTC Home Apis) (Version: 3.0.620.0 - Stealth)
Image Editor Packages (HKCU\...\Image Editor Packages) (Version:  - ) <==== ATTENTION
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}) (Version: 1.18.24.1 - LightScribe)
Logitech Flow Scroll 4.0 (HKLM\...\Sn1) (Version: 4.00.33 - Logitech)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
lucky leap 3.0.0 (HKLM\...\lucky leap) (Version: 3.0.0 - luckyleap)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.2.6465 - Paramount Software (UK) Ltd.) Hidden
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
MakeMKV v1.8.8 (HKLM-x32\...\MakeMKV) (Version: v1.8.8 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft AutoRoute 2010 (HKLM-x32\...\{C82185E8-C27B-4EF4-2010-3333BC2C2B6D}) (Version: 17.0.22.1400 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable Package (x32 Version: 1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 en-GB)) (Version: 24.3.0 - Mozilla)
MSI Kombustor 2.5.2 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero MediaHome 4 (x32 Version: 4.5.9.4 - Nero AG) Hidden
Nero MediaHome 4 Essentials (HKLM-x32\...\{4f492736-6eb3-4e15-92a6-f5322d348312}) (Version:  - Nero AG)
Nero MediaHome 4 Help (x32 Version: 4.5.5.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
NewPlayer (HKLM-x32\...\NewPlayer) (Version: v2.1.1.0 - TUGUU SL) <==== ATTENTION
NVIDIA 3D Vision Controller Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA Control Panel 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3489 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PeerBlock 1.1+ (r691) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.691 - PeerBlock, LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
Samsung Drive Manager (HKLM-x32\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.148 - Clarus)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Sky Broadband (HKLM-x32\...\{14C35072-D7D0-4B29-B5BF-C94E426D77E9}) (Version: 1.0.0 - Sky Broadband)
SSC Service Utility v4.30 (HKLM-x32\...\SSC Service Utility_is1) (Version:  - SSC Localization Group)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - )
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Image Editor (HKCU\...\DSite) (Version:  - ) <==== ATTENTION
Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
War Thunder Launcher 1.0.1.229 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

01-03-2014 18:19:45 Windows Update

==================== Hosts content: ==========================

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00444A38-7532-4A7E-B21A-440712E25DF4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2173030873-2861752262-2005351207-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {00BA9802-C965-41D5-B345-533CCE242B67} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {06F6BEA8-623A-48E1-89D3-3AAA798829ED} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Device Center\itype.exe
Task: {10FA538A-34DF-445C-8F6D-1BAC3AA6F5DE} - System32\Tasks\Core Temp Autostart Neil => C:\Program Files\Core Temp\Core Temp.exe [2012-01-25] ()
Task: {24020697-3DFA-41F2-A74F-BB544E7604E7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-01] (AVAST Software)
Task: {2AA7C992-759F-41D5-AC78-9CFDA13C3CEF} - System32\Tasks\DigitalSite => C:\Users\Neil\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {398226AE-2509-43D2-9269-51F9F90D7B5E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {57D1A5F3-19AD-4756-8C93-DE729FD662A3} - System32\Tasks\{86D46C81-389A-4833-A415-910EF115682F} => C:\Users\Neil\Desktop\IntelBurnTestV2.exe
Task: {6CB458D4-7337-4AD8-B72E-9B44636BCA28} - System32\Tasks\{F5F30CAE-3AA4-42E7-80B4-16651DA7D40C} => C:\Users\Neil\Desktop\Photoshop\Setup.exe
Task: {76053328-1D7C-4EBF-91F3-D36F4B399BA0} - System32\Tasks\{CC8578D0-76E2-49E6-A15F-029F3BADE976} => C:\Users\Neil\Desktop\IntelBurnTestV2.exe
Task: {8DB13AE8-8108-4553-8D5D-2F03885AA9A0} - System32\Tasks\DSite => C:\Users\Neil\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9211EE48-8136-4814-A961-420B5E20FDA1} - System32\Tasks\{2F745063-722E-4FDE-90D7-7EFFF368E2A9} => C:\Users\Neil\Desktop\Photoshop\Setup.exe
Task: {9B293D7E-F181-4FA2-A32C-7ABC819AE467} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {A57A0CCC-8C5F-429D-819E-04C6D0FDB1F4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2173030873-2861752262-2005351207-1000
Task: {BD02C8BE-2BA8-434B-AA17-C7557AB1427B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2173030873-2861752262-2005351207-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C4DD2473-94AC-4A9A-AA40-609C76549B90} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Device Center\ipoint.exe
Task: {CCA0F78A-8B95-43F0-915E-EB6AC4F025C2} - System32\Tasks\{8475D166-1751-4FC3-A0F0-EC60E4E75815} => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
Task: {CE343AF6-592F-46F3-8878-52C77D802D97} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-28] (Adobe Systems Incorporated)
Task: {CED4449A-DFC2-47CE-A984-414116415F8E} - System32\Tasks\4573 => Wscript.exe C:\Users\Neil\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {D34914A6-8BD9-4CD1-9531-242AF27BCD01} - System32\Tasks\{7696664C-E758-4833-8355-1620A8074242} => C:\Users\Neil\Desktop\Setupd.exe
Task: {D7606B98-3E62-4832-B12C-99477633A6AF} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {EE9008D9-B8FF-4EB5-B8ED-83859B316036} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F119BB27-78F6-4B9F-AC2C-9105F3BAD320} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {FF66F058-1760-43DF-B9FA-875EC16EB1DB} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Neil\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Neil\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-08-10 13:18 - 2014-02-08 17:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-05-17 19:41 - 2013-11-01 19:08 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-07-15 04:44 - 2010-07-15 04:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-05-18 20:26 - 2012-01-25 13:59 - 00848336 _____ () C:\Program Files\Core Temp\Core Temp.exe
2011-10-07 09:39 - 2011-10-07 09:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-03-19 21:09 - 2012-03-19 21:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-03 21:18 - 2012-11-03 21:18 - 00006144 _____ () C:\Users\Neil\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SystemMonitorII.gadget\CoreTempReader.dll
2012-11-03 21:18 - 2012-11-03 21:18 - 00008704 _____ () C:\Users\Neil\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SystemMonitorII.gadget\GetCoreTempInfoNET.dll
2012-11-03 21:18 - 2012-11-03 21:18 - 00007680 _____ () C:\Users\Neil\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SystemMonitorII.gadget\SystemInfo.dll
2011-06-21 06:07 - 2011-11-28 12:54 - 02036736 _____ () C:\Program Files (x86)\HTC Home\Clock.exe
2011-06-21 06:06 - 2011-06-21 06:06 - 00249344 _____ () C:\Program Files (x86)\HTC Home\Home.Base.dll
2011-06-20 13:12 - 2011-06-20 13:12 - 00011776 _____ () C:\Program Files (x86)\HTC Home\Home.Packaging.dll
2011-06-21 06:06 - 2011-06-22 08:15 - 00016896 _____ () C:\Program Files (x86)\HTC Home\Weather.Base.dll
2011-06-20 13:12 - 2011-06-22 08:15 - 00018432 _____ () C:\Program Files (x86)\HTC Home\Extras\Weather\MSN.dll
2011-06-20 08:49 - 2011-06-20 08:49 - 04660736 _____ () C:\Program Files (x86)\HTC Home\UIFramework.Weather.dll
2013-09-04 21:01 - 2014-03-02 08:02 - 02486296 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2013-06-28 17:56 - 2013-06-28 17:56 - 00733184 _____ () C:\Users\Neil\Documents\GIGABYTE\AIVIA GHOST\Tilt.exe
2012-09-18 15:41 - 2012-09-18 15:41 - 00191488 _____ () C:\Users\Neil\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
2014-03-01 20:05 - 2014-03-01 18:29 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14030102\algo.dll
2014-01-08 15:38 - 2014-01-08 15:38 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2014-03-01 14:15 - 2014-03-01 14:15 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Neil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Clarus Drive Manager => C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide
MSCONFIG\startupreg: HTC Home => "C:\Users\Neil\AppData\Roaming\Stealth Software\HTC Home 2.4\HTCHome.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: Nero MediaHome 4 => "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN                                                                                                                                                                                               
MSCONFIG\startupreg: NeroCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/02/2014 11:22:46 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/02/2014 08:04:15 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/02/2014 00:22:26 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2014 08:58:40 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2014 08:55:14 PM) (Source: Application Hang) (User: )
Description: The program SDWelcome.exe version 2.2.21.129 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b64

Start Time: 01cf358ab3d9565c

Termination Time: 0

Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe

Report Id: c81aadae-a183-11e3-8926-bc5ff420bf90

Error: (03/01/2014 08:05:57 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2014 06:19:45 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2173030873-2861752262-2005351207-1000.BAK).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {92bc581d-79a3-49c2-a916-459c0cd20604}

Error: (03/01/2014 06:00:06 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2014 05:05:37 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2014 04:27:33 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed SpyHunter; Error = 0x80070422).

System errors:
=============
Error: (03/01/2014 09:05:09 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (03/01/2014 08:59:15 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (03/01/2014 08:59:15 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (03/01/2014 07:03:47 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (03/01/2014 07:03:20 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (03/01/2014 07:03:20 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (03/01/2014 05:03:53 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/01/2014 05:03:53 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/01/2014 05:03:53 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/01/2014 05:03:53 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (03/02/2014 11:22:46 AM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 08:04:15 AM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 00:22:26 AM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2014 08:58:40 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2014 08:55:14 PM) (Source: Application Hang)(User: )
Description: SDWelcome.exe2.2.21.1291b6401cf358ab3d9565c0C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exec81aadae-a183-11e3-8926-bc5ff420bf90

Error: (03/01/2014 08:05:57 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2014 06:19:45 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2173030873-2861752262-2005351207-1000.BAK)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {92bc581d-79a3-49c2-a916-459c0cd20604}

Error: (03/01/2014 06:00:06 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2014 05:05:37 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2014 04:27:33 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved SpyHunter0x80070422

CodeIntegrity Errors:
===================================
  Date: 2014-02-02 11:54:28.513
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Recovered Data\Root\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-02 11:54:28.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Recovered Data\Root\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-02 11:54:28.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Recovered Data\Root\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-02 11:54:28.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Recovered Data\Root\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-02 11:54:28.184
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Recovered Data\Root\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-02 11:54:28.121
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Recovered Data\Root\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-02 11:54:20.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Recovered Data\Root\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.23152_none_b55a00e77cd1055d\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-02 11:54:20.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Recovered Data\Root\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.23152_none_b55a00e77cd1055d\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-02 11:54:20.202
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Recovered Data\Root\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.23152_none_b55a00e77cd1055d\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-02 11:54:19.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Recovered Data\Root\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 8076.38 MB
Available physical RAM: 6107.18 MB
Total Pagefile: 16150.95 MB
Available Pagefile: 13292.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System SSD) (Fixed) (Total:232.88 GB) (Free:114.21 GB) NTFS
Drive e: (Local Disk) (Fixed) (Total:298.08 GB) (Free:159.83 GB) NTFS
Drive f: () (Fixed) (Total:186.31 GB) (Free:182.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: E27CC5B8)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: C962251B)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 186 GB) (Disk ID: 0A251C10)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

 

Hope this is what is required :)



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 02 March 2014 - 01:56 PM

Hello,

I'm not so sure that Emsisoft Anti-Malware got this one right. The entry it claims to be malicious belongs to Leapfrog Connect. Have you installed this program and are aware of its presence?
But there is quite a lot of adware anyway.


Step 1

Please visit VirusTotal and scan a file as follows:

  • Click on Choose File.
  • Copy and paste the following into the file name textbox:
    E:\Program Files (x86)\LeapFrog Connect\Monitor.exe
    and click Open.
  • Now hit the Scan it! button on the website to scan the selected file.
  • If you get the message

    File already analysed - This file was last analyse by VirusTotal on ....

    then click on Reanalyse!
  • Wait until the scan has finished.
  • Copy the URL from your browsers address bar and paste it in your next reply.

 

 

 

Step 2

Please uninstall some programs:

  • Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    DMUninstaller
    Image Editor Packages
    lucky leap 3.0.0
    NewPlayer
    Update for Image Editor

  • Reboot your computer.

 

 

 

Step 3

Please download AdwCleaner (by Xplode) and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

 

 

Step 4

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 Crisbeq

Crisbeq
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 02 March 2014 - 03:16 PM

Hi Aharonov

 

With regard to the 'Leapfrog Connect' entry, yes I am aware of it. Its associated with my daughter learning pad. With regard to the adware, I deleted it all as you said.

 

The URL is;  https://www.virustotal.com/en/file/676b39fd1afb38073a8d07f3e549cfb50bf4fa18b4fd5e37a44eaf7f3e1e3bb3/analysis/1393790115/

 

The AdwCleaner file is ;

 

# AdwCleaner v3.020 - Report created 02/03/2014 at 20:02:48
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Neil - AQUARIUM
# Running from : C:\Users\Neil\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater17.3.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\myfree codec
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Neil\AppData\Local\apn
Folder Deleted : C:\Users\Neil\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Neil\AppData\Local\genienext
Folder Deleted : C:\Users\Neil\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Neil\AppData\Local\NewPlayer
Folder Deleted : C:\Users\Neil\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Neil\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Neil\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Neil\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\Neil\AppData\Roaming\DSite
Folder Deleted : C:\Users\Neil\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Neil\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Neil\AppData\Roaming\Oxy
Folder Deleted : C:\Users\Neil\Documents\Mobogenie
Folder Deleted : C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
File Deleted : C:\alotserviceruntime.log
File Deleted : C:\END
File Deleted : C:\Users\Neil\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Deleted : C:\Windows\Tasks\digitalsite.job
File Deleted : C:\Windows\System32\Tasks\digitalsite
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\.bgl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\alotservice_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\alotservice_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKCU\Software\5e4dddcb16eec40
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_htc-home-for-windows_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_htc-home-for-windows_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422912236}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466916636}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422912236}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466916636}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\aartemisSoftware
Key Deleted : HKLM\Software\AedgePerformanceBCN
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\V9
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : [x64] HKLM\SOFTWARE\IB Updater
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll,

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v

[ File : C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url

*************************

AdwCleaner[R0].txt - [18266 octets] - [02/03/2014 20:02:16]
AdwCleaner[S0].txt - [16325 octets] - [02/03/2014 20:02:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16386 octets] ##########

 

The FRST file is;

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2014 01
Ran by Neil (administrator) on AQUARIUM on 02-03-2014 20:05:10
Running from C:\Users\Neil\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(LeapFrog Enterprises, Inc.) E:\Program Files (x86)\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\HTC Home\Clock.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
() C:\Program Files\Core Temp\Core Temp.exe
() C:\Users\Neil\Documents\GIGABYTE\AIVIA GHOST\Tilt.exe
() C:\Users\Neil\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
(LeapFrog Enterprises, Inc.) E:\Program Files (x86)\LeapFrog Connect\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [LogiScrollApp] - C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Tilt] - C:\Users\Neil\Documents\GIGABYTE\AIVIA GHOST\Tilt.exe [733184 2013-06-28] ()
HKLM-x32\...\Run: [ghost] - C:\Users\Neil\Documents\GIGABYTE\AIVIA GHOST\ghostopen.exe [191488 2012-09-18] ()
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Monitor] - E:\Program Files (x86)\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-01] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2173030873-2861752262-2005351207-1000\...\Run: [Clock Widget (HTC Home)] - C:\Program Files (x86)\HTC Home\Clock.exe [2036736 2011-11-28] ()
HKU\S-1-5-21-2173030873-2861752262-2005351207-1000\...\Run: [SpyEmergency] - C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
HKU\S-1-5-21-2173030873-2861752262-2005351207-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2173030873-2861752262-2005351207-1000\...\MountPoints2: {4b70f0ef-543c-11e2-b89e-bc5ff420bf90} - K:\LaunchU3.exe -a
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-02-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEtBtD0B0FzytDyD0BtDtCtN0D0Tzu0CyCtDtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=162405395&ir=
SearchScopes: HKLM-x32 - {37065DF9-CD0B-40CF-A6C8-F5A4D331349B URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEtBtD0B0FzytDyD0BtDtCtN0D0Tzu0CyCtDtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=162405395&ir=
SearchScopes: HKLM-x32 - {3EA4492C-38A8-0C19-EC6E-6EA579F1BF60} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {3704C18F-1EC3-AAAD-DB7C-225ED3A5B44E} URL =
BHO: Weather It Up - {11111111-1111-1111-1111-110411911136} - C:\Program Files (x86)\Weather It Up\Weather It Up-bho64.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (YouTube) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-17]
CHR Extension: (Google Search) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-17]
CHR Extension: (No Name) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp [2013-09-11]
CHR Extension: (Gmail) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-17]
CHR HKLM-x32\...\Chrome\Extension: [geooogfhpjdpeiphckpbgkhpbeobcaoi] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-09-06]

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-16] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-01] (AVAST Software)
R2 LeapFrog Connect Device Service; E:\Program Files (x86)\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S4 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2010-10-29] (Nero AG)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-01] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [1142768 2014-01-24] (Paramount Software UK Ltd)
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [19456 2013-06-05] (Clarus, Inc.)

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-08-25] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-04-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-04-28] (Emsisoft GmbH)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-03-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-01] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-01] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-16] (Emsisoft GmbH)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\atBIOS\GPCIDrv64.sys [14376 2010-02-04] ()
S3 GPUZ; C:\Windows\TEMP\GPUZ.sys [27008 2013-10-21] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2014-02-02] (Nicomsoft Ltd.)
R3 ALSysIO; \??\C:\Users\Neil\AppData\Local\Temp\ALSysIO64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 EtronHub3; System32\Drivers\EtronHub3.sys [X]
S3 EtronXHCI; System32\Drivers\EtronXHCI.sys [X]
S1 fstknsdj; \??\C:\Windows\system32\drivers\fstknsdj.sys [X]
S1 kimdfhbr; \??\C:\Windows\system32\drivers\kimdfhbr.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-02 20:03 - 2014-03-02 20:03 - 00016595 _____ () C:\Users\Neil\Desktop\AdwCleaner[S0].txt
2014-03-02 20:02 - 2014-03-02 20:02 - 00000000 ____D () C:\AdwCleaner
2014-03-02 20:01 - 2014-03-02 20:01 - 01244192 _____ () C:\Users\Neil\Desktop\AdwCleaner.exe
2014-03-02 19:56 - 2014-03-02 19:56 - 00000120 _____ () C:\Users\Neil\Desktop\browser url.txt
2014-03-02 11:51 - 2014-03-02 20:05 - 00015534 _____ () C:\Users\Neil\Desktop\FRST.txt
2014-03-02 11:51 - 2014-03-02 11:51 - 00037840 _____ () C:\Users\Neil\Desktop\Addition.txt
2014-03-02 11:48 - 2014-03-02 20:05 - 00000000 ____D () C:\FRST
2014-03-02 11:47 - 2014-03-02 11:47 - 02156544 _____ (Farbar) C:\Users\Neil\Desktop\FRST64.exe
2014-03-02 11:44 - 2014-03-02 11:44 - 00015554 _____ () C:\Users\Neil\Desktop\a2scan_140302-112811.txt
2014-03-01 22:49 - 2014-03-01 22:49 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\QuickScan
2014-03-01 22:47 - 2014-03-01 22:48 - 00000000 ___HD () C:\Windows\AxInstSV
2014-03-01 20:56 - 2014-03-01 20:56 - 00000085 _____ () C:\Windows\wininit.ini
2014-03-01 20:13 - 2014-03-01 20:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-01 20:13 - 2014-03-01 20:13 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-01 18:02 - 2014-03-01 18:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-01 18:02 - 2014-03-01 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-01 16:56 - 2014-03-01 16:56 - 00000000 ____D () C:\Users\Neil\AppData\Local\SpyZooka
2014-03-01 16:55 - 2014-03-01 16:57 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyZooka
2014-03-01 16:06 - 2014-03-01 16:27 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-01 16:06 - 2014-03-01 16:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-01 16:06 - 2014-03-01 16:06 - 00000000 _____ () C:\autoexec.bat
2014-03-01 14:16 - 2014-03-01 14:16 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\AVAST Software
2014-03-01 14:15 - 2014-03-01 20:05 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-01 14:15 - 2014-03-01 14:15 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-01 14:15 - 2014-03-01 14:15 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-01 14:15 - 2014-03-01 14:15 - 00001976 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-01 14:14 - 2014-03-01 14:14 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-28 20:41 - 2014-02-28 20:41 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-28 20:40 - 2014-02-08 16:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-02-28 20:38 - 2014-02-08 18:34 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-28 20:38 - 2014-02-08 18:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-02-28 20:38 - 2014-02-08 18:34 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-02-28 18:38 - 2014-02-28 18:38 - 00000000 ____D () C:\Windows\pss
2014-02-28 12:05 - 2014-02-28 12:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-28 12:05 - 2014-02-28 12:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-28 12:05 - 2014-02-28 12:05 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-28 12:05 - 2014-02-28 12:05 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-28 07:49 - 2014-01-09 02:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-28 07:49 - 2014-01-03 22:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-16 21:22 - 2014-02-16 21:22 - 00892184 _____ () C:\Windows\Minidump\021614-6723-01.dmp
2014-02-16 20:58 - 2014-02-16 21:22 - 641886944 _____ () C:\Windows\MEMORY.DMP
2014-02-16 20:58 - 2014-02-16 20:58 - 00296176 _____ () C:\Windows\Minidump\021614-6754-01.dmp
2014-02-14 21:28 - 2014-02-14 21:28 - 00013824 _____ () C:\Users\Neil\Desktop\Bon.xls
2014-02-13 09:16 - 2014-02-13 09:16 - 00001021 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2014-02-13 09:16 - 2014-02-13 09:16 - 00000000 ____D () C:\Program Files (x86)\PowerISO
2014-02-13 09:16 - 2010-04-12 08:55 - 00091568 _____ (PowerISO Computing, Inc.) C:\Windows\system32\Drivers\scdemu.sys
2014-02-12 16:37 - 2014-02-12 16:37 - 00000000 ____D () C:\Windows\SysWOW64\Dell
2014-02-12 15:59 - 2014-02-06 12:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 15:59 - 2014-02-06 11:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 15:59 - 2014-02-06 11:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 15:59 - 2014-02-06 11:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 15:59 - 2014-02-06 11:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 15:59 - 2014-02-06 11:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 15:59 - 2014-02-06 10:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 15:59 - 2014-02-06 10:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 15:59 - 2014-02-06 10:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 15:59 - 2014-02-06 10:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 15:59 - 2014-02-06 10:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 15:59 - 2014-02-06 10:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 15:59 - 2014-02-06 10:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 15:59 - 2014-02-06 10:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 15:59 - 2014-02-06 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 15:59 - 2014-02-06 10:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 15:59 - 2014-02-06 10:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 15:59 - 2014-02-06 10:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 15:59 - 2014-02-06 10:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 15:59 - 2014-02-06 09:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 15:59 - 2014-02-06 09:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 15:59 - 2014-02-06 09:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 15:59 - 2014-02-06 09:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 15:59 - 2014-02-06 09:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 15:59 - 2014-02-06 09:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 15:59 - 2014-02-06 09:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 15:59 - 2014-02-06 09:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 15:59 - 2014-02-06 09:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 15:59 - 2014-02-06 09:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 15:59 - 2014-02-06 09:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 15:59 - 2014-02-06 09:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 15:59 - 2014-02-06 09:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 15:59 - 2014-02-06 09:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 15:59 - 2014-02-06 09:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 15:59 - 2014-02-06 08:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 15:59 - 2014-02-06 08:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 15:59 - 2014-02-06 08:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 15:59 - 2014-02-06 08:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 15:59 - 2014-02-06 08:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 15:59 - 2013-12-21 09:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 15:59 - 2013-12-21 08:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 15:58 - 2013-12-24 23:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 15:58 - 2013-12-24 22:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 15:58 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 15:58 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 15:58 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 15:58 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 15:58 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 15:58 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 15:58 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 15:58 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 15:58 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 15:58 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 15:58 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 15:58 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 15:58 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 15:58 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 15:58 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 15:58 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 15:58 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 15:58 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 15:58 - 2013-11-26 08:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 15:58 - 2013-11-22 22:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 15:57 - 2013-12-31 23:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 15:57 - 2013-12-31 23:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 15:57 - 2013-12-06 02:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 15:57 - 2013-12-06 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 15:57 - 2013-12-06 02:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 15:57 - 2013-12-06 02:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-11 18:38 - 2014-02-11 18:57 - 00000000 ____D () C:\Users\Neil\Desktop\War of the Worlds
2014-02-10 20:30 - 2014-02-10 20:30 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\U3
2014-02-10 20:28 - 2014-02-10 20:28 - 00001005 _____ () C:\Users\Neil\Desktop\MakeMKV.lnk
2014-02-10 20:28 - 2014-02-10 20:28 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2014-02-10 20:28 - 2014-02-10 20:28 - 00000000 ____D () C:\Users\Neil\.MakeMKV
2014-02-10 20:28 - 2014-02-10 20:28 - 00000000 ____D () C:\Program Files (x86)\MakeMKV
2014-02-10 18:58 - 2014-02-10 18:58 - 00002127 _____ () C:\Users\Neil\Desktop\Microsoft Security Essentials.lnk
2014-02-10 18:48 - 2014-02-10 18:48 - 00000000 ____D () C:\Program Files (x86)\DVD43 Plug-in
2014-02-10 18:48 - 2013-02-21 15:59 - 01692672 _____ () C:\Windows\SysWOW64\DVD43.dll
2014-02-10 11:44 - 2014-02-10 16:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-09 09:14 - 2014-02-09 09:14 - 00001106 _____ () C:\Users\Neil\Desktop\MSI Kombustor 2.5.lnk
2014-02-09 09:14 - 2014-02-09 09:14 - 00000000 ____D () C:\Program Files (x86)\MSI Kombustor 2.5
2014-02-08 12:41 - 2014-02-08 12:41 - 00000000 ____D () C:\Users\Neil\AppData\Local\Clarus
2014-02-07 09:35 - 2014-02-28 18:46 - 00000000 ____D () C:\Users\Neil\Documents\Reflect
2014-02-07 09:31 - 2014-03-01 23:02 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk
2014-02-07 09:31 - 2014-02-07 09:31 - 00000000 ____D () C:\Program Files\Macrium
2014-02-06 20:07 - 2014-02-06 20:07 - 00000041 _____ () C:\script.txt
2014-02-06 20:07 - 2014-02-06 20:07 - 00000031 _____ () C:\Windows\script.txt
2014-02-06 19:44 - 2014-02-06 19:44 - 00000000 ____D () C:\Program Files\LSoft Technologies
2014-02-06 19:36 - 2014-02-06 19:44 - 20338264 _____ (LSoft Technologies Inc ) C:\Users\Neil\Desktop\KillDiskSuiteFree-Setup.exe
2014-02-06 19:20 - 2014-02-06 19:20 - 00001862 _____ () C:\Users\Public\Desktop\Data Migration.lnk
2014-02-06 19:18 - 2014-02-06 19:18 - 00003290 _____ () C:\Windows\System32\Tasks\{5FB08C7F-1E8E-4C85-AB5F-178E4C784EBF}
2014-02-05 20:35 - 2014-02-05 20:35 - 00000000 ____D () C:\Users\Neil\AppData\Local\Realmware
2014-02-05 20:34 - 2014-02-05 20:34 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Realmware
2014-02-03 22:12 - 2014-02-07 17:38 - 00000000 ____D () C:\ProgramData\Macrium
2014-02-03 22:12 - 2014-02-07 09:30 - 00000000 ____D () C:\Users\Neil\Downloads\Macrium
2014-02-03 15:01 - 2014-02-03 15:01 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-02 22:00 - 2013-12-27 18:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-02-02 22:00 - 2013-12-27 18:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

==================== One Month Modified Files and Folders =======

2014-03-02 20:05 - 2014-03-02 11:51 - 00015534 _____ () C:\Users\Neil\Desktop\FRST.txt
2014-03-02 20:05 - 2014-03-02 11:48 - 00000000 ____D () C:\FRST
2014-03-02 20:03 - 2014-03-02 20:03 - 00016595 _____ () C:\Users\Neil\Desktop\AdwCleaner[S0].txt
2014-03-02 20:03 - 2013-04-14 21:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-02 20:03 - 2013-04-14 21:08 - 00145354 _____ () C:\Windows\setupact.log
2014-03-02 20:03 - 2012-11-03 07:57 - 00000000 ____D () C:\Program Files (x86)\HTC Home
2014-03-02 20:03 - 2012-07-05 08:05 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-03-02 20:03 - 2012-05-16 18:10 - 01271694 _____ () C:\Windows\WindowsUpdate.log
2014-03-02 20:03 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-02 20:02 - 2014-03-02 20:02 - 00000000 ____D () C:\AdwCleaner
2014-03-02 20:01 - 2014-03-02 20:01 - 01244192 _____ () C:\Users\Neil\Desktop\AdwCleaner.exe
2014-03-02 20:00 - 2012-09-22 20:51 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\vlc
2014-03-02 19:58 - 2009-07-14 05:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-02 19:56 - 2014-03-02 19:56 - 00000120 _____ () C:\Users\Neil\Desktop\browser url.txt
2014-03-02 18:03 - 2009-07-14 04:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-02 18:03 - 2009-07-14 04:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-02 12:46 - 2012-07-17 21:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-02 11:51 - 2014-03-02 11:51 - 00037840 _____ () C:\Users\Neil\Desktop\Addition.txt
2014-03-02 11:47 - 2014-03-02 11:47 - 02156544 _____ (Farbar) C:\Users\Neil\Desktop\FRST64.exe
2014-03-02 11:44 - 2014-03-02 11:44 - 00015554 _____ () C:\Users\Neil\Desktop\a2scan_140302-112811.txt
2014-03-02 11:28 - 2013-10-20 19:28 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2014-03-02 11:28 - 2013-10-20 19:28 - 00000000 ____D () C:\Program Files (x86)\EVGA Precision X
2014-03-01 23:02 - 2014-02-07 09:31 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk
2014-03-01 22:49 - 2014-03-01 22:49 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\QuickScan
2014-03-01 22:48 - 2014-03-01 22:47 - 00000000 ___HD () C:\Windows\AxInstSV
2014-03-01 22:36 - 2012-05-17 19:10 - 00000000 ____D () C:\ProgramData\Origin
2014-03-01 21:06 - 2012-05-17 19:41 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-01 20:59 - 2012-05-17 19:10 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-01 20:56 - 2014-03-01 20:56 - 00000085 _____ () C:\Windows\wininit.ini
2014-03-01 20:56 - 2014-03-01 20:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-01 20:56 - 2013-04-28 17:06 - 00403772 _____ () C:\Windows\PFRO.log
2014-03-01 20:13 - 2014-03-01 20:13 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-01 20:05 - 2014-03-01 14:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-01 19:04 - 2012-05-17 19:41 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-03-01 18:45 - 2013-11-14 09:46 - 00012738 _____ () C:\Windows\IE11_main.log
2014-03-01 18:45 - 2012-05-19 20:20 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-03-01 18:02 - 2014-03-01 18:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-01 18:02 - 2014-03-01 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-01 18:02 - 2012-05-17 14:35 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-01 16:57 - 2014-03-01 16:55 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyZooka
2014-03-01 16:56 - 2014-03-01 16:56 - 00000000 ____D () C:\Users\Neil\AppData\Local\SpyZooka
2014-03-01 16:27 - 2014-03-01 16:06 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-01 16:06 - 2014-03-01 16:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-01 16:06 - 2014-03-01 16:06 - 00000000 _____ () C:\autoexec.bat
2014-03-01 14:16 - 2014-03-01 14:16 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\AVAST Software
2014-03-01 14:15 - 2014-03-01 14:15 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-01 14:15 - 2014-03-01 14:15 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-01 14:15 - 2014-03-01 14:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-01 14:15 - 2014-03-01 14:15 - 00001976 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-01 14:14 - 2014-03-01 14:14 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-01 11:19 - 2013-03-24 07:27 - 01042104 _____ () C:\Users\Neil\AppData\Local\census.cache
2014-03-01 11:19 - 2013-03-24 07:27 - 00122057 _____ () C:\Users\Neil\AppData\Local\ars.cache
2014-02-28 20:44 - 2013-05-25 09:11 - 00001361 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-02-28 20:41 - 2014-02-28 20:41 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-28 20:40 - 2012-05-16 22:30 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-28 18:46 - 2014-02-07 09:35 - 00000000 ____D () C:\Users\Neil\Documents\Reflect
2014-02-28 18:38 - 2014-02-28 18:38 - 00000000 ____D () C:\Windows\pss
2014-02-28 18:38 - 2012-05-16 18:10 - 00000000 ___RD () C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-28 12:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-02-28 12:05 - 2014-02-28 12:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-28 12:05 - 2014-02-28 12:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-28 12:05 - 2014-02-28 12:05 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-28 12:05 - 2014-02-28 12:05 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-28 12:05 - 2013-07-01 18:06 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-28 09:46 - 2012-07-17 21:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-28 09:46 - 2012-05-18 06:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-28 09:46 - 2012-05-18 06:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-16 21:45 - 2012-05-21 20:45 - 00000000 ____D () C:\Program Files\PeerBlock
2014-02-16 21:22 - 2014-02-16 21:22 - 00892184 _____ () C:\Windows\Minidump\021614-6723-01.dmp
2014-02-16 21:22 - 2014-02-16 20:58 - 641886944 _____ () C:\Windows\MEMORY.DMP
2014-02-16 21:22 - 2012-05-31 06:36 - 00000000 ____D () C:\Windows\Minidump
2014-02-16 20:58 - 2014-02-16 20:58 - 00296176 _____ () C:\Windows\Minidump\021614-6754-01.dmp
2014-02-14 21:28 - 2014-02-14 21:28 - 00013824 _____ () C:\Users\Neil\Desktop\Bon.xls
2014-02-13 10:50 - 2012-08-01 21:05 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\uTorrent
2014-02-13 09:16 - 2014-02-13 09:16 - 00001021 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2014-02-13 09:16 - 2014-02-13 09:16 - 00000000 ____D () C:\Program Files (x86)\PowerISO
2014-02-12 16:37 - 2014-02-12 16:37 - 00000000 ____D () C:\Windows\SysWOW64\Dell
2014-02-12 16:02 - 2013-07-20 20:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 16:02 - 2012-05-19 19:55 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 16:00 - 2012-05-17 14:35 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-11 18:57 - 2014-02-11 18:38 - 00000000 ____D () C:\Users\Neil\Desktop\War of the Worlds
2014-02-10 20:55 - 2013-04-23 20:28 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-10 20:51 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-10 20:30 - 2014-02-10 20:30 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\U3
2014-02-10 20:28 - 2014-02-10 20:28 - 00001005 _____ () C:\Users\Neil\Desktop\MakeMKV.lnk
2014-02-10 20:28 - 2014-02-10 20:28 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2014-02-10 20:28 - 2014-02-10 20:28 - 00000000 ____D () C:\Users\Neil\.MakeMKV
2014-02-10 20:28 - 2014-02-10 20:28 - 00000000 ____D () C:\Program Files (x86)\MakeMKV
2014-02-10 20:28 - 2012-05-16 18:10 - 00000000 ____D () C:\Users\Neil
2014-02-10 18:58 - 2014-02-10 18:58 - 00002127 _____ () C:\Users\Neil\Desktop\Microsoft Security Essentials.lnk
2014-02-10 18:48 - 2014-02-10 18:48 - 00000000 ____D () C:\Program Files (x86)\DVD43 Plug-in
2014-02-10 16:53 - 2013-04-17 22:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-10 16:50 - 2014-02-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-09 09:14 - 2014-02-09 09:14 - 00001106 _____ () C:\Users\Neil\Desktop\MSI Kombustor 2.5.lnk
2014-02-09 09:14 - 2014-02-09 09:14 - 00000000 ____D () C:\Program Files (x86)\MSI Kombustor 2.5
2014-02-09 09:14 - 2013-04-23 20:33 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Samsung
2014-02-09 09:14 - 2013-04-23 20:33 - 00000000 ____D () C:\Users\Neil\AppData\Local\Samsung
2014-02-09 09:14 - 2013-04-23 20:28 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-08 18:34 - 2014-02-28 20:38 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-08 18:34 - 2014-02-28 20:38 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-02-08 18:34 - 2014-02-28 20:38 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-02-08 18:34 - 2013-04-14 21:09 - 18257576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-02-08 18:34 - 2013-04-14 21:09 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-08 18:34 - 2012-12-20 18:27 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-02-08 18:34 - 2012-08-10 13:17 - 03090184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-02-08 18:34 - 2012-08-10 13:17 - 00947296 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-02-08 18:34 - 2012-08-10 13:17 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-02-08 18:34 - 2012-08-10 13:17 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-02-08 17:42 - 2013-09-23 07:30 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-02-08 17:42 - 2013-04-14 21:10 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-02-08 17:42 - 2013-04-14 21:10 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-02-08 17:42 - 2013-04-14 21:10 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-02-08 17:42 - 2013-04-14 21:10 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-02-08 17:42 - 2012-08-10 13:18 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-02-08 16:18 - 2014-02-28 20:40 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-02-08 12:41 - 2014-02-08 12:41 - 00000000 ____D () C:\Users\Neil\AppData\Local\Clarus
2014-02-07 17:38 - 2014-02-03 22:12 - 00000000 ____D () C:\ProgramData\Macrium
2014-02-07 17:37 - 2012-11-13 18:47 - 00001080 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-07 09:31 - 2014-02-07 09:31 - 00000000 ____D () C:\Program Files\Macrium
2014-02-07 09:30 - 2014-02-03 22:12 - 00000000 ____D () C:\Users\Neil\Downloads\Macrium
2014-02-06 20:32 - 2014-01-19 07:31 - 00000766 _____ () C:\Users\Neil\Desktop\u Torrent Downloads.lnk
2014-02-06 20:23 - 2009-07-14 05:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-02-06 20:23 - 2009-07-14 05:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-02-06 20:07 - 2014-02-06 20:07 - 00000041 _____ () C:\script.txt
2014-02-06 20:07 - 2014-02-06 20:07 - 00000031 _____ () C:\Windows\script.txt
2014-02-06 19:44 - 2014-02-06 19:44 - 00000000 ____D () C:\Program Files\LSoft Technologies
2014-02-06 19:44 - 2014-02-06 19:36 - 20338264 _____ (LSoft Technologies Inc ) C:\Users\Neil\Desktop\KillDiskSuiteFree-Setup.exe
2014-02-06 19:20 - 2014-02-06 19:20 - 00001862 _____ () C:\Users\Public\Desktop\Data Migration.lnk
2014-02-06 19:18 - 2014-02-06 19:18 - 00003290 _____ () C:\Windows\System32\Tasks\{5FB08C7F-1E8E-4C85-AB5F-178E4C784EBF}
2014-02-06 19:07 - 2012-05-18 01:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-06 12:16 - 2014-02-12 15:59 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:30 - 2014-02-12 15:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:30 - 2014-02-12 15:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 - 2014-02-12 15:59 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 11:07 - 2014-02-12 15:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:06 - 2014-02-12 15:59 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 15:59 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:56 - 2014-02-12 15:59 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:52 - 2014-02-12 15:59 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:49 - 2014-02-12 15:59 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:48 - 2014-02-12 15:59 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:48 - 2014-02-12 15:59 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:38 - 2014-02-12 15:59 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 10:32 - 2014-02-12 15:59 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:20 - 2014-02-12 15:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 10:17 - 2014-02-12 15:59 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:11 - 2014-02-12 15:59 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:01 - 2014-02-12 15:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 10:00 - 2014-02-12 15:59 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 09:57 - 2014-02-12 15:59 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 09:57 - 2014-02-12 15:59 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 09:52 - 2014-02-12 15:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 09:52 - 2014-02-12 15:59 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 09:50 - 2014-02-12 15:59 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 09:49 - 2014-02-12 15:59 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 09:47 - 2014-02-12 15:59 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 09:46 - 2014-02-12 15:59 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 09:25 - 2014-02-12 15:59 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 09:25 - 2014-02-12 15:59 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 09:24 - 2014-02-12 15:59 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:22 - 2014-02-12 15:59 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:13 - 2014-02-12 15:59 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 09:09 - 2014-02-12 15:59 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 09:03 - 2014-02-12 15:59 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 08:55 - 2014-02-12 15:59 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 08:41 - 2014-02-12 15:59 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 08:40 - 2014-02-12 15:59 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 08:36 - 2014-02-12 15:59 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 08:34 - 2014-02-12 15:59 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 22:15 - 2014-01-24 23:28 - 00001983 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-02-05 22:11 - 2013-04-23 20:25 - 00000000 ____D () C:\Users\Neil\AppData\Local\Downloaded Installations
2014-02-05 21:20 - 2012-10-07 16:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-05 20:35 - 2014-02-05 20:35 - 00000000 ____D () C:\Users\Neil\AppData\Local\Realmware
2014-02-05 20:34 - 2014-02-05 20:34 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Realmware
2014-02-05 17:59 - 2012-05-16 18:22 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-02-05 17:52 - 2012-08-10 13:18 - 03573739 _____ () C:\Windows\system32\nvcoproc.bin
2014-02-05 11:49 - 2012-06-02 19:57 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4
2014-02-05 09:31 - 2013-11-01 13:42 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-02-05 09:30 - 2013-11-01 13:42 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-02-03 15:01 - 2014-02-03 15:01 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-02 21:54 - 2012-09-13 20:53 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\DVD Flick
2014-02-02 00:05 - 2012-07-03 19:27 - 00155528 _____ (Nicomsoft Ltd.) C:\Windows\system32\DDCHELPER.dll
2014-02-02 00:05 - 2012-07-03 19:27 - 00020832 _____ (Nicomsoft Ltd.) C:\Windows\system32\Drivers\ddcdrv.sys
2014-02-01 02:31 - 2012-05-21 20:45 - 00001792 _____ () C:\Users\Neil\Desktop\PeerBlock.lnk

ZeroAccess:
C:\Windows\Installer\{eb180144-a45f-1183-0f1f-b751a0fa4802}

Some content of TEMP:
====================
C:\Users\Neil\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-28 12:34

==================== End Of Log ============================
 

 

Thanks for your on going assistance, it's greatly appreciated :)


Edited by Crisbeq, 02 March 2014 - 03:21 PM.


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 02 March 2014 - 05:24 PM

Hello,

so we can be quite sure, that Backdoor.Win32.CmjSpy was just a false alarm.
I've seen nothing but some adware until now. Let's remove some remnants an do a final check up:


Step 1

Please download this attached Attached File  fixlist.txt   1.21KB   2 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!



#7 Crisbeq

Crisbeq
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 03 March 2014 - 06:03 AM

Hi Aharonov

 

Files as requested;

 

FIXLOG FILE;

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2014 01
Ran by Neil at 2014-03-03 09:24:00 Run:1
Running from C:\Users\Neil\Desktop\virus\1st
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEtBtD0B0FzytDyD0BtDtCtN0D0Tzu0CyCtDtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=162405395&ir=
SearchScopes: HKLM-x32 - {37065DF9-CD0B-40CF-A6C8-F5A4D331349B URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEtBtD0B0FzytDyD0BtDtCtN0D0Tzu0CyCtDtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=162405395&ir=
BHO: Weather It Up - {11111111-1111-1111-1111-110411911136} - C:\Program Files (x86)\Weather It Up\Weather It Up-bho64.dll No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
C:\Windows\Installer\{eb180144-a45f-1183-0f1f-b751a0fa4802}
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{37065DF9-CD0B-40CF-A6C8-F5A4D331349B => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{37065DF9-CD0B-40CF-A6C8-F5A4D331349B => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411911136} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110411911136} => Key deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
C:\Windows\Installer\{eb180144-a45f-1183-0f1f-b751a0fa4802} => Moved successfully.

==== End of Fixlog ====

 

ESET SCANNER FILE;

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=828f7460f225f448922f9ecd0de676fe
# engine=17292
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-03 10:07:48
# local_time=2014-03-03 10:07:48 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 77 161559 161563 0 0
# compatibility_mode=5893 16776574 100 94 20265954 146306318 0 0
# scanned=154207
# found=6
# cleaned=0
# scan_time=2365
sh=8DEF42E6CDF259B3E0BA413E99A9B014AFD5F2F3 ft=1 fh=4313be7a8f31517f vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Doxillion\doxillion.exe.vir"
sh=CE64D9E7CAD924581214A4B9FD21ABA92D52F4FC ft=1 fh=4d6e0736ff17bc67 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Doxillion\doxillionsetup_v2.13.exe.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Users\Neil\AppData\Local\Temp\352312.Uninstall\uninstaller.exe"
sh=9EED75E150AAF3FF4440346946B1B5882D3AAED7 ft=1 fh=36a8d98481590cc6 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Neil\Downloads\DriverSweeper_3.2.0.exe"
sh=47EDFF164F0CE1CCAF4F5F03C00FDDEEBFCD5A68 ft=1 fh=e4ccce8222f8eea0 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="F:\u Torrent Downloads\Windows Vista Business (32 Bit)\File Sharing Programs\Bit-Lord 1.2.exe"
sh=801F79023FB80D3E50A3A04BE5A5B3339C4AF884 ft=0 fh=0000000000000000 vn="Win32/HackTool.WinActivator.I potentially unsafe application" ac=I fn="F:\u Torrent Downloads\Windows Vista Business (32 Bit)\ISO File\Windows Vista Business (32 Bit).iso"
 

 

Thanks again :)



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 03 March 2014 - 06:07 AM

Hello,

this is looking good, no active malware has been found!


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.



#9 Crisbeq

Crisbeq
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 03 March 2014 - 06:34 AM

Brilliant!! Thanks again for your help its much appreciated. You've definitely earned a beer, donation on its way :)



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 03 March 2014 - 06:52 AM

Thanks a lot for your donation!



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 03 March 2014 - 06:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users