Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Can't Get Rid of "COM Surrogate"


  • This topic is locked This topic is locked
37 replies to this topic

#1 AlgernonTehMouse

AlgernonTehMouse

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 01 January 2015 - 11:04 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/561756/i-cant-get-rid-of-com-surrogate/ ~ OB

 

http://screencast.com/t/DAqQuYeCL4 (Screen Shot of My Issue)

 

My computer(Windows 8) keeps shutting down and restarting randomly, the cpu temperature fluctuates as well, I ran Rkill and  it did not see any problems at all, then I ran malwarebytes and it still sees nothing wrong so I'm really confused as to what is causing my computer to have high memory and disk usage.

 

So Then I used the poweliks cleaner

http://screencast.com/t/HuTTq4Lg5HsR (ESET Poweliks Cleaner Results) 

 

Says That There Is No Threat Found, So I am Assuming that there is no "COM Surrogate" on my computer anymore? 

 

but IN Task Manager I can See it Right there Plain and simple

 
So then I downloaded the DDS and this happened 

 I followed step 6 and Downloaded DDs when I ran It this is what happened http://screencast.com/t/PCEzU2xEO5x

 

So how do I run this program ? Since it wont start Id like to find out how to remove this because the constant computer restarting is thoroughly annoying especially if I am playing Dragon Age: Inquisition


Edited by Orange Blossom, 01 January 2015 - 11:14 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:52 PM

Posted 02 January 2015 - 12:02 AM

Hello AlgernonTehMouse,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 AlgernonTehMouse

AlgernonTehMouse
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 02 January 2015 - 04:33 AM

# AdwCleaner v4.106 - Report created 02/01/2015 at 01:23:32
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Cecil - ALGERNON
# Running from : C:\Users\Cecil\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Cecil\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\END
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16384
 
 
-\\ Mozilla Firefox v33.1 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325159&octid=EB_ORIGINAL_CTID&ISID=MF581C6A0-35F3-4E3E-A0E0-C4988000A9D7&SearchSource=58&CUI=&UM=6&UP=SPB751B8CC-F4B0-43D4-B848-E4E5082175A3&q={searchTerms}&SSPV=
[C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325159&octid=EB_ORIGINAL_CTID&ISID=MF581C6A0-35F3-4E3E-A0E0-C4988000A9D7&SearchSource=58&CUI=&UM=6&UP=SPB751B8CC-F4B0-43D4-B848-E4E5082175A3&q={searchTerms}&SSPV=
 
-\\ Opera v26.0.1656.60
 
[C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325159&octid=EB_ORIGINAL_CTID&ISID=MF581C6A0-35F3-4E3E-A0E0-C4988000A9D7&SearchSource=58&CUI=&UM=6&UP=SPB751B8CC-F4B0-43D4-B848-E4E5082175A3&q={searchTerms}&SSPV=
[C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325159&octid=EB_ORIGINAL_CTID&ISID=MF581C6A0-35F3-4E3E-A0E0-C4988000A9D7&SearchSource=58&CUI=&UM=6&UP=SPB751B8CC-F4B0-43D4-B848-E4E5082175A3&q={searchTerms}&SSPV=
[C:\Users\Cecil\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : aaipilfmheplbcghignccoiiebekkdhe
[C:\Users\Cecil\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
[C:\Users\Cecil\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg
[C:\Users\Cecil\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg
[C:\Users\Cecil\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : iklgpchfbohgmghgfagediakopecfmbm
[C:\Users\Cecil\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan
[C:\Users\Cecil\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
[C:\Users\Cecil\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kjpifmjicccpbkfjdkehimhgklfkbanh
[C:\Users\Cecil\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago
[C:\Users\Cecil\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ekpibplnnkfdcafdpoekhoffegcajene
[C:\Users\Cecil\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ipljmghelflfikejmgkmlmpjmehfjodc
[C:\Users\Cecil\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ejddjnilmdncjilbfjgameihlklfpohp
[C:\Users\Cecil\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe
[C:\Users\Cecil\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : aonedlchkbicmhepimiahfalheedjgbh
 
*************************
 
AdwCleaner[R0].txt - [5931 octets] - [02/01/2015 01:20:53]
AdwCleaner[S0].txt - [6893 octets] - [02/01/2015 01:23:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6953 octets] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015
Ran by Cecil (administrator) on ALGERNON on 02-01-2015 01:30:13
Running from C:\Users\Cecil\Desktop
Loaded Profiles: Cecil & UpdatusUser (Available profiles: Cecil & UpdatusUser & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Launcher)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MySQL AB) C:\xampp\mysql\bin\mysqld.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Perforce Software Inc.) C:\Program Files\Perforce\Server\p4s.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2429302538-309978599-264670068-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
URLSearchHook: [S-1-5-21-2429302538-309978599-264670068-1003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2429302538-309978599-264670068-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2429302538-309978599-264670068-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Cecil\AppData\Roaming\Mozilla\Firefox\Profiles\5ql8cv65.default-1419729709695
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-2429302538-309978599-264670068-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Cecil\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-2429302538-309978599-264670068-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Cecil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2429302538-309978599-264670068-1002: @talk.google.com/O1DPlugin -> C:\Users\Cecil\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2429302538-309978599-264670068-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Cecil\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2429302538-309978599-264670068-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Cecil\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2429302538-309978599-264670068-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cecil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cecil\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Cecil\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-01-02]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2015-01-02]
FF HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325159&octid=EB_ORIGINAL_CTID&ISID=MF581C6A0-35F3-4E3E-A0E0-C4988000A9D7&SearchSource=55&CUI=&UM=6&UP=SPB751B8CC-F4B0-43D4-B848-E4E5082175A3&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-27]
CHR Extension: (Google Drive) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-27]
CHR Extension: (Adblock Plus) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-29]
CHR Extension: (Google Search) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-27]
CHR Extension: (GreenAddress) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgbimgjoijjemhdamicmljbncacfndmp [2014-08-05]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-01-03]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2014-09-30]
CHR Extension: (Rebump) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbohoafagnlmidmhhpfdnmfpodhohaad [2014-06-10]
CHR Extension: (Follow) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2014-10-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-01-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-18]
CHR Extension: (Hangouts) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-05-08]
CHR Extension: (Google Wallet) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Extension: (Gmail) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-27]
CHR Extension: (Streak for Gmail) - C:\Users\Cecil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2014-05-29]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apache2.2; C:\xampp\apache\bin\httpd.exe [29416 2009-12-20] (Apache Software Foundation)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-05-16] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-12-11] (BioWare)
S2 libusbd; C:\Windows\SysWOW64\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1732048 2014-11-27] (Micro-Star International)
R2 MySQL; C:\xampp\mysql\bin\mysqld.exe [6095504 2009-12-20] (MySQL AB)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-10-27] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-21] (Electronic Arts)
R2 Perforce; C:\Program Files\Perforce\Server\p4s.exe [3455104 2012-11-09] (Perforce Software Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-12-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150101.001\IDSvia64.sys [637656 2014-12-12] (Symantec Corporation)
S3 iLokDrvr; C:\Windows\System32\drivers\iLokDrvr.sys [25808 2013-04-11] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150101.017\ENG64.SYS [129752 2014-12-22] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150101.017\EX64.SYS [2137304 2014-12-22] (Symantec Corporation)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R1 SRTSP; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S2 iPodDrv; \??\C:\WINDOWS\system32\drivers\iPodDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-02 01:30 - 2015-01-02 01:30 - 00025737 _____ () C:\Users\Cecil\Desktop\FRST.txt
2015-01-02 01:30 - 2015-01-02 01:30 - 00000000 ____D () C:\FRST
2015-01-02 01:20 - 2015-01-02 01:23 - 00000000 ____D () C:\AdwCleaner
2015-01-02 01:19 - 2015-01-02 01:19 - 02173952 _____ () C:\Users\Cecil\Desktop\AdwCleaner.exe
2015-01-02 01:19 - 2015-01-02 01:19 - 02123264 _____ (Farbar) C:\Users\Cecil\Desktop\FRST64.exe
2015-01-01 21:28 - 2015-01-01 21:33 - 602762370 _____ () C:\Users\Cecil\Desktop\Video 1-1-2015 9-28-02 PM.mp4
2015-01-01 21:12 - 2015-01-01 22:03 - 00003924 _____ () C:\WINDOWS\windefendam.log
2015-01-01 21:12 - 2015-01-01 22:03 - 00000020 _____ () C:\WINDOWS\capsys184523.log
2015-01-01 21:12 - 2015-01-01 21:12 - 00000000 ____D () C:\Users\Cecil\AppData\Roaming\Mirillis
2015-01-01 21:12 - 2015-01-01 21:12 - 00000000 ____D () C:\ProgramData\Mirillis
2015-01-01 21:12 - 2015-01-01 21:12 - 00000000 ____D () C:\Action!
2015-01-01 21:11 - 2015-01-01 21:12 - 00000000 ____D () C:\Users\Cecil\AppData\Local\Mirillis
2015-01-01 21:11 - 2015-01-01 21:11 - 00002051 _____ () C:\Users\Public\Desktop\Action!.lnk
2015-01-01 21:11 - 2015-01-01 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2015-01-01 21:11 - 2015-01-01 21:11 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2015-01-01 21:10 - 2015-01-01 21:10 - 21452688 _____ (Mirillis Ltd.) C:\Users\Cecil\Downloads\action_1_20_2_setup.exe
2015-01-01 18:30 - 2015-01-01 18:30 - 00688992 _____ (Swearware) C:\Users\Cecil\Desktop\dds.com
2015-01-01 18:26 - 2015-01-02 01:25 - 00000652 _____ () C:\WINDOWS\PFRO.log
2015-01-01 15:29 - 2015-01-01 15:29 - 00005168 _____ () C:\Users\Cecil\Downloads\Keywords.csv
2015-01-01 15:17 - 2015-01-01 15:25 - 00595272 _____ () C:\Users\Cecil\Desktop\ESETPoweliksCleaner.exe_20150101.151745.4820.log
2015-01-01 15:17 - 2015-01-01 15:17 - 00595272 _____ () C:\Users\Cecil\Desktop\ESETPoweliksCleaner.exe_20150101.151703.2292.log
2015-01-01 15:16 - 2015-01-01 15:16 - 00186568 _____ (ESET) C:\Users\Cecil\Desktop\ESETPoweliksCleaner.exe
2015-01-01 15:03 - 2015-01-01 15:09 - 00000000 ____D () C:\Users\Cecil\Desktop\Dental Marketing HQ
2015-01-01 14:40 - 2015-01-01 14:47 - 00000000 ____D () C:\Users\Cecil\Desktop\Dental Marketing
2015-01-01 13:38 - 2015-01-01 13:38 - 00170188 _____ () C:\Users\Cecil\Documents\cc_20150101_133819.reg
2015-01-01 13:34 - 2015-01-01 13:34 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-01-01 13:34 - 2015-01-01 13:34 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-01 13:34 - 2015-01-01 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-01 13:34 - 2015-01-01 13:34 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-01 13:33 - 2015-01-01 13:33 - 05317104 _____ (Piriform Ltd) C:\Users\Cecil\Downloads\ccsetup501.exe
2015-01-01 13:29 - 2015-01-01 13:57 - 00002722 _____ () C:\Users\Cecil\Desktop\Rkill.txt
2015-01-01 13:29 - 2015-01-01 13:29 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Cecil\Desktop\rkill64.com
2015-01-01 13:28 - 2015-01-01 13:29 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Cecil\Desktop\rkill.com
2015-01-01 12:49 - 2015-01-02 01:26 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 12:49 - 2015-01-01 12:49 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-01 12:49 - 2015-01-01 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-01 12:49 - 2015-01-01 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-01 12:49 - 2015-01-01 12:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-01 12:49 - 2014-11-21 07:08 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-01 12:49 - 2014-11-21 07:07 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-01 12:49 - 2014-11-21 07:07 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-01 12:48 - 2015-01-01 12:49 - 20447120 _____ (Malwarebytes Corporation ) C:\Users\Cecil\Downloads\mbam_premium.exe
2014-12-30 11:59 - 2014-12-30 12:00 - 244982028 _____ () C:\Users\Cecil\Downloads\videohive-1148716-businesswoman-sharing-information.zip
2014-12-30 11:58 - 2014-12-30 11:59 - 134743428 _____ () C:\Users\Cecil\Downloads\videohive-2391839-business-indoor.zip
2014-12-30 09:53 - 2014-12-30 12:23 - 00018209 _____ () C:\Users\Cecil\Desktop\Content Delivered Week of Dec 29 - Jan 4.xlsx
2014-12-30 09:53 - 2014-12-30 09:53 - 00031809 _____ () C:\Users\Cecil\Downloads\Content_Delivered-2014-12-29.zip
2014-12-30 09:04 - 2014-12-30 09:04 - 28480061 _____ () C:\Users\Cecil\Downloads\audiojungle-9927889-hope.zip
2014-12-29 22:49 - 2014-12-29 22:49 - 00000222 _____ () C:\Users\Cecil\Desktop\Tabletop Simulator.url
2014-12-29 13:47 - 2014-12-29 13:48 - 676293079 _____ () C:\Users\Cecil\Downloads\videohive-8946028-designer-using-a-tablet-mouse-.zip
2014-12-29 13:01 - 2014-12-29 13:07 - 167154481 _____ () C:\Users\Cecil\Downloads\videohive-8234598-job-training.zip
2014-12-29 13:01 - 2014-12-29 13:01 - 149967140 _____ () C:\Users\Cecil\Downloads\videohive-8234607-corporate-learning.zip
2014-12-29 11:32 - 2014-12-29 11:34 - 399509795 _____ () C:\Users\Cecil\Downloads\videohive-7688694-seeing-a-doctor.zip
2014-12-28 11:44 - 2014-12-28 11:44 - 00013967 _____ () C:\Users\Cecil\Downloads\[kickass.so]doctor.who.complete.hd.season.7.torrent
2014-12-27 18:09 - 2014-12-27 18:09 - 00000285 _____ () C:\Users\Cecil\Downloads\Clear Windows Update Cache.zip
2014-12-27 17:45 - 2015-01-01 13:20 - 00004503 _____ () C:\Users\Cecil\Desktop\high disk usage.txt
2014-12-27 17:21 - 2014-12-27 17:21 - 00000000 ____D () C:\Users\Cecil\Desktop\Old Firefox Data
2014-12-26 10:44 - 2014-12-26 11:02 - 30475588 _____ () C:\Users\Cecil\Desktop\Dentist Video Leads-Locally.mp4
2014-12-25 21:48 - 2014-12-25 21:49 - 00000000 ____D () C:\NPE
2014-12-25 21:46 - 2014-12-26 10:37 - 00000000 ____D () C:\Users\Cecil\AppData\Local\NPE
2014-12-25 17:59 - 2014-12-25 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-23 16:56 - 2014-12-23 16:56 - 00010641 _____ () C:\Users\Cecil\Documents\Cost comparison KW research.xlsx
2014-12-23 16:36 - 2014-12-23 16:37 - 460231280 _____ () C:\Users\Cecil\Downloads\videohive-7868077-light-glitch-logo-reveal.zip
2014-12-23 16:11 - 2015-01-01 12:08 - 00000000 ____D () C:\Users\Cecil\Desktop\L-L Video
2014-12-23 16:08 - 2014-12-23 16:08 - 00000760 _____ () C:\Users\Cecil\Downloads\simple-slideshow-license.txt
2014-12-23 13:29 - 2014-12-23 13:29 - 00050176 _____ () C:\Users\Cecil\Downloads\sociable_media_template_v1_1.pot
2014-12-22 12:04 - 2014-12-22 12:04 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-12-22 12:02 - 2014-12-22 12:02 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-12-22 12:02 - 2013-11-26 15:34 - 00838872 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2014-12-22 12:02 - 2013-11-26 15:34 - 00073800 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2014-12-22 11:43 - 2014-12-22 11:43 - 00009135 _____ () C:\Users\Cecil\Documents\posts this week.xlsx
2014-12-22 11:42 - 2014-12-22 11:42 - 00002047 _____ () C:\Users\Public\Desktop\MSI Live Update 6.lnk
2014-12-22 11:42 - 2014-12-22 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2014-12-22 11:42 - 2014-12-22 11:42 - 00000000 ____D () C:\Program Files (x86)\Setup Files
2014-12-22 11:42 - 2014-12-22 11:42 - 00000000 ____D () C:\Program Files (x86)\MSI
2014-12-22 11:42 - 2014-12-22 11:42 - 00000000 ____D () C:\MSI
2014-12-22 11:42 - 2014-04-30 16:23 - 00011248 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\acpimof.dll
2014-12-22 11:41 - 2014-12-22 11:41 - 10654958 _____ () C:\Users\Cecil\Downloads\LiveUpdate.zip
2014-12-22 11:41 - 2014-12-04 16:06 - 00000000 ____D () C:\Users\Cecil\Desktop\LiveUpdate
2014-12-22 11:39 - 2014-12-22 11:39 - 00000000 ____D () C:\Users\Cecil\Desktop\BIOS UPDATE
2014-12-22 11:34 - 2014-12-22 11:34 - 01384821 _____ () C:\Users\Cecil\Downloads\7641vHG.zip
2014-12-22 11:22 - 2014-12-22 11:22 - 00131584 _____ () C:\Users\Cecil\Downloads\Motherboard_ID_Tool.zip
2014-12-22 08:52 - 2014-12-23 16:55 - 00018574 _____ () C:\Users\Cecil\Desktop\Content Delivered Week of Dec 22-28.xlsx
2014-12-22 08:52 - 2014-12-22 08:52 - 00031654 _____ () C:\Users\Cecil\Downloads\Content_Delivered-2014-12-22.zip
2014-12-22 00:18 - 2014-12-22 00:18 - 00000000 ____D () C:\Users\Cecil\Documents\EVE
2014-12-21 23:55 - 2014-12-21 23:55 - 00001907 _____ () C:\Users\Cecil\Desktop\EVE.lnk
2014-12-21 23:55 - 2014-12-21 23:55 - 00000000 ____D () C:\Users\Cecil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
2014-12-21 23:47 - 2014-12-21 23:47 - 00000000 ____D () C:\Program Files (x86)\CCP
2014-12-21 23:11 - 2014-12-21 23:18 - 00000000 ____D () C:\Users\Cecil\AppData\Local\Battle.net
2014-12-21 23:11 - 2014-12-21 23:11 - 00000000 ____D () C:\Users\Cecil\AppData\Roaming\Battle.net
2014-12-21 23:11 - 2014-12-21 23:11 - 00000000 ____D () C:\Users\Cecil\AppData\Local\Blizzard Entertainment
2014-12-21 23:11 - 2014-12-21 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-12-21 23:11 - 2014-12-21 23:11 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-21 23:10 - 2014-12-21 23:10 - 03227560 _____ (Blizzard Entertainment) C:\Users\Cecil\Downloads\StarCraft-II-Setup-enUS (1).exe
2014-12-21 23:06 - 2014-12-21 23:06 - 00000000 ____D () C:\Users\Cecil\AppData\Local\CCP
2014-12-21 23:05 - 2014-12-21 23:05 - 04743088 _____ (CCP hf.) C:\Users\Cecil\Downloads\EVE_Online_Installer_853270.exe
2014-12-19 14:14 - 2014-12-19 14:14 - 00000000 _____ () C:\Users\Cecil\Desktop\josie.txt
2014-12-19 11:29 - 2014-12-19 11:29 - 00030885 _____ () C:\Users\Cecil\Downloads\Content_Delivered-2014-12-15.zip
2014-12-19 11:29 - 2014-12-19 11:29 - 00000165 ____H () C:\Users\Cecil\Desktop\~$Content Delivered Week of Dec 15-21.xlsx
2014-12-19 11:29 - 2014-12-05 23:23 - 00017835 _____ () C:\Users\Cecil\Desktop\Content Delivered Week of Dec 15-21.xlsx
2014-12-18 14:29 - 2014-12-18 14:29 - 00008787 _____ () C:\Users\Cecil\Desktop\Chiropractor keywords.csv
2014-12-18 14:19 - 2014-12-18 14:19 - 00002862 _____ () C:\Users\Cecil\Desktop\plastic surgeon marketing keywords.csv
2014-12-18 14:02 - 2014-12-18 16:21 - 00007634 _____ () C:\Users\Cecil\Desktop\marketing attorney keywords.csv
2014-12-18 13:52 - 2014-12-18 13:52 - 00000895 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreshKey.lnk
2014-12-18 13:52 - 2014-12-18 13:52 - 00000883 _____ () C:\Users\Public\Desktop\FreshKey.lnk
2014-12-18 13:52 - 2014-12-18 13:52 - 00000000 ____D () C:\Users\Cecil\AppData\Roaming\FreshKey
2014-12-18 13:52 - 2014-12-18 13:52 - 00000000 ____D () C:\Program Files (x86)\FreshKey
2014-12-18 13:49 - 2014-12-18 13:49 - 01699875 _____ () C:\Users\Cecil\Downloads\freshkey-1.air.zip
2014-12-17 11:43 - 2014-12-23 16:55 - 00011374 _____ () C:\Users\Cecil\Desktop\pack.xlsx
2014-12-16 13:14 - 2014-12-16 13:14 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton 360
2014-12-16 13:12 - 2014-12-16 13:12 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-12-16 13:12 - 2014-12-16 13:12 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-12-16 13:12 - 2014-12-16 13:12 - 00003206 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-12-16 13:12 - 2014-12-16 13:12 - 00002411 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-12-16 13:12 - 2014-12-16 13:12 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-12-16 13:11 - 2014-12-16 13:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-12-16 13:11 - 2014-12-16 13:11 - 00000000 ____D () C:\WINDOWS\system32\Drivers\N360x64
2014-12-16 13:11 - 2014-12-16 13:11 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-12-16 13:10 - 2014-12-16 13:14 - 00000000 ____D () C:\ProgramData\Norton
2014-12-16 13:10 - 2014-12-16 13:10 - 01021776 _____ (Symantec Corporation) C:\Users\Cecil\Downloads\NortonN360Downloader.exe
2014-12-16 13:10 - 2014-12-16 13:10 - 00001314 _____ () C:\Users\Cecil\Desktop\Norton Installation Files.lnk
2014-12-16 13:08 - 2014-12-16 13:08 - 01513280 _____ (LogMeIn, Inc.) C:\Users\Cecil\Downloads\Support-LogMeInRescue (1).exe
2014-12-16 09:33 - 2014-12-16 09:33 - 00000000 ____D () C:\Users\Cecil\AppData\Local\backburner
2014-12-15 13:23 - 2014-12-16 11:51 - 00001282 _____ () C:\Users\Cecil\Desktop\Core Temp.lnk
2014-12-15 13:23 - 2014-12-15 13:24 - 00000000 ____D () C:\Program Files\Core Temp
2014-12-15 13:23 - 2014-12-15 13:23 - 01285176 _____ (Alcpu ) C:\Users\Cecil\Downloads\Core-Temp-installer.exe
2014-12-15 13:23 - 2014-12-15 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2014-12-15 13:18 - 2015-01-02 01:26 - 00000000 ___RD () C:\Users\Cecil\SkyDrive
2014-12-15 13:07 - 2014-12-15 13:07 - 00916646 _____ (Alcpu ) C:\Users\Cecil\Downloads\Core-Temp-installer.exe.opdownload
2014-12-13 13:02 - 2014-12-13 13:02 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-12-13 13:02 - 2014-12-13 13:02 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-12-13 13:02 - 2014-12-13 13:02 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-12-13 13:02 - 2014-12-13 13:02 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-12-13 13:02 - 2014-12-13 13:02 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-12 18:49 - 2014-12-12 18:49 - 01548384 _____ (Skype Technologies S.A.) C:\Users\Cecil\Downloads\SkypeSetup(1).exe
2014-12-12 13:08 - 2014-12-12 13:08 - 00000000 ____D () C:\Users\Cecil\AppData\Roaming\Softland
2014-12-12 13:08 - 2014-12-12 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\novaPDF 7
2014-12-12 13:08 - 2014-12-12 13:08 - 00000000 ____D () C:\Program Files\Softland
2014-12-12 13:08 - 2013-09-17 09:39 - 00029504 _____ (Softland) C:\WINDOWS\system32\novamnk7.dll
2014-12-12 13:08 - 2013-09-17 09:39 - 00022336 _____ (Softland) C:\WINDOWS\system32\novamik7.dll
2014-12-12 13:08 - 2011-11-22 18:06 - 00007549 _____ () C:\WINDOWS\system32\novak7.ctm
2014-12-12 12:17 - 2014-12-12 12:17 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-12 12:17 - 2014-12-12 12:17 - 00002039 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-11 23:01 - 2014-10-30 14:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-11 23:01 - 2014-10-30 14:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-11 21:02 - 2015-01-02 01:27 - 00004958 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ALGERNON-Cecil Algernon
2014-12-11 19:56 - 2014-12-11 19:56 - 00000000 ____D () C:\ProgramData\Nexon
2014-12-11 19:55 - 2014-12-11 20:06 - 00000000 ____D () C:\Users\Cecil\Documents\Mabinogi
2014-12-11 19:55 - 2014-12-11 19:55 - 00000000 ____D () C:\ProgramData\NexonUS
2014-12-11 19:41 - 2014-12-11 19:41 - 00000222 _____ () C:\Users\Cecil\Desktop\Mabinogi.url
2014-12-11 17:11 - 2014-12-12 14:14 - 00851710 _____ () C:\Users\Cecil\Desktop\PPC Process.sdr
2014-12-11 13:00 - 2014-12-11 13:00 - 00032512 _____ () C:\Users\Cecil\Downloads\Content_Delivered-2014-12-08 (1).zip
2014-12-11 11:19 - 2014-12-11 11:19 - 00062219 _____ () C:\Users\Cecil\Desktop\presentation-template.pptx
2014-12-11 11:08 - 2014-12-11 11:08 - 00013465 _____ () C:\Users\Cecil\Desktop\Adwords+audit+checklist.xlsx
2014-12-11 08:42 - 2014-12-11 08:42 - 00000387 _____ () C:\Users\Cecil\Downloads\booking.csv
2014-12-10 20:48 - 2014-12-10 20:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 20:48 - 2014-12-10 20:48 - 00000000 ____D () C:\7da0741acb786c52df4ef6c5dfa4
2014-12-10 20:48 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-10 20:41 - 2014-05-07 23:14 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 20:41 - 2014-05-07 21:52 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 20:41 - 2014-05-07 20:57 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 20:41 - 2014-05-07 20:04 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 20:39 - 2014-03-06 01:19 - 01287576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-12-10 20:39 - 2014-03-06 01:02 - 01109424 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-12-10 20:39 - 2014-03-05 22:17 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-12-10 20:39 - 2014-03-05 22:10 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-12-10 20:38 - 2014-04-19 03:15 - 21186352 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-12-10 20:38 - 2014-04-18 22:49 - 18644072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-12-10 20:38 - 2014-03-10 02:35 - 02008408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-12-10 20:38 - 2014-03-10 02:35 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-12-10 20:38 - 2014-02-10 18:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-12-10 20:38 - 2014-02-10 18:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-12-10 20:38 - 2013-12-08 18:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 20:38 - 2013-12-08 17:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 20:38 - 2013-11-27 07:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-12-10 20:38 - 2013-11-27 03:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-12-10 20:38 - 2013-11-27 00:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-12-10 20:38 - 2013-11-27 00:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-12-10 20:38 - 2013-11-27 00:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-12-10 20:38 - 2013-11-27 00:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-12-10 20:38 - 2013-10-30 16:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-12-10 20:38 - 2013-10-30 16:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-12-10 20:38 - 2013-10-30 16:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-12-10 20:38 - 2013-10-11 05:24 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 20:38 - 2013-10-11 05:03 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 20:37 - 2013-10-23 03:29 - 00044936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2014-12-10 20:37 - 2013-10-23 03:21 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-12-10 20:37 - 2013-10-23 03:13 - 00171864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_8086.dll
2014-12-10 20:37 - 2013-10-21 23:55 - 02328872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-12-10 20:37 - 2013-10-21 22:03 - 02065448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-12-10 20:37 - 2013-10-21 21:15 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2014-12-10 20:37 - 2013-10-21 20:04 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2014-12-10 20:37 - 2013-10-21 19:56 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-12-10 20:37 - 2013-10-21 19:44 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-12-10 20:37 - 2013-10-21 18:38 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-12-10 20:37 - 2013-10-21 18:22 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-12-10 20:37 - 2013-10-21 18:13 - 01704448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-12-10 20:37 - 2013-10-21 18:07 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-12-10 20:37 - 2013-10-21 17:53 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-12-10 20:37 - 2013-10-21 17:47 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-12-10 20:37 - 2013-10-18 22:02 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 20:37 - 2013-10-18 21:37 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-12-10 20:37 - 2013-10-18 21:19 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 20:37 - 2013-10-18 21:10 - 05765120 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 20:37 - 2013-10-18 20:52 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 20:37 - 2013-10-18 20:48 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-12-10 20:37 - 2013-10-18 20:44 - 04240384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 20:37 - 2013-10-18 20:37 - 12995584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 20:37 - 2013-10-18 20:31 - 01993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 20:37 - 2013-10-18 20:03 - 00531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-12-10 20:37 - 2013-10-18 19:56 - 11220992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 20:37 - 2013-10-18 19:55 - 01926656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 20:37 - 2013-10-18 19:53 - 02332160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 20:37 - 2013-10-18 19:26 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-12-10 20:37 - 2013-10-18 19:23 - 01394176 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 20:37 - 2013-10-18 19:14 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-12-10 20:37 - 2013-10-18 19:09 - 01818112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 20:37 - 2013-10-18 19:02 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 20:37 - 2013-10-17 07:42 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-12-10 20:37 - 2013-10-17 07:42 - 01373872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-12-10 20:37 - 2013-10-17 06:04 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-12-10 20:37 - 2013-10-16 01:34 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2014-12-10 20:37 - 2013-10-16 01:33 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2014-12-10 20:37 - 2013-10-12 19:06 - 00258904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2014-12-10 20:37 - 2013-10-12 18:43 - 00708616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2014-12-10 20:37 - 2013-10-10 08:44 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-12-10 20:37 - 2013-10-10 08:26 - 00317616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-12-10 20:37 - 2013-10-10 08:26 - 00104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-12-10 20:37 - 2013-10-10 06:53 - 00235960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-12-10 20:37 - 2013-10-10 06:53 - 00088272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-12-10 20:37 - 2013-10-10 03:38 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-12-10 20:37 - 2013-10-08 21:40 - 00385528 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-12-10 20:37 - 2013-10-08 02:28 - 00523096 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2014-12-10 20:37 - 2013-10-08 02:13 - 02551640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-12-10 20:37 - 2013-10-07 22:46 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2014-12-10 20:37 - 2013-10-07 21:58 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2014-12-10 20:37 - 2013-10-07 21:50 - 00656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-12-10 20:37 - 2013-10-07 21:48 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-12-10 20:37 - 2013-10-07 21:15 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-12-10 20:37 - 2013-10-07 21:09 - 01160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2014-12-10 20:37 - 2013-10-07 20:50 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-12-10 20:37 - 2013-10-07 20:50 - 00762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2014-12-10 20:37 - 2013-10-06 23:21 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-12-10 20:37 - 2013-10-06 18:13 - 03532288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-12-10 20:37 - 2013-10-05 07:25 - 00057176 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2014-12-10 20:37 - 2013-10-05 06:21 - 00699840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2014-12-10 20:37 - 2013-10-05 04:05 - 00578952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2014-12-10 20:37 - 2013-10-05 03:01 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-12-10 20:37 - 2013-10-05 01:36 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2014-12-10 20:37 - 2013-10-05 01:18 - 01011712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2014-12-10 20:37 - 2013-10-05 01:07 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2014-12-10 20:37 - 2013-10-05 00:56 - 01147904 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2014-12-10 20:37 - 2013-10-05 00:55 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\miutils.dll
2014-12-10 20:37 - 2013-10-05 00:40 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2014-12-10 20:37 - 2013-10-05 00:24 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\miutils.dll
2014-12-10 20:37 - 2013-10-05 00:21 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2014-12-10 20:37 - 2013-10-05 00:15 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-12-10 20:37 - 2013-10-04 23:43 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2014-12-10 20:37 - 2013-10-04 23:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-12-10 20:37 - 2013-10-04 00:10 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2014-12-10 20:37 - 2013-09-26 00:24 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-12-10 20:37 - 2013-09-18 23:19 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersRes.dll
2014-12-10 20:37 - 2013-09-18 22:27 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2014-12-10 20:37 - 2013-09-18 22:23 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WorkFoldersRes.dll
2014-12-10 20:37 - 2013-09-18 21:04 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-12-10 20:37 - 2013-09-17 01:11 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-12-10 20:37 - 2013-09-17 01:06 - 01067080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2014-12-10 20:37 - 2013-09-17 01:06 - 00465960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-12-10 20:37 - 2013-09-16 23:01 - 00270848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2014-12-10 20:37 - 2013-09-16 22:31 - 00883184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2014-12-10 20:37 - 2013-09-16 22:31 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-12-10 20:37 - 2013-09-16 20:37 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2014-12-10 20:37 - 2013-09-14 06:07 - 02134120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-12-10 20:37 - 2013-09-14 06:00 - 00391512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2014-12-10 20:37 - 2013-09-14 04:39 - 01799944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-12-10 20:37 - 2013-09-14 04:33 - 00345552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2014-12-10 20:37 - 2013-09-14 02:05 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2014-12-10 20:37 - 2013-09-14 01:11 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2014-12-10 20:37 - 2013-09-13 00:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ftp.exe
2014-12-10 20:37 - 2013-09-12 23:47 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ftp.exe
2014-12-10 20:37 - 2013-09-12 00:45 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2014-12-10 20:37 - 2013-09-12 00:08 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2014-12-10 20:37 - 2013-09-12 00:08 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-12-10 20:37 - 2013-09-12 00:02 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2014-12-10 20:37 - 2013-09-11 23:44 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2014-12-10 20:37 - 2013-09-11 23:37 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2014-12-10 20:37 - 2013-09-11 23:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2014-12-10 20:37 - 2013-09-11 23:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2014-12-10 20:37 - 2013-09-11 23:16 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2014-12-10 20:37 - 2013-09-11 23:01 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2014-12-10 20:37 - 2013-09-09 21:26 - 04599808 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-12-10 20:37 - 2013-09-09 20:52 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\msched.dll
2014-12-10 20:37 - 2013-09-09 20:34 - 03934208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-12-10 20:36 - 2014-02-10 19:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-12-10 20:36 - 2013-10-10 03:53 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2014-12-10 20:36 - 2013-10-10 03:26 - 02801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-12-10 20:36 - 2013-10-10 03:21 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2014-12-10 20:36 - 2013-10-10 03:05 - 01019392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-12-10 20:36 - 2013-10-10 02:34 - 01085952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-12-10 20:36 - 2013-10-10 02:27 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-12-10 20:35 - 2014-01-07 17:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-12-10 20:35 - 2014-01-07 17:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-12-10 20:35 - 2014-01-07 17:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-12-10 20:35 - 2014-01-04 07:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-12-10 20:35 - 2014-01-04 07:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-12-10 20:35 - 2014-01-04 06:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-12-10 20:35 - 2014-01-04 05:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-12-10 20:35 - 2014-01-02 15:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-12-10 20:35 - 2014-01-02 15:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-12-10 20:35 - 2014-01-02 15:40 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-12-10 20:35 - 2014-01-02 15:38 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-12-10 20:35 - 2013-12-31 17:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-12-10 20:35 - 2013-12-31 17:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-12-10 20:35 - 2013-12-31 16:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-12-10 20:35 - 2013-12-31 16:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-12-10 20:35 - 2013-12-31 15:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-12-10 20:35 - 2013-12-31 15:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-12-10 20:35 - 2013-12-31 15:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-12-10 20:35 - 2013-12-30 15:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-12-10 20:35 - 2013-12-30 15:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-12-10 20:35 - 2013-12-30 15:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-12-10 20:35 - 2013-12-30 15:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-12-10 20:35 - 2013-12-30 15:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-12-10 20:35 - 2013-12-27 07:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-12-10 20:35 - 2013-12-27 02:38 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-12-10 20:35 - 2013-12-27 01:21 - 13192704 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-12-10 20:35 - 2013-12-27 00:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-12-10 20:35 - 2013-12-27 00:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-12-10 20:35 - 2013-12-27 00:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-12-10 20:35 - 2013-12-27 00:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-12-10 20:35 - 2013-12-26 23:27 - 11688448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-12-10 20:35 - 2013-12-26 23:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-12-10 20:35 - 2013-12-26 23:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-12-10 20:35 - 2013-12-26 22:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-12-10 20:35 - 2013-12-20 23:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-12-10 20:35 - 2013-12-16 23:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-12-10 20:35 - 2013-12-13 22:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-12-10 20:35 - 2013-12-13 22:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-12-10 20:35 - 2013-12-13 02:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-12-10 20:35 - 2013-12-12 23:24 - 00121088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2014-12-10 20:35 - 2013-12-12 22:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-12-10 20:35 - 2013-12-12 21:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-12-10 20:35 - 2013-12-08 15:43 - 01104896 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-12-10 20:35 - 2013-12-08 15:25 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-12-10 20:35 - 2013-11-10 18:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-10 20:35 - 2013-11-08 22:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-12-10 20:35 - 2013-11-08 21:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-12-10 20:35 - 2013-11-08 02:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-12-10 20:35 - 2013-11-07 20:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-12-10 20:35 - 2013-11-07 20:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-12-10 20:35 - 2013-11-07 20:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-12-10 20:35 - 2013-11-07 20:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-12-10 20:35 - 2013-11-07 19:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-12-10 20:35 - 2013-11-07 19:36 - 04105216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-12-10 20:35 - 2013-11-07 19:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-12-10 20:35 - 2013-11-05 06:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-12-10 20:35 - 2013-11-05 05:17 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-12-10 20:35 - 2013-11-04 05:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-12-10 20:35 - 2013-11-04 03:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-12-10 20:35 - 2013-11-04 02:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-12-10 20:35 - 2013-11-03 18:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-12-10 20:35 - 2013-11-03 17:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-12-10 20:35 - 2013-11-01 03:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 20:35 - 2013-10-31 22:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-12-10 20:35 - 2013-10-31 21:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-12-10 20:35 - 2013-10-30 16:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-12-10 20:35 - 2013-10-30 16:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-12-10 20:35 - 2013-10-30 16:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-12-10 20:35 - 2013-10-30 16:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-12-10 20:35 - 2013-10-30 16:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-12-10 20:35 - 2013-10-30 16:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-12-10 20:35 - 2013-10-25 17:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2014-12-10 20:35 - 2013-10-24 01:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-12-10 20:35 - 2013-10-24 01:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-12-10 20:35 - 2013-10-17 03:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-12-10 20:35 - 2013-10-17 02:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-12-10 20:35 - 2013-10-15 00:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-12-10 20:35 - 2013-10-15 00:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-12-10 20:35 - 2013-10-05 06:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-12-10 20:35 - 2013-10-05 06:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-12-10 20:35 - 2013-10-05 04:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-12-10 20:35 - 2013-10-05 04:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-12-10 20:35 - 2013-09-20 23:17 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-12-10 20:35 - 2013-09-20 22:01 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2014-12-10 20:34 - 2013-09-11 23:37 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2014-12-10 20:32 - 2013-10-16 07:58 - 01943536 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 20:32 - 2013-10-16 05:54 - 01581968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 20:32 - 2013-09-25 22:51 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-12-10 20:32 - 2013-09-25 22:34 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmIndexer.dll
2014-12-10 20:32 - 2013-09-25 22:34 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmIndexer.dll
2014-12-10 09:27 - 2014-12-10 09:27 - 05182704 _____ () C:\Users\Cecil\Desktop\AttendeeViewerImage007.bmp
2014-12-08 08:07 - 2015-01-02 01:26 - 00000490 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (SD).job
2014-12-08 08:07 - 2014-12-11 17:11 - 00000000 ____D () C:\Users\Cecil\AppData\Roaming\SmartDraw
2014-12-08 08:07 - 2014-12-08 08:07 - 00003628 _____ () C:\WINDOWS\System32\Tasks\SmartDraw Validation Service
2014-12-08 08:07 - 2014-12-08 08:07 - 00003142 _____ () C:\WINDOWS\System32\Tasks\SDMsgUpdate (SD)
2014-12-08 08:07 - 2014-12-08 08:07 - 00000980 _____ () C:\Users\Public\Desktop\SmartDraw CI.lnk
2014-12-08 08:07 - 2014-12-08 08:07 - 00000000 ____D () C:\Users\Cecil\Documents\SmartDraw
2014-12-08 08:07 - 2014-12-08 08:07 - 00000000 ____D () C:\Users\Cecil\AppData\Local\SmartDraw
2014-12-08 08:07 - 2014-12-08 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw CI
2014-12-08 08:06 - 2014-12-08 08:07 - 00000000 ____D () C:\Program Files (x86)\SmartDraw CI
2014-12-08 08:03 - 2014-12-08 08:04 - 42436680 _____ () C:\Users\Cecil\Downloads\SmartDraw_CI_LD.exe
2014-12-08 07:59 - 2014-12-08 07:59 - 00032512 _____ () C:\Users\Cecil\Downloads\Content_Delivered-2014-12-08.zip
2014-12-06 19:27 - 2014-12-11 20:57 - 00000000 ____D () C:\Users\Cecil\Documents\ProfileCache
2014-12-06 19:27 - 2014-12-11 20:48 - 00000000 ____D () C:\Users\Cecil\Documents\The Crew
2014-12-06 19:12 - 2014-12-06 19:12 - 00001217 _____ () C:\Users\Cecil\Desktop\Uplay.lnk
2014-12-06 19:10 - 2014-12-06 19:10 - 00000000 ____D () C:\Users\Cecil\AppData\Local\Ubisoft
2014-12-06 19:01 - 2014-12-06 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibUSB-Win32
2014-12-06 19:01 - 2014-12-06 19:01 - 00000000 ____D () C:\Program Files (x86)\LibUSB-Win32-0.1.10.1
2014-12-06 19:01 - 2005-03-09 20:50 - 00046592 _____ (http://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusb0.dll
2014-12-06 19:01 - 2005-03-09 20:50 - 00033792 _____ () C:\WINDOWS\SysWOW64\Drivers\libusb0.sys
2014-12-06 19:01 - 2005-03-09 20:50 - 00019456 _____ (http://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusbd-9x.exe
2014-12-06 19:01 - 2005-03-09 20:50 - 00018944 _____ (http://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusbd-nt.exe
2014-12-06 18:56 - 2014-12-06 18:56 - 00000939 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2014-12-06 18:56 - 2014-12-06 18:56 - 00000000 ____D () C:\Users\Cecil\AppData\Roaming\MotioninJoy
2014-12-06 18:56 - 2014-12-06 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2014-12-06 18:56 - 2014-12-06 18:56 - 00000000 ____D () C:\Program Files\MotioninJoy
2014-12-06 18:56 - 2012-05-12 12:31 - 00121416 _____ (MotioninJoy) C:\WINDOWS\system32\Drivers\MijXfilt.sys
2014-12-06 18:56 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\WINDOWS\system32\MijFrc.dll
2014-12-06 18:56 - 2011-12-07 19:42 - 00074960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xusb21.sys
2014-12-06 18:55 - 2012-05-12 12:33 - 04199240 _____ (www.motioninjoy.com ) C:\Users\Cecil\Desktop\MotioninJoy_071001_signed.exe
2014-12-06 18:54 - 2014-12-06 18:53 - 04117346 _____ () C:\Users\Cecil\Desktop\MotioninJoy_071001_signed.zip
2014-12-06 18:53 - 2014-12-06 18:53 - 04117346 _____ () C:\Users\Cecil\Downloads\MotioninJoy_071001_signed.zip
2014-12-06 18:52 - 2014-12-06 18:52 - 00393788 _____ () C:\Users\Cecil\Downloads\PS3 Sixaxis Controller Driver x86 [NetjokerX Tutorials].zip
2014-12-06 18:52 - 2012-01-23 17:31 - 00000000 ____D () C:\Users\Cecil\Desktop\PS3 Sixaxis Controller Driver (NetjokerX Tutorials)
2014-12-06 18:43 - 2014-12-06 18:43 - 00000222 _____ () C:\Users\Cecil\Desktop\The Crew.url
2014-12-04 12:00 - 2014-12-04 12:00 - 00109280 _____ () C:\Users\Cecil\Downloads\Module_2.4_Hybrid_Model.mmap
2014-12-04 11:15 - 2014-12-04 11:15 - 00000000 ____D () C:\Users\Cecil\AppData\Roaming\groinup.outsourcing.leadgenprospector
2014-12-04 11:14 - 2014-12-04 11:14 - 00652889 _____ () C:\Users\Cecil\Downloads\LeadGenProspector.air
2014-12-04 09:43 - 2014-12-04 09:43 - 00000165 ____H () C:\Users\Cecil\Desktop\~$Business-categories.xlsx
2014-12-03 15:44 - 2014-12-03 15:44 - 18961457 _____ () C:\Users\Cecil\Downloads\GooglePlusLocalPostcardsFinal.zip
2014-12-03 15:05 - 2014-12-03 15:05 - 00011083 _____ () C:\Users\Cecil\Desktop\Week of dec 4-7.csv
2014-12-03 14:27 - 2014-12-03 14:27 - 00033810 _____ () C:\Users\Cecil\Downloads\Content_Delivered-2014-12-01.zip
2014-12-03 09:08 - 2014-12-03 09:08 - 05182704 _____ () C:\Users\Cecil\Desktop\AttendeeViewerImage006.bmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-02 01:26 - 2013-11-27 10:28 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-02 01:25 - 2014-10-20 10:40 - 00000000 ____D () C:\ProgramData\PACE
2015-01-02 01:25 - 2013-11-25 15:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-02 01:25 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-02 01:25 - 2013-08-22 05:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-02 01:24 - 2013-11-18 07:51 - 00000000 ____D () C:\Users\Cecil
2015-01-02 01:23 - 2014-01-23 10:59 - 00001218 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
2015-01-02 01:09 - 2013-12-16 11:44 - 00000000 ____D () C:\Users\Cecil\AppData\Roaming\Skype
2015-01-02 00:54 - 2013-11-27 10:28 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-02 00:32 - 2014-05-08 11:06 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2429302538-309978599-264670068-1002UA.job
2015-01-02 00:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-01 22:13 - 2013-11-24 23:17 - 00000000 ____D () C:\Users\Cecil\AppData\Roaming\vlc
2015-01-01 21:58 - 2013-11-18 07:52 - 02009018 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-01 21:48 - 2013-11-18 10:16 - 00000000 ____D () C:\Users\Cecil\AppData\Local\Adobe
2015-01-01 21:09 - 2014-05-27 07:24 - 00007168 _____ () C:\Users\Cecil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-01 18:45 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-01-01 18:32 - 2014-05-08 11:06 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2429302538-309978599-264670068-1002Core.job
2015-01-01 18:15 - 2014-03-25 11:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-01 18:10 - 2013-11-18 09:51 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2429302538-309978599-264670068-1002
2015-01-01 16:48 - 2013-11-26 14:33 - 00000132 _____ () C:\Users\Cecil\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-01-01 13:36 - 2014-06-01 11:27 - 00000000 ____D () C:\Users\Cecil\AppData\Local\CrashDumps
2015-01-01 13:36 - 2013-11-29 13:02 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-01 13:36 - 2013-11-18 16:23 - 00000000 ____D () C:\Users\Cecil\AppData\Roaming\FileZilla
2015-01-01 13:22 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\Performance
2015-01-01 09:52 - 2014-06-08 11:06 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\CrashDumps
2015-01-01 01:13 - 2014-05-16 08:56 - 00003580 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2429302538-309978599-264670068-1002
2015-01-01 01:13 - 2014-05-16 08:56 - 00000580 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2429302538-309978599-264670068-1002.job
2014-12-31 20:54 - 2014-03-07 08:54 - 00000000 ____D () C:\Users\Cecil\AppData\Roaming\Spotify
2014-12-31 20:50 - 2013-12-13 09:41 - 00000000 ____D () C:\Users\Cecil\Desktop\B
2014-12-31 07:48 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-29 22:50 - 2013-11-11 19:12 - 00000000 ____D () C:\Users\Cecil\Documents\My Games
2014-12-29 22:49 - 2013-11-29 13:27 - 00000000 ____D () C:\Users\Cecil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-29 21:09 - 2013-11-18 11:15 - 00000000 ____D () C:\Users\Cecil\AppData\Roaming\tixati
2014-12-29 20:03 - 2014-11-23 10:08 - 00788260 _____ () C:\WINDOWS\system32\perfh019.dat
2014-12-29 20:03 - 2014-11-23 10:08 - 00161294 _____ () C:\WINDOWS\system32\perfc019.dat
2014-12-29 20:03 - 2013-09-09 14:10 - 01805464 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-28 13:31 - 2014-01-12 21:24 - 00007601 _____ () C:\Users\Cecil\AppData\Local\Resmon.ResmonCfg
2014-12-27 19:18 - 2013-08-22 07:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-26 14:36 - 2013-11-11 10:06 - 00000000 ____D () C:\Users\Cecil\AppData\Local\Packages
2014-12-25 17:59 - 2014-03-25 11:11 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-25 16:54 - 2013-08-22 07:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-12-25 16:46 - 2014-03-25 11:08 - 00000000 ____D () C:\ProgramData\Origin
2014-12-23 17:04 - 2014-11-20 11:05 - 00001811 _____ () C:\Users\Cecil\Desktop\New Text Document.txt
2014-12-23 16:54 - 2014-11-03 17:58 - 08212166 _____ () C:\Users\Cecil\Downloads\Online Marketing (2).pptx
2014-12-23 15:31 - 2014-03-07 08:55 - 00000000 ____D () C:\Users\Cecil\AppData\Local\Spotify
2014-12-22 12:02 - 2013-11-18 19:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-22 11:46 - 2013-08-22 05:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-21 23:17 - 2013-11-12 23:14 - 00000000 ____D () C:\Users\Cecil\Documents\StarCraft II
2014-12-21 23:13 - 2013-11-29 13:02 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-12-21 18:06 - 2013-08-22 06:44 - 05349944 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-21 17:58 - 2013-11-18 07:36 - 00000000 _____ () C:\Recovery.txt
2014-12-19 17:22 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\Speech
2014-12-19 17:21 - 2013-11-26 21:23 - 00000110 _____ () C:\WINDOWS\wininit.ini
2014-12-19 17:17 - 2013-12-09 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perforce
2014-12-19 17:17 - 2013-12-09 17:42 - 00000000 ____D () C:\Program Files\Perforce
2014-12-19 17:15 - 2014-05-27 21:01 - 00000000 ____D () C:\Program Files (x86)\Wolfenstein The New Order
2014-12-19 17:15 - 2013-11-30 16:58 - 00000000 ____D () C:\Program Files (x86)\Total War ROME II
2014-12-17 08:20 - 2014-11-30 13:52 - 00003830 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1417384321
2014-12-17 08:20 - 2014-11-30 13:52 - 00001057 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-17 08:20 - 2014-11-30 13:51 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-16 15:05 - 2014-10-07 07:14 - 00000000 ____D () C:\Users\Cecil\AppData\Local\LogMeIn Rescue Applet
2014-12-16 13:10 - 2013-11-17 20:56 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-12-16 11:48 - 2014-01-02 07:11 - 00012429 _____ () C:\WINDOWS\system32\lvcoinst.log
2014-12-16 11:48 - 2014-01-02 07:11 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-12-15 14:31 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-15 13:18 - 2013-12-16 12:04 - 00000000 __RDO () C:\Users\Cecil\SkyDrive.old
2014-12-13 13:03 - 2013-12-27 07:57 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-12 18:50 - 2013-12-16 11:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-12 18:50 - 2013-12-16 11:44 - 00000000 ____D () C:\ProgramData\Skype
2014-12-12 12:16 - 2013-12-27 17:23 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-11 21:31 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-11 21:16 - 2013-11-18 09:12 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-11 13:55 - 2013-11-27 10:29 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-10 21:12 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2014-12-10 21:12 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 21:06 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-12-10 21:06 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-12-10 21:06 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-12-10 21:02 - 2013-08-22 07:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-12-10 20:50 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-10 20:50 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-12-10 20:50 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-10 20:50 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-10 20:44 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-12-08 08:13 - 2014-11-21 08:16 - 00000000 ____D () C:\Users\Cecil\Desktop\Content Delivered
2014-12-06 22:46 - 2014-11-29 14:01 - 00001625 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-12-06 19:11 - 2013-12-04 10:05 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-04 12:03 - 2013-11-18 07:53 - 00000000 ____D () C:\Users\Cecil\AppData\Local\VirtualStore
 
Some content of TEMP:
====================
C:\Users\Cecil\AppData\Local\Temp\Quarantine.exe
C:\Users\Cecil\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-25 02:36
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015
Ran by Cecil at 2015-01-02 01:31:19
Running from C:\Users\Cecil\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.20.2 - Mirillis)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Wonders III (HKLM-x32\...\Steam App 226840) (Version:  - Triumph Studios)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 939524409.4759644.48.2147344384 - Audible, Inc.)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
Autodesk Maya 2014 (Version: 16.0.0.0 - Autodesk) Hidden
Avid License Control (HKLM-x32\...\{89A9B9EE-839E-4820-9450-2912C82F46AF}) (Version: 6.0.0 - Avid Technology, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
CM Installer (HKLM-x32\...\{681544C2-FFA2-4CFD-A9AD-2A3D25DF8D22}) (Version: 1.0.0.0 - Cyanogen Inc.)
Complete Composers Collection Gold (HKLM\...\{66BD1A9A-285B-43EE-8231-4C596F047E00}) (Version: 1.0.0 - EastWest Sounds, Inc)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CurationSoft (HKLM-x32\...\CurationSoft) (Version: 3.13 - UNKNOWN)
CurationSoft (x32 Version: 3.13 - UNKNOWN) Hidden
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.2321 - CyberLink Corp.) Hidden
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.3 - Electronic Arts)
Dropbox (HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
East West Symphonic Choirs (HKLM-x32\...\East West Symphonic Choirs) (Version:  - )
Email Extractor (HKLM-x32\...\Email Extractor) (Version: 5.5 - WebPro Solutions)
Email Extractor (x32 Version: 5.5 - WebPro Solutions) Hidden
EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
FileZilla Client 3.8.1 (HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Finale SongWriter 2012 (HKLM-x32\...\Finale SongWriter 2012) (Version: 2012..r3.0 - MakeMusic)
Free YouTube to MP3 Converter version 3.12.19.1219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.19.1219 - DVDVideoSoft Ltd.)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
FreshKey (HKLM-x32\...\FreshKey) (Version: 1.5.3 - Infomastery, LLC)
FreshKey (x32 Version: 1.5.3 - Infomastery, LLC) Hidden
Fuse (HKLM-x32\...\Steam App 257400) (Version:  - Mixamo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.5.2152 (HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\GoToMeeting) (Version: 7.0.5.2152 - CitrixOnline)
Guitar Pro 5.0 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
HMA! Pro VPN 2.8.11.2 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.11.2 - Privax Ltd)
Hot Lead Finder v3.9.10 (HKLM-x32\...\HotProspector) (Version: 3.9.10 - UNKNOWN)
Hot Lead Finder v3.9.10 (x32 Version: 3.9.10 - UNKNOWN) Hidden
HydraVid PRO (HKLM-x32\...\HydraVidPRO) (Version: 1.1.2 - UNKNOWN)
HydraVid PRO (x32 Version: 1.1.2 - UNKNOWN) Hidden
Instant Local Leads (HKLM-x32\...\InstantLocalLeads) (Version: 1.0.1 - UNKNOWN)
Instant Local Leads (x32 Version: 1.0.1 - UNKNOWN) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
join.me (HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\JoinMe) (Version: 1.17.0.131 - LogMeIn, Inc.)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Lead Gen Prospector (HKLM-x32\...\groinup.outsourcing.leadgenprospector) (Version: 2.1.2 - Web1 Syndication, Inc.)
Lead Gen Prospector (x32 Version: 2.1.2 - Web1 Syndication, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LibUSB-Win32-0.1.10.1 (HKLM-x32\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32)
Live 8.2.2 (HKLM-x32\...\Live 8.2.2) (Version:  - )
Local Buyer Leads Machine (HKLM-x32\...\VALPACK) (Version: 2.0.0 - UNKNOWN)
Local Buyer Leads Machine (x32 Version: 2.0.0 - UNKNOWN) Hidden
Mabinogi (HKLM-x32\...\Steam App 212200) (Version:  - NEXON Korea Corp.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{8057481C-0CFC-43BB-8EEC-C6A0E1C82E19}) (Version: 13.0.1.0 - mental ray)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
MixPad (HKLM-x32\...\MixPad) (Version: 3.48 - NCH Software)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MPK mini Editor (HKLM-x32\...\MPKminiEditor) (Version:  - )
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.012 - MSI)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Native Instruments Abbey Road 60s Drums (HKLM-x32\...\Native Instruments Abbey Road 60s Drums) (Version:  - Native Instruments)
Native Instruments Abbey Road 70s Drums (HKLM-x32\...\Native Instruments Abbey Road 70s Drums) (Version:  - Native Instruments)
Native Instruments Abbey Road 80s Drums (HKLM-x32\...\Native Instruments Abbey Road 80s Drums) (Version:  - Native Instruments)
Native Instruments Abbey Road Modern Drums (HKLM-x32\...\Native Instruments Abbey Road Modern Drums) (Version:  - Native Instruments)
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version:  - Native Instruments)
Native Instruments Alicias Keys (HKLM-x32\...\Native Instruments Alicias Keys) (Version:  - Native Instruments)
Native Instruments Balinese Gamelan (HKLM-x32\...\Native Instruments Balinese Gamelan) (Version:  - Native Instruments)
Native Instruments Battery 3 (HKLM-x32\...\Native Instruments Battery 3) (Version:  - Native Instruments)
Native Instruments Battery Library Importer for Maschine (HKLM-x32\...\Native Instruments Battery Library Importer for Maschine) (Version:  - Native Instruments)
Native Instruments Berlin Concert Grand (HKLM-x32\...\Native Instruments Berlin Concert Grand) (Version:  - Native Instruments)
Native Instruments Evolve Mutations (HKLM-x32\...\Native Instruments Evolve Mutations) (Version:  - Native Instruments)
Native Instruments Evolve Mutations 2 (HKLM-x32\...\Native Instruments Evolve Mutations 2) (Version:  - Native Instruments)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version:  - Native Instruments)
Native Instruments George Duke Soul Treasures (HKLM-x32\...\Native Instruments George Duke Soul Treasures) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Komplete 8 Ultimate (HKLM-x32\...\Native Instruments Komplete 8 Ultimate) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version:  - Native Instruments)
Native Instruments Kontakt Factory Library (HKLM-x32\...\Native Instruments Kontakt Factory Library) (Version:  - Native Instruments)
Native Instruments Maschine Drum Selection (HKLM-x32\...\Native Instruments Maschine Drum Selection) (Version:  - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments New York Concert Grand (HKLM-x32\...\Native Instruments New York Concert Grand) (Version:  - Native Instruments)
Native Instruments Rammfire (HKLM-x32\...\Native Instruments Rammfire) (Version:  - Native Instruments)
Native Instruments Razor (HKLM-x32\...\Native Instruments Razor) (Version:  - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version:  - Native Instruments)
Native Instruments Reaktor Prism (HKLM-x32\...\Native Instruments Reaktor Prism) (Version:  - Native Instruments)
Native Instruments Reaktor Spark R2 (HKLM-x32\...\Native Instruments Reaktor Spark R2) (Version:  - Native Instruments)
Native Instruments Reflektor (HKLM-x32\...\Native Instruments Reflektor) (Version:  - Native Instruments)
Native Instruments Scarbee Funk Guitarist (HKLM-x32\...\Native Instruments Scarbee Funk Guitarist) (Version:  - Native Instruments)
Native Instruments Scarbee Jay-Bass (HKLM-x32\...\Native Instruments Scarbee Jay-Bass) (Version:  - Native Instruments)
Native Instruments Scarbee MM-Bass (HKLM-x32\...\Native Instruments Scarbee MM-Bass) (Version:  - Native Instruments)
Native Instruments Scarbee MM-Bass Amped (HKLM-x32\...\Native Instruments Scarbee MM-Bass Amped) (Version:  - Native Instruments)
Native Instruments Scarbee Pre-Bass (HKLM-x32\...\Native Instruments Scarbee Pre-Bass) (Version:  - Native Instruments)
Native Instruments Scarbee Pre-Bass Amped (HKLM-x32\...\Native Instruments Scarbee Pre-Bass Amped) (Version:  - Native Instruments)
Native Instruments Scarbee Vintage Keys (HKLM-x32\...\Native Instruments Scarbee Vintage Keys) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Native Instruments Session Strings Pro (HKLM-x32\...\Native Instruments Session Strings Pro) (Version:  - Native Instruments)
Native Instruments Studio Drummer (HKLM-x32\...\Native Instruments Studio Drummer) (Version:  - Native Instruments)
Native Instruments The Finger R2 (HKLM-x32\...\Native Instruments The Finger R2) (Version:  - Native Instruments)
Native Instruments The Mouth (HKLM-x32\...\Native Instruments The Mouth) (Version:  - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version:  - Native Instruments)
Native Instruments Traktors 12 (HKLM-x32\...\Native Instruments Traktors 12) (Version:  - Native Instruments)
Native Instruments Transient Master (HKLM-x32\...\Native Instruments Transient Master) (Version:  - Native Instruments)
Native Instruments Upright Piano (HKLM-x32\...\Native Instruments Upright Piano) (Version:  - Native Instruments)
Native Instruments VC 160 (HKLM-x32\...\Native Instruments VC 160) (Version:  - Native Instruments)
Native Instruments VC 2A (HKLM-x32\...\Native Instruments VC 2A) (Version:  - Native Instruments)
Native Instruments VC 76 (HKLM-x32\...\Native Instruments VC 76) (Version:  - Native Instruments)
Native Instruments Vienna Concert Grand (HKLM-x32\...\Native Instruments Vienna Concert Grand) (Version:  - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version:  - Native Instruments)
Native Instruments West Africa (HKLM-x32\...\Native Instruments West Africa) (Version:  - Native Instruments)
Neuratron AudioScore Lite (HKLM-x32\...\Neuratron AudioScore Lite) (Version: 7.0.0 - Neuratron Ltd)
Neuratron PhotoScore Lite (HKLM-x32\...\Neuratron PhotoScore Lite) (Version: 7.0.0 - Neuratron Ltd)
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PA Mod Manager 3.0.3 (HKLM-x32\...\PA Mod Manager) (Version: 3.0.3 - Raevn)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Perforce Server Components (HKLM\...\{E320C837-5868-411C-B0B6-BDB74BFD628D}) (Version: 122.55.1823 - Perforce Software)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Play Update 4.2.2 (HKLM\...\{D5A16FC4-9409-4289-921B-E79FBC5E17DB}) (Version: 4.2.2 - EastWest Sounds, Inc)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )
PowerDirector (Version: 11.0 - CyberLink Corp.) Hidden
Python 2.7 (64-bit) (HKLM\...\{20C31435-2A0A-4580-BE8B-AC06FC243CA5}) (Version: 2.7.150 - Python Software Foundation)
QL Spaces 1.1.22 (HKLM\...\{054C125C-9ADD-463F-BA1D-36CC004DC484}) (Version: 1.1.22 - EastWest Sounds, Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Rocksmith (HKLM-x32\...\Steam App 205190) (Version:  - Ubisoft - San Francisco)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{7325A8DF-C8C3-4425-B0CA-8CAEE5E6464B}) (Version: 7.0.1 - Avid)
Sibelius 7.1.0.54 (HKLM\...\Sibelius 7.0.0.23_is1) (Version: 7.1.0.54 - Avid)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartDraw CI (HKLM-x32\...\SmartDraw CI) (Version:  - SmartDraw, LLC)
SmartDraw PDF Export V2 (novaPDF 7.7 printer) (HKLM\...\SmartDraw PDF Export V2_is1) (Version: 7.7.394 - Softland)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Spotify (HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.40 - Bioware/EA)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version:  - Berserk Games)
The Crew (HKLM-x32\...\Steam App 241560) (Version:  - Ivory Tower in collaboration with Ubisoft Reflections)
The Elder Scrolls V Skyrim (HKLM-x32\...\{4FEF52F2-3C2C-4B80-9443-3D6A654328D0}_is1) (Version:  - Bethesda Softworks)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Unity Web Player (HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Unreal Development Kit: 2013-07 (HKLM\...\UDK-f099260c-a194-470d-b2cb-83720e2c2f50) (Version:  - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Vue 10 xStream 64bit (HKLM-x32\...\Vue 10 xStream 64bit) (Version: 10 - e-on software)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WordBuilder (HKLM-x32\...\{B7DAD844-34CD-456B-83CC-88065323DD69}) (Version: 1.1.21 - East West)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Xilisoft Video Converter Ultimate (HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\Xilisoft Video Converter Ultimate) (Version: 7.7.2.20130217 - Xilisoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2429302538-309978599-264670068-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cecil\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2429302538-309978599-264670068-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Cecil\AppData\Local\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2429302538-309978599-264670068-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Cecil\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2429302538-309978599-264670068-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cecil\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2429302538-309978599-264670068-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cecil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2429302538-309978599-264670068-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cecil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2429302538-309978599-264670068-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cecil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2429302538-309978599-264670068-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cecil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2429302538-309978599-264670068-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cecil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2429302538-309978599-264670068-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cecil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2429302538-309978599-264670068-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cecil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2429302538-309978599-264670068-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cecil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
17-12-2014 13:13:23 Windows Update
19-12-2014 17:06:38 Norton 360 Registry Clean
22-12-2014 12:01:48 Installed Realtek Ethernet Controller Driver
25-12-2014 15:30:24 Windows Update
01-01-2015 12:31:30 Norton 360 Registry Clean
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-12-27 17:16 - 2014-05-19 11:13 - 00000252 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       activation.cloud.techsmith.com
127.0.0.1       65.52.240.48
127.0.0.1       oscount.techsmith.com
127.0.0.1       69.167.144.18
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0030B41D-369C-4B67-AFA1-221200AB049F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ALGERNON-Cecil Algernon => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {162ABFE4-C612-4651-BEC2-D02FCEC3F2B0} - System32\Tasks\Opera scheduled Autoupdate 1417384321 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-17] (Opera Software)
Task: {1DDE3306-3CFB-4233-8B2A-50A01CB3F7DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-27] (Google Inc.)
Task: {2E91DDE2-1B52-466E-8C84-3CC93778B830} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-anthonydjl@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {35A0E685-96BA-45CC-AAAE-F57DEF4B0254} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-20] (Symantec Corporation)
Task: {5658071F-D7D8-4353-A0FA-398FAEC2DA3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-27] (Google Inc.)
Task: {5DDDE990-E324-4973-998D-7FF5AB4A5A24} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
Task: {6008D971-6722-4EB6-B158-39BF4DFF5549} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2429302538-309978599-264670068-1002Core => C:\Users\Cecil\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-08] (Google Inc.)
Task: {6698FF31-A398-4337-9682-3148689CCCA7} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {81F45BFC-0B7B-4CE4-82CA-3064246AB8CA} - System32\Tasks\SDMsgUpdate (SD) => C:\Program Files (x86)\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {95B3A538-5C7B-4AAA-9089-E68F3DE61C0C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2429302538-309978599-264670068-1002UA => C:\Users\Cecil\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-08] (Google Inc.)
Task: {98FB0353-ED3B-4F60-8A91-14BF747FC650} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {9C91713B-83DD-4440-9737-1A0F0892A1BD} - System32\Tasks\{BCDB4DB0-B2D9-4110-9310-3EAEF4E193AE} => pcalua.exe -a C:\Users\Cecil\AppData\Local\Temp\devcon.exe -d C:\Users\Cecil\AppData\Local\Temp -c REMOVE *AMDIO
Task: {9EA13D94-1712-45E7-88A6-DB10DA262DE2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {C1EB53E0-F941-4EC2-90ED-669B7E79B723} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D37EB52D-C5F6-4DD9-A6C8-9778DAC9C086} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {EA21B6ED-6733-4287-992F-700F3C31F53F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F00A85B2-3AD8-4C6A-B3E8-61F0D0931FCB} - System32\Tasks\SmartDraw Validation Service => C:\Program Files (x86)\SmartDraw CI\SmartDraw.exe [2014-11-14] (SmartDraw.com)
Task: {F75AF845-82B8-4BC4-A458-06FC67BC49FF} - System32\Tasks\G2MUpdateTask-S-1-5-21-2429302538-309978599-264670068-1002 => C:\Users\Cecil\AppData\Local\Citrix\GoToMeeting\2152\g2mupdate.exe [2015-01-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2429302538-309978599-264670068-1002.job => C:\Users\Cecil\AppData\Local\Citrix\GoToMeeting\2152\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2429302538-309978599-264670068-1002Core.job => C:\Users\Cecil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2429302538-309978599-264670068-1002UA.job => C:\Users\Cecil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SDMsgUpdate (SD).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-11-25 15:11 - 2013-10-23 00:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-06 16:06 - 2013-12-06 16:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-11-29 10:52 - 2012-09-11 23:14 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-07-10 19:31 - 2013-07-10 19:31 - 08865448 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-18 11:16 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-06-18 07:24 - 2012-06-18 07:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-22 11:42 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2014-06-01 01:08 - 2014-06-01 01:08 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 08:41 - 2014-05-24 08:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 08:41 - 2014-05-24 08:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2013-07-10 19:31 - 2013-07-10 19:31 - 08865448 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-17 08:20 - 2014-12-17 08:20 - 00156792 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\message_center_win8.dll
2014-12-17 08:20 - 2014-12-17 08:20 - 01358456 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\libglesv2.dll
2014-12-17 08:20 - 2014-12-17 08:20 - 00219256 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\libegl.dll
2014-12-17 08:20 - 2014-12-17 08:20 - 09312888 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\pdf.dll
2014-12-17 08:20 - 2014-12-17 08:20 - 00991352 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\PACE:FAF819EAA02DBF3F
AlternateDataStreams: C:\Users\Cecil\Cookies:rCx3RNNb2qOGQuXCVkYhKZ
AlternateDataStreams: C:\Users\Cecil\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Cecil\SkyDrive.old:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "DNS7reminder"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_FB8521E800487126D9F72D44BA3FB08A"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2429302538-309978599-264670068-500 - Administrator - Disabled) => C:\Users\Administrator
Cecil (S-1-5-21-2429302538-309978599-264670068-1002 - Administrator - Enabled) => C:\Users\Cecil
Guest (S-1-5-21-2429302538-309978599-264670068-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2429302538-309978599-264670068-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/02/2015 00:23:25 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (01/01/2015 01:01:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/01/2015 10:12:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CamtasiaStudio.exe, version: 8.1.2.1327, time stamp: 0x51e8dfed
Faulting module name: CSRenderLib.dll, version: 8.1.2.1327, time stamp: 0x51e8d90b
Exception code: 0xc0000005
Fault offset: 0x00780932
Faulting process id: 0x1e0c
Faulting application start time: 0xCamtasiaStudio.exe0
Faulting application path: CamtasiaStudio.exe1
Faulting module path: CamtasiaStudio.exe2
Report Id: CamtasiaStudio.exe3
Faulting package full name: CamtasiaStudio.exe4
Faulting package-relative application ID: CamtasiaStudio.exe5
 
Error: (01/01/2015 10:01:45 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (01/01/2015 09:52:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: daemonu.exe, version: 4.11.9.1, time stamp: 0x5194eb80
Faulting module name: daemonu.exe, version: 4.11.9.1, time stamp: 0x5194eb80
Exception code: 0xc0000005
Fault offset: 0x00025fc5
Faulting process id: 0x5d4
Faulting application start time: 0xdaemonu.exe0
Faulting application path: daemonu.exe1
Faulting module path: daemonu.exe2
Report Id: daemonu.exe3
Faulting package full name: daemonu.exe4
Faulting package-relative application ID: daemonu.exe5
 
Error: (12/31/2014 00:48:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/31/2014 00:46:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/31/2014 08:01:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/31/2014 07:57:51 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (12/30/2014 00:24:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opera.exe, version: 26.0.1656.60, time stamp: 0x54903b64
Faulting module name: atidxx32.dll, version: 8.17.10.525, time stamp: 0x52a23862
Exception code: 0xc0000005
Fault offset: 0x000742c7
Faulting process id: 0x119c
Faulting application start time: 0xopera.exe0
Faulting application path: opera.exe1
Faulting module path: opera.exe2
Report Id: opera.exe3
Faulting package full name: opera.exe4
Faulting package-relative application ID: opera.exe5
 
 
System errors:
=============
Error: (01/02/2015 01:25:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error: 
%%2
 
Error: (01/02/2015 01:25:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iPodDrv service failed to start due to the following error: 
%%2
 
Error: (01/02/2015 01:25:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error: 
%%2
 
Error: (01/02/2015 01:23:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/02/2015 01:23:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo64 Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/02/2015 01:23:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Perforce service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/02/2015 01:23:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PACE License Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
 
Error: (01/02/2015 01:23:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/02/2015 01:23:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/02/2015 01:23:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MySQL service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (01/02/2015 00:23:25 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (01/01/2015 01:01:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/01/2015 10:12:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CamtasiaStudio.exe8.1.2.132751e8dfedCSRenderLib.dll8.1.2.132751e8d90bc0000005007809321e0c01d025ebbe8f63c1C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exeC:\Program Files (x86)\TechSmith\Camtasia Studio 8\CSRenderLib.dllaea4b33c-91e1-11e4-82c3-d43d7ef028f3
 
Error: (01/01/2015 10:01:45 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (01/01/2015 09:52:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: daemonu.exe4.11.9.15194eb80daemonu.exe4.11.9.15194eb80c000000500025fc55d401d0224528ae1ad8C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exee25e44b1-91de-11e4-82c3-d43d7ef028f3
 
Error: (12/31/2014 00:48:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\Autodesk\composite2014\python\lib\distutils\command\wininst-8_d.exe
 
Error: (12/31/2014 00:46:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\Autodesk\composite2014\python\lib\distutils\command\wininst-8_d.exe
 
Error: (12/31/2014 08:01:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\Autodesk\composite2014\python\lib\distutils\command\wininst-8_d.exe
 
Error: (12/31/2014 07:57:51 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (12/30/2014 00:24:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: opera.exe26.0.1656.6054903b64atidxx32.dll8.17.10.52552a23862c0000005000742c7119c01d0244d37fbd069C:\Program Files (x86)\Opera\26.0.1656.60\opera.exeC:\WINDOWS\SYSTEM32\atidxx32.dllcb23250d-9061-11e4-82c3-d43d7ef028f3
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8320 Eight-Core Processor 
Percentage of memory in use: 25%
Total physical RAM: 8191.18 MB
Available physical RAM: 6087.53 MB
Total Pagefile: 11007.18 MB
Available Pagefile: 8592.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1862.67 GB) (Free:401.48 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7B05F88E)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:52 PM

Posted 02 January 2015 - 10:50 AM

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   3.99KB   3 downloads

 

 

2

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

 

 

THings to include in your next reply::

Fixlog.txt

Emsisoft log

How is the machine running now?

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 AlgernonTehMouse

AlgernonTehMouse
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 02 January 2015 - 02:43 PM

(Attached is the Emisoft log)
Here is a Screenshot of the temperature(I Meant to say CELSIUS not Farenheight) of my cpu and in task manager COM Surrogate is still there: http://screencast.com/t/a29v4kMaHcnd
I ran Dragon Age:Inquisition just to see if my computer would shut off angain...and it did. but the temperature went up as well not sure if that helps. but computer seems to run fine but the second Im playing Dragon age inquisition for some reason my computer randomly restarts.
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2015
Ran by Cecil at 2015-01-02 08:17:35 Run:1
Running from C:\Users\Cecil\Desktop
Loaded Profiles: Cecil & UpdatusUser (Available profiles: Cecil & UpdatusUser & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2429302538-309978599-264670068-1002\...\Run: [AdobeBridge] => [X]
URLSearchHook: [S-1-5-21-2429302538-309978599-264670068-1003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2429302538-309978599-264670068-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-2429302538-309978599-264670068-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325159&octid=EB_ORIGINAL_CTID&ISID=MF581C6A0-35F3-4E3E-A0E0-C4988000A9D7&SearchSource=55&CUI=&UM=6&UP=SPB751B8CC-F4B0-43D4-B848-E4E5082175A3&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S2 iPodDrv; \??\C:\WINDOWS\system32\drivers\iPodDrv.sys [X]
C:\Users\Cecil\AppData\Local\Temp\Quarantine.exe
C:\Users\Cecil\AppData\Local\Temp\sqlite3.dll
Hosts:
Emptytemp:
AlternateDataStreams: C:\ProgramData\PACE:FAF819EAA02DBF3F
AlternateDataStreams: C:\Users\Cecil\Cookies:rCx3RNNb2qOGQuXCVkYhKZ
AlternateDataStreams: C:\Users\Cecil\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Cecil\SkyDrive.old:ms-properties
 
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2429302538-309978599-264670068-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
Error setting Default URLSearchHook.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2429302538-309978599-264670068-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2429302538-309978599-264670068-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. 
Chrome StartupUrls deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
BRDriver64 => Service deleted successfully.
EagleX64 => Service deleted successfully.
iPodDrv => Service deleted successfully.
C:\Users\Cecil\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Cecil\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
C:\ProgramData\PACE => ":FAF819EAA02DBF3F" ADS removed successfully.
"C:\Users\Cecil\Cookies" => ":rCx3RNNb2qOGQuXCVkYhKZ" ADS not found.
"C:\Users\Cecil\SkyDrive" => ":ms-properties" ADS not found.
"C:\Users\Cecil\SkyDrive.old" => ":ms-properties" ADS not found.
EmptyTemp: => Removed 922.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 08:17:55 ====

Attached Files


Edited by AlgernonTehMouse, 02 January 2015 - 03:22 PM.


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:52 PM

Posted 02 January 2015 - 04:19 PM

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

 

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 4 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 

 

 

Let me know how the machine is running after these two steps and post the logs please.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 AlgernonTehMouse

AlgernonTehMouse
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 02 January 2015 - 05:41 PM

I did the system File Check and this is what came up: http://screencast.com/t/WG2KxDJq

 

The MBAM log is below

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/2/2015
Scan Time: 1:29:55 PM
Logfile: Malwarebytes Anti-Malware Log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.02.09
Rootkit Database: v2014.12.30.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Cecil
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 524465
Time Elapsed: 14 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by AlgernonTehMouse, 02 January 2015 - 06:26 PM.


#8 AlgernonTehMouse

AlgernonTehMouse
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 02 January 2015 - 06:25 PM

Windows Repair Log 

Tweaking.com - Windows Repair v2.10.2
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 8.1
OS Architecture: 64-bit
OS Version: 6.3.9600
OS Service Pack: 
Computer Name: ALGERNON
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Cecil
Current Profile SID: S-1-5-21-2429302538-309978599-264670068-1002
Current Profile Classes: S-1-5-21-2429302538-309978599-264670068-1002_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\Cecil\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:27:23
 
Process Count: 69
Commit Total: 2.75 GB
Commit Limit: 10.75 GB
Commit Peak: 3.38 GB
Handle Count: 61362
Kernel Total: 911.44 MB
Kernel Paged: 737.83 MB
Kernel Non Paged: 173.61 MB
System Cache: 5.56 GB
Thread Count: 1018
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 8.00 GB
Memory Used: 2.54 GB(31.8152%)
Memory Avail.: 5.45 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 8.00 GB
Memory Used: 2.03 GB(25.3435%)
Memory Avail.: 5.97 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (1/2/2015 2:44:06 PM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 267
 
01 - Reset Registry Permissions
   Restore Windows 8 Default Registry Permissions
   Start (1/2/2015 2:44:09 PM)
 
Decompressing & Updating Windows 8 Permission File hkud.txt
Done,  2.84 seconds.
 
 
Decompressing & Updating Windows 8 Permission File hkcu.txt
Done,  0.27 seconds.
 
 
Decompressing & Updating Windows 8 Permission File hkcr.txt
Done,  0.75 seconds.
 
 
Decompressing & Updating Windows 8 Permission File hklm.txt
Done,  1.58 seconds.
 
   Running Repair Under System Account
   Running Repair Under Current User Account
   Done (1/2/2015 2:48:51 PM)
 
03 - Reset Service Permissions
   Start (1/2/2015 2:48:51 PM)
   Running Repair Under System Account
   Done (1/2/2015 2:48:59 PM)
 
04 - Register System Files
   Start (1/2/2015 2:48:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 2:49:41 PM)
 
05 - Repair WMI
   Start (1/2/2015 2:49:41 PM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   Windows Defender Exported.
   Norton 360 Exported.
 
   Exporting AntiSpyware Info...
   Norton 360 Exported.
   Windows Defender Exported.
 
   Exporting 3rd Party Firewall Info...
   Norton 360 Exported.
 
   Running Repair Under Current User Account
   Done (1/2/2015 3:00:26 PM)
 
06 - Repair Windows Firewall
   Start (1/2/2015 3:00:26 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:01:13 PM)
 
07 - Repair Internet Explorer
   Start (1/2/2015 3:01:13 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:01:54 PM)
 
08 - Repair MDAC/MS Jet
   Start (1/2/2015 3:01:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:02:09 PM)
 
09 - Repair Hosts File
   Start (1/2/2015 3:02:10 PM)
   Running Repair Under System Account
   Done (1/2/2015 3:02:11 PM)
 
10 - Remove Policies Set By Infections
   Start (1/2/2015 3:02:11 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:02:15 PM)
 
11 - Repair Start Menu Icons Removed By Infections
   Start (1/2/2015 3:02:15 PM)
   Running Repair Under System Account
   Done (1/2/2015 3:02:16 PM)
 
12 - Repair Icons
   Start (1/2/2015 3:02:16 PM)
   Running Repair Under Current User Account
   Done (1/2/2015 3:02:17 PM)
 
13 - Repair Winsock & DNS Cache
   Start (1/2/2015 3:02:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:02:40 PM)
 
15 - Repair Proxy Settings
   Start (1/2/2015 3:02:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:02:42 PM)
 
17 - Repair Windows Updates
   Start (1/2/2015 3:02:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (1/2/2015 3:03:52 PM)
 
18 - Repair CD/DVD Missing/Not Working
   Start (1/2/2015 3:03:52 PM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (1/2/2015 3:03:52 PM)
 
19 - Repair Volume Shadow Copy Service
   Start (1/2/2015 3:03:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:04:16 PM)
 
21 - Repair MSI (Windows Installer)
   Start (1/2/2015 3:04:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:04:29 PM)
 
23.01 - Repair bat Association
   Start (1/2/2015 3:04:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:04:31 PM)
 
23.02 - Repair cmd Association
   Start (1/2/2015 3:04:31 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:04:33 PM)
 
23.03 - Repair com Association
   Start (1/2/2015 3:04:33 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:04:35 PM)
 
23.04 - Repair Directory Association
   Start (1/2/2015 3:04:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:04:37 PM)
 
23.05 - Repair Drive Association
   Start (1/2/2015 3:04:37 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:04:40 PM)
 
23.06 - Repair exe Association
   Start (1/2/2015 3:04:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:04:42 PM)
 
23.07 - Repair Folder Association
   Start (1/2/2015 3:04:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:04:44 PM)
 
23.08 - Repair inf Association
   Start (1/2/2015 3:04:44 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:04:46 PM)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (1/2/2015 3:04:46 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:04:48 PM)
 
23.10 - Repair msc Association
   Start (1/2/2015 3:04:48 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:04:51 PM)
 
23.11 - Repair reg Association
   Start (1/2/2015 3:04:51 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:04:53 PM)
 
23.12 - Repair scr Association
   Start (1/2/2015 3:04:53 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:04:55 PM)
 
24 - Repair Windows Safe Mode
   Start (1/2/2015 3:04:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:04:57 PM)
 
25 - Repair Print Spooler
   Start (1/2/2015 3:04:57 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:05:42 PM)
 
26 - Restore Important Windows Services
   Start (1/2/2015 3:05:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:05:53 PM)
 
27 - Set Windows Services To Default Startup
   Start (1/2/2015 3:05:53 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:05:58 PM)
 
28 - Repair Windows 8 App Store
   Start (1/2/2015 3:05:58 PM)
 
Decompressing & Updating Windows 8 Permission File hkcu.txt
Done,  0.25 seconds.
 
   Running Repair Under Current User Account
   Done (1/2/2015 3:06:22 PM)
 
29 - Repair Windows 8 Component Store
   Start (1/2/2015 3:06:22 PM)
   Running Repair Under Current User Account
   Done (1/2/2015 3:17:56 PM)
 
30 - Restore Windows 8 COM+ Unmarshalers
   Start (1/2/2015 3:17:56 PM)
   Running Repair Under System Account
Processing ACL of: <classes_root\Unmarshalers>
 
SetACL finished with error(s): 
SetACL error message: The call to SetNamedSecurityInfo () failed
Operating system error message: Access is denied.
 
   Done (1/2/2015 3:17:58 PM)
 
31 - Repair Windows 'New' Submenu
   Start (1/2/2015 3:17:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2015 3:18:01 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (1/2/2015 3:18:01 PM)
   Total Repair Time: 00:33:57
 
 
...YOU MUST RESTART YOUR SYSTEM...

Edited by AlgernonTehMouse, 02 January 2015 - 06:26 PM.


#9 AlgernonTehMouse

AlgernonTehMouse
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 02 January 2015 - 06:57 PM

Here is how the system is running now: http://screencast.com/t/EaaXRwYJ

 

Also I do not see COM Surrogate In the Task Manager anymore, but for some reason there are a lot of services that are running in task manager and I'm not sure if all of them are necessary.

 

one issue is that I have 3 tabs open in opera ...yet there are 7 processes of it : http://screencast.com/t/TGKnr5hO

 

this is a screenshot of the core temp while playing dragon age inquisition: http://screencast.com/t/gvOxp93vPI


Edited by AlgernonTehMouse, 02 January 2015 - 07:05 PM.


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:52 PM

Posted 02 January 2015 - 11:30 PM

This may be another issue other than spyware now. Is Opera the browser you use ?

 

 

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 AlgernonTehMouse

AlgernonTehMouse
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 03 January 2015 - 05:52 PM

ESETlog is Below:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepad.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v5.32.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Cecil\Desktop\Bay\WavePad 5.22\WavePad 5.22\wpsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Cecil\Desktop\Work\000A\DRAWER\00Desktop11-5-2013-4-06PM\oneclick-mp4.exe a variant of Win32/Complitly.A potentially unwanted application deleted - quarantined
C:\Users\Cecil\Desktop\Work\000A\DRAWER\00Desktop11-5-2013-4-06PM\downloads\oneclick-mp4.exe a variant of Win32/Complitly.A potentially unwanted application deleted - quarantined
C:\Users\Cecil\Downloads\cbsidlm-cbsi145-YouTube_to_MP3_Converter-SEO-75959915.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:52 PM

Posted 03 January 2015 - 07:03 PM

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 AlgernonTehMouse

AlgernonTehMouse
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 03 January 2015 - 07:04 PM

The Machine is running well but even when Idling the computer memory is running at 37%

 

is that bad?



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:52 PM

Posted 03 January 2015 - 08:57 PM

You still having problems using Opera?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 AlgernonTehMouse

AlgernonTehMouse
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 03 January 2015 - 09:09 PM

 No problems with opera, I believe the virus is gone now. Is there anything else that I should do?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users