Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RegSvr32 Problem


  • This topic is locked This topic is locked
16 replies to this topic

#1 jay1977

jay1977

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 16 March 2015 - 05:42 PM

Hiya in the last few days i have been getting various RegSvr32 popups only at start up saying module could not be loaded...i have ran spyware and malware programs aswell as my antivirus and ccleaner but am still getting them, hope this is enough info....ive attatched scan files

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:43 AM

Posted 17 March 2015 - 04:50 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [qsxmsmcqewdtsxlsm] => C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\idwleonkqu.dll"
    HKU\S-1-5-21-2392774962-3475126928-3884295361-1001\...\Run: [AWSworks] => regsvr32.exe C:\Users\Jay\AppData\Local\AWSworks\EP0NXFS8.DLL 
    HKU\S-1-5-21-2392774962-3475126928-3884295361-1001\...\Run: [UVXmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jay\AppData\Local\Ijvnsoft\mpciconlib.dll
    HKU\S-1-5-21-2392774962-3475126928-3884295361-1001\...\Run: [Ijvnsoft] => C:\Users\Jay\AppData\Local\Ijvnsoft\tmpA7A5.exe [176128 2015-03-16] (Orange Project)
    ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
    BHO-x32: cashtitan browser enhancer -> {F0647088-2CF8-989D-2C6D-4B5EE15C1C4A} -> C:\Windows\SysWow64\idwleonkqu.dll [2010-11-11] ()
    C:\Windows\SysWow64\idwleonkqu.dll 
    C:\ProgramData\Microsoft\Security
    C:\Users\Jay\AppData\Local\Ijvnsoft
    C:\Users\Jay\AppData\Local\AWSworks
    C:\Windows\system32\idwleonkqu.dll
    FF Extension: System.Runtime.Remoting.ServerException - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\scrrf1f7.default\Extensions\{DAFFD7C8-8947-8B5B-97A4-717D7DCE72E6} [2015-03-14]
    FF Extension: No Name - F:\Programs\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    AlternateDataStreams: C:\ProgramData\Microsoft:pXLiviHCZEJuLswXdFc5
    AlternateDataStreams: C:\ProgramData\Microsoft:Qo7EW7TS52ukCqrRRlzzdVWgpZIPE
    AlternateDataStreams: C:\ProgramData\Microsoft:QsXLzusEiBunWtEFtWtnVR4
    AlternateDataStreams: C:\ProgramData\Microsoft:xsLLyDOzenSKXQvuLk77a3uPU
    AlternateDataStreams: C:\Users\Jay\Local Settings:NE1LsHvAIN4LJ3WC6SkQ7SlY5pZOX
    AlternateDataStreams: C:\Users\Jay\AppData\Local:NE1LsHvAIN4LJ3WC6SkQ7SlY5pZOX
    AlternateDataStreams: C:\Users\Jay\AppData\Local\Application Data:NE1LsHvAIN4LJ3WC6SkQ7SlY5pZOX
    AlternateDataStreams: C:\Users\Jay\AppData\Local\Temp:uL0Q7eZaLUpid3ufEVtJrX6k4uFX
    AlternateDataStreams: C:\Users\Jay\AppData\Local\ZPhkCZ0EOY:vgV8rpwONfVDZ2pWsbAjdQj
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.
 
 
Step 2

Do you know how to make zip files? :)
 

  • Locate the file or folder that you want to compress.
  • Right-click the file or folder, point to Send to, and then click Compressed (zipped) folder.
    A new compressed folder is created in the same location. To rename it, right-click the folder, click Rename, and then type the new name.

 
I want you to do following:

Please search for that folder and create a zip-files of it. Please upload the zip-file to my channel.

C:\FRST\Quarantine

 
Thank you!
 
Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 jay1977

jay1977
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 17 March 2015 - 03:03 PM

Hi  Jürgen firstly thanks for your help....i have did all that you requested and uploaded the zip file to your channel....I did try pasting the results with this message but it wouldn't it seemed to hang so can i zip the other files you asked for and also upload them to your channel?



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:43 AM

Posted 17 March 2015 - 03:09 PM

Sorry, which other files do you mean?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 jay1977

jay1977
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 17 March 2015 - 03:17 PM

fixlist.txt, FRST.txt and Addition.txt



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:43 AM

Posted 17 March 2015 - 03:35 PM

:)

 

Please upload the zip-file (C:\FRST\Quarantine) here and send me the download link via private message.

 

Then, please post the logs here. You can attach the logs as well.

 

post-155276-0-19034800-1406371428.png

 

Thank you!


Edited by deeprybka, 17 March 2015 - 03:37 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 jay1977

jay1977
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 17 March 2015 - 03:37 PM

I can do that but when i tried to paste the logs on here it didn't seem to do anything. Can i attatch them somehow?



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:43 AM

Posted 17 March 2015 - 04:03 PM

Please see my post above. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 jay1977

jay1977
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 17 March 2015 - 04:11 PM

lol sorry, the link to the zip file is XXXXX and ive attatched the files ive put them in a zip file


whoops sorry i didn't pm you the link....sorry

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Jay (administrator) on MUSIKMAKER on 17-03-2015 19:42:20
Running from C:\Users\Jay\Desktop\New folder
Loaded Profiles: Jay (Available profiles: Jay)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(SUPERAntiSpyware.com) F:\Programs\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686744 2012-09-05] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2015-03-15] (IDT, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [QuickTime Task] => F:\Programs\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-03-09] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-13] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2392774962-3475126928-3884295361-1001\...\Run: [DellSystemDetect] => C:\Users\Jay\AppData\Local\Apps\2.0\H1RB8T1O.XV1\ZCKA3ACD.586\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2015-01-27] (Dell)
HKU\S-1-5-21-2392774962-3475126928-3884295361-1001\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-2392774962-3475126928-3884295361-1001\...\Run: [SUPERAntiSpyware] => F:\Programs\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-07] (SUPERAntiSpyware)
HKU\S-1-5-21-2392774962-3475126928-3884295361-1001\...\Run: [CCleaner Monitoring] => F:\Programs\CCleaner\CCleaner64.exe [7416088 2015-02-24] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2392774962-3475126928-3884295361-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-2392774962-3475126928-3884295361-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-13] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-13] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\scrrf1f7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-13] (Oracle Corporation)
FF Extension: No Name - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\scrrf1f7.default\extensions\{DAFFD7C8-8947-8B5B-97A4-717D7DCE72E6} [Not Found]
FF Extension: No Name - F:\Programs\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; F:\Programs\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-02-07] (SUPERAntiSpyware.com)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-01-25] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-01-26] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70872 2015-03-09] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-02-03] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-02-03] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-03-09] (Comodo Security Solutions, Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2015-03-11] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2015-02-14] (Google Inc)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-01-25] (Broadcom Corporation.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [807568 2015-01-30] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2015-01-30] (COMODO)
R3 e1kexpress; C:\Windows\system32\DRIVERS\e1k63x64.sys [498032 2013-02-20] (Intel Corporation)
S3 Impcd; C:\Windows\System32\drivers\Impcd.sys [158976 2015-01-26] (Intel Corporation) [File not signed]
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126208 2015-01-30] (COMODO)
S1 ISODrive; F:\Programs\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 REN2CAP_DRIVER; C:\Windows\system32\drivers\ren2cap.sys [46728 2015-01-28] ()
S1 SASDIFSV; F:\Programs\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; F:\Programs\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 stdriver; C:\Windows\system32\DRIVERS\stdriverx64.sys [34512 2015-03-05] ()
S3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_Accel.sys [71832 2015-01-26] (STMicroelectronics)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-16] ()
S3 VASDeviceDrm; C:\Windows\system32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-11] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2015-01-25] (Basil Projects)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2070-01-25 20:07 - 2070-01-25 20:07 - 00002892 _____ () C:\Windows\SysWOW64\audcon.sys
2070-01-25 20:07 - 2070-01-25 20:07 - 00000000 ____D () C:\ProgramData\Syncrosoft
2070-01-25 20:07 - 2015-01-27 18:39 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Steinberg
2070-01-25 20:03 - 2015-02-28 18:53 - 00000000 ____D () C:\ProgramData\eLicenser
2070-01-03 00:44 - 2070-01-03 00:44 - 00008192 __RSH () C:\BOOTSECT.BAK
2070-01-03 00:44 - 2015-01-27 18:31 - 00000000 ____D () C:\Windows\Panther
2070-01-02 17:06 - 2070-01-02 17:06 - 00001446 _____ () C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2070-01-02 17:06 - 2070-01-02 17:06 - 00000020 ___SH () C:\Users\Jay\ntuser.ini
2070-01-02 17:06 - 2070-01-02 17:06 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2070-01-02 17:06 - 2070-01-02 17:06 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Adobe
2070-01-02 17:06 - 2070-01-02 17:06 - 00000000 ____D () C:\Users\Jay\AppData\Local\VirtualStore
2070-01-02 17:06 - 2015-03-13 21:13 - 00000000 ____D () C:\Users\Jay
2070-01-02 17:06 - 2015-01-25 20:42 - 00000000 ____D () C:\Users\Jay\AppData\Local\Packages
2070-01-02 17:06 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2070-01-02 17:06 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2070-01-02 17:06 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2070-01-02 17:06 - 2013-08-22 15:36 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2070-01-02 16:57 - 2015-03-11 20:23 - 01176100 _____ () C:\Windows\system32\PerfStringBackup.INI
2070-01-02 16:55 - 2070-01-02 16:55 - 00000000 ____D () C:\Windows\CSC
2070-01-02 16:48 - 2070-01-02 16:48 - 00000000 __SHD () C:\Recovery
2070-01-02 16:48 - 2015-01-26 19:09 - 02472960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2070-01-02 16:47 - 2070-01-02 16:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2070-01-02 16:47 - 2070-01-02 16:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-03-17 19:41 - 2015-03-17 19:41 - 07560507 _____ () C:\Users\Jay\Desktop\Quarantine.zip
2015-03-17 19:31 - 2015-03-17 19:42 - 00000000 ____D () C:\Users\Jay\Desktop\New folder
2015-03-16 22:37 - 2015-03-16 22:39 - 00335877 _____ () C:\Users\Jay\Desktop\Addition.txt
2015-03-16 22:35 - 2015-03-17 19:42 - 00000000 ____D () C:\FRST
2015-03-16 22:35 - 2015-03-16 22:39 - 00056008 _____ () C:\Users\Jay\Desktop\FRST.txt
2015-03-16 22:08 - 2015-03-16 22:35 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-16 22:08 - 2015-03-16 22:08 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-16 22:07 - 2015-03-16 22:07 - 15648856 _____ () C:\Users\Jay\Desktop\RogueKiller.exe
2015-03-16 20:56 - 2015-03-16 21:00 - 00000000 ____D () C:\AdwCleaner
2015-03-16 20:56 - 2015-03-16 20:56 - 02171392 _____ () C:\Users\Jay\Downloads\adwcleaner_4.112.exe
2015-03-16 19:48 - 2015-03-16 21:56 - 00000000 ____D () C:\Users\Jay\Downloads\New folder
2015-03-16 19:48 - 2015-03-16 19:48 - 00402944 _____ (Farbar) C:\Users\Jay\Desktop\MiniToolBox.exe
2015-03-15 20:51 - 2015-03-15 20:51 - 00000000 ____D () C:\SFCFix
2015-03-15 20:48 - 2015-03-15 20:47 - 00646656 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2015-03-15 20:47 - 2015-03-15 20:50 - 00000000 ____D () C:\Program Files\IDT
2015-03-15 20:47 - 2015-03-15 20:47 - 01466880 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2015-03-15 20:47 - 2015-03-15 20:47 - 00515584 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2015-03-15 20:47 - 2015-03-15 20:47 - 00431616 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll
2015-03-15 20:47 - 2015-03-15 20:47 - 00209920 _____ (IDT, Inc.) C:\Windows\system32\st646292.dll
2015-03-15 19:39 - 2015-03-17 19:35 - 00002075 _____ () C:\Windows\setupact.log
2015-03-15 19:39 - 2015-03-15 21:58 - 00001662 _____ () C:\Windows\PFRO.log
2015-03-15 19:39 - 2015-03-15 19:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-15 18:34 - 2015-03-15 18:37 - 00000165 _____ () C:\Windows\Reimage.ini
2015-03-15 18:06 - 2015-03-17 19:34 - 00352246 _____ () C:\Windows\WindowsUpdate.log
2015-03-15 12:59 - 2015-03-15 12:59 - 00000669 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-03-15 00:08 - 2015-03-15 20:47 - 11941376 _____ (IDT, Inc.) C:\Windows\system32\idtsg64.cpl
2015-03-15 00:08 - 2015-03-15 20:47 - 01952256 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll
2015-03-15 00:08 - 2015-03-15 20:47 - 00442368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTEC64.dll
2015-03-15 00:08 - 2015-03-15 20:47 - 00162816 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAC64.dll
2015-03-15 00:08 - 2015-03-15 20:47 - 00068608 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAR64.dll
2015-03-15 00:08 - 2015-03-15 00:08 - 00000000 ____D () C:\Windows\system32\SRSLabs
2015-03-15 00:07 - 2010-03-09 23:56 - 00209920 _____ (IDT, Inc.) C:\Windows\system32\st646274.dll
2015-03-15 00:04 - 2009-09-02 06:13 - 00131072 _____ (Dell, Inc.) C:\Windows\SysWOW64\DellSPMsg.dll
2015-03-14 23:46 - 2012-03-19 15:12 - 01454896 _____ (ShiningMorning Inc.) C:\Windows\system32\Drivers\vasdDev.sys
2015-03-14 23:14 - 2015-03-16 21:07 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Audacity
2015-03-13 23:48 - 2015-03-13 23:48 - 00000000 ____D () C:\Users\Jay\AppData\Local\Macromedia
2015-03-13 23:47 - 2015-03-17 19:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-13 23:47 - 2015-03-13 23:47 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-13 23:46 - 2015-03-13 23:47 - 00000000 ____D () C:\Users\Jay\AppData\Local\Adobe
2015-03-13 15:22 - 2015-03-13 15:22 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\dlg
2015-03-13 09:04 - 2015-03-13 09:04 - 00000698 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-03-13 08:48 - 2015-03-13 08:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-13 08:47 - 2015-03-14 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-13 08:47 - 2015-03-13 08:47 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-11 20:17 - 2015-03-11 19:25 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-11 20:17 - 2015-03-11 19:25 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-11 19:31 - 2015-03-11 19:31 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-11 19:31 - 2015-03-11 19:31 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-11 19:30 - 2015-03-11 19:30 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-11 19:30 - 2015-03-11 19:30 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-11 19:30 - 2015-03-11 19:30 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-11 19:30 - 2015-03-11 19:30 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-11 19:30 - 2015-03-11 19:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-11 19:28 - 2015-03-11 19:28 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 19:28 - 2015-03-11 19:28 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-11 19:28 - 2015-03-11 19:28 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 19:28 - 2015-03-11 19:28 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 19:28 - 2015-03-11 19:28 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-11 19:28 - 2015-03-11 19:28 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-11 19:28 - 2015-02-06 23:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-11 19:28 - 2015-01-27 03:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-11 19:27 - 2015-03-11 19:27 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-11 19:27 - 2015-03-11 19:27 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-03-11 19:27 - 2015-03-11 19:27 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-11 19:27 - 2015-03-11 19:27 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-11 19:27 - 2015-03-11 19:27 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 19:26 - 2015-03-11 19:26 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 19:26 - 2015-03-11 19:26 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-11 19:26 - 2015-03-11 19:26 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-11 19:26 - 2015-03-11 19:26 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-11 19:26 - 2015-03-11 19:26 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-11 19:26 - 2015-03-11 19:26 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-11 19:26 - 2015-03-11 19:26 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-11 19:26 - 2015-03-11 19:26 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 19:26 - 2015-03-11 19:26 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 19:26 - 2015-03-11 19:26 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-11 19:26 - 2015-03-11 19:26 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 19:25 - 2015-03-11 19:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 19:25 - 2015-03-11 19:25 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-11 19:25 - 2015-03-11 19:25 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-11 19:25 - 2015-01-30 23:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 19:25 - 2015-01-27 04:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 19:25 - 2015-01-27 02:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 19:24 - 2015-03-11 19:25 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 19:24 - 2015-03-11 19:25 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 19:24 - 2015-03-11 19:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 19:24 - 2015-03-11 19:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 19:24 - 2015-03-11 19:24 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-11 19:24 - 2015-03-11 19:24 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 19:24 - 2015-03-11 19:24 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 19:24 - 2015-03-11 19:24 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 19:24 - 2015-03-11 19:24 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 19:24 - 2015-03-11 19:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 19:24 - 2015-03-11 19:24 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 19:24 - 2015-03-11 19:24 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-11 19:24 - 2015-03-11 19:24 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 19:24 - 2015-03-11 19:24 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-11 19:24 - 2015-03-11 19:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-11 19:24 - 2015-03-11 19:24 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-11 19:24 - 2015-03-11 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 19:24 - 2015-03-11 19:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 19:24 - 2015-03-11 19:24 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-11 19:23 - 2015-03-11 19:23 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 19:23 - 2015-03-11 19:23 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 19:22 - 2015-03-11 19:22 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-11 19:22 - 2015-03-11 19:22 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-11 19:22 - 2015-03-11 19:20 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-11 19:22 - 2015-03-11 19:20 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-11 19:10 - 2015-03-11 19:10 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 19:10 - 2015-03-11 19:10 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 19:10 - 2015-03-11 19:10 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 19:10 - 2015-03-11 19:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 19:05 - 2015-03-11 19:05 - 00000005 _____ () C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2015-03-11 19:00 - 2015-03-11 19:00 - 00000000 ____D () C:\Users\Jay\Documents\HTC
2015-03-11 19:00 - 2015-03-11 19:00 - 00000000 ____D () C:\Users\Jay\AppData\Local\Apple Computer
2015-03-11 18:57 - 2015-03-11 19:09 - 00000000 ____D () C:\ProgramData\HTC
2015-03-11 18:47 - 2015-03-11 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2015-03-11 18:46 - 2015-03-11 19:09 - 00000000 ____D () C:\Program Files (x86)\HTC
2015-03-11 18:46 - 2015-03-11 18:46 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
2015-03-11 18:27 - 2015-03-11 18:27 - 00000000 ____D () C:\Users\Jay\AppData\Local\Downloaded Installations
2015-03-11 18:20 - 2015-02-12 16:46 - 00403256 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2015-03-09 19:37 - 2015-03-10 18:20 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Glitchmachines
2015-03-08 18:07 - 2015-03-09 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2015-03-08 18:07 - 2015-03-08 19:31 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\MediaMonkey
2015-03-08 18:07 - 2015-03-08 18:07 - 00000000 ____D () C:\Users\Jay\AppData\Local\MediaMonkey
2015-03-08 18:06 - 2015-03-08 18:06 - 00000000 ____D () C:\ProgramData\MediaMonkey
2015-03-08 16:46 - 2015-03-08 16:50 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2015-03-08 16:46 - 2015-03-08 16:46 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2015-03-08 13:59 - 2015-03-12 15:49 - 00000000 ____D () C:\Windows\Minidump
2015-03-07 19:42 - 2015-03-07 19:49 - 00000000 ____D () C:\Users\Jay\Documents\GTA San Andreas User Files
2015-03-07 19:42 - 2015-03-07 19:42 - 00000922 _____ () C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gta_sa.lnk
2015-03-07 19:31 - 2015-03-07 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2015-03-07 16:24 - 2015-03-07 16:24 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2015-03-07 12:21 - 2015-03-07 12:21 - 00000000 __SHD () C:\ProgramData\SecuROM
2015-03-07 12:16 - 2015-03-07 12:16 - 00000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-03-07 12:16 - 2015-03-07 12:16 - 00000000 ____D () C:\Users\Jay\AppData\Local\ilSFV
2015-03-06 19:01 - 2015-03-06 19:01 - 00001302 _____ () C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Suite.lnk
2015-03-06 18:36 - 2015-03-16 20:56 - 00000000 ____D () C:\ProgramData\Ableton
2015-03-05 22:19 - 2015-03-05 22:19 - 00034512 _____ () C:\Windows\system32\Drivers\stdriverx64.sys
2015-03-05 22:19 - 2015-03-05 22:19 - 00001190 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTap Streaming Audio Recorder.lnk
2015-03-05 22:19 - 2015-03-05 22:19 - 00001167 _____ () C:\Users\Jay\AppData\Roaming\trace_FilterInstaller.txt
2015-03-05 22:19 - 2015-03-05 22:19 - 00000000 _____ () C:\Users\Jay\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-03-03 16:17 - 2015-03-03 16:17 - 00318464 _____ (Propellerhead Software AB) C:\Windows\system32\REX Shared Library.dll
2015-03-03 16:17 - 2015-03-03 16:17 - 00275968 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\REX Shared Library.dll
2015-03-02 19:10 - 2015-03-02 19:10 - 00000000 ____D () C:\Users\Public\Documents\NI Resources
2015-03-01 09:13 - 2015-03-01 18:15 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-03-01 08:59 - 2015-03-01 09:54 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\.minecraft
2015-03-01 08:59 - 2015-03-01 08:59 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\.minecraftsl
2015-03-01 08:58 - 2015-03-01 08:58 - 00000000 ____D () C:\ProgramData\Sun
2015-03-01 08:57 - 2015-03-13 08:48 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-01 08:52 - 2015-03-01 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft installer 5.0.1 for Minecraft 1.2.3
2015-02-28 23:14 - 2015-02-28 23:14 - 00000000 __HDC () C:\ProgramData\{AD7B6000-2063-4CF8-A07D-49A34A4164E7}
2015-02-28 23:10 - 2015-02-28 23:10 - 00000000 __HDC () C:\ProgramData\{2EF023DF-B6E2-47F2-BE6E-BD4359FD9900}
2015-02-28 22:59 - 2015-02-28 22:59 - 00004608 _____ () C:\Windows\SECOH-QAD.exe
2015-02-28 22:59 - 2015-02-28 22:59 - 00003584 _____ () C:\Windows\SECOH-QAD.dll
2015-02-28 22:54 - 2015-02-28 22:54 - 00000000 __HDC () C:\ProgramData\{4FFE69FC-7C47-4631-89C6-0193B302B1F1}
2015-02-28 22:42 - 2015-02-28 22:42 - 00000000 __HDC () C:\ProgramData\{D8AF9434-9199-401B-870E-38E7717C30B2}
2015-02-28 22:39 - 2015-02-28 22:39 - 00000000 __HDC () C:\ProgramData\{83A6097F-13CA-4B43-9A34-69FA19E4EF42}
2015-02-28 22:27 - 2015-02-28 22:27 - 00000000 __HDC () C:\ProgramData\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}
2015-02-28 22:11 - 2015-02-28 22:11 - 00000000 __HDC () C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2015-02-28 21:46 - 2015-02-28 21:46 - 00000000 __HDC () C:\ProgramData\{3006A797-CDFA-44FC-98EF-155579E2CDBF}
2015-02-28 21:14 - 2015-02-28 21:14 - 00000000 __HDC () C:\ProgramData\{849C3EA7-6C44-4D64-BFD2-FC5AF841BE83}
2015-02-28 18:53 - 2015-02-28 18:53 - 00000000 ____D () C:\Users\Jay\AppData\Local\eLicenser
2015-02-28 18:50 - 2015-02-28 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2015-02-28 18:50 - 2015-02-28 19:09 - 00000051 _____ () C:\Windows\SysWOW64\SYNSOPOS.exe.cfg
2015-02-28 18:50 - 2015-02-28 18:50 - 00000000 ____D () C:\Program Files (x86)\Syncrosoft
2015-02-28 18:50 - 2009-09-17 16:20 - 01695232 _____ (Steinberg Media Technologies GmbH) C:\Windows\system32\synsoacc.dll
2015-02-28 18:50 - 2009-09-17 16:20 - 01261568 _____ (Steinberg Media Technologies GmbH) C:\Windows\SysWOW64\SYNSOACC.dll
2015-02-28 18:50 - 2009-05-19 15:21 - 00086016 _____ () C:\Windows\SysWOW64\SYNSOPOS.exe
2015-02-28 18:50 - 2006-01-29 10:48 - 00147425 _____ () C:\Windows\SysWOW64\SYNSOACC-Aide.chm
2015-02-28 18:50 - 2006-01-29 10:48 - 00147425 _____ () C:\Windows\system32\SYNSOACC-Aide.chm
2015-02-28 18:50 - 2006-01-29 10:48 - 00120468 _____ () C:\Windows\SysWOW64\SYNSOACC-Hilfe.chm
2015-02-28 18:50 - 2006-01-29 10:48 - 00120468 _____ () C:\Windows\system32\SYNSOACC-Hilfe.chm
2015-02-28 18:50 - 2006-01-29 10:48 - 00114279 _____ () C:\Windows\SysWOW64\SYNSOACC-Help.chm
2015-02-28 18:50 - 2006-01-29 10:48 - 00114279 _____ () C:\Windows\system32\SYNSOACC-Help.chm
2015-02-28 17:42 - 2015-02-28 17:42 - 00000000 ____D () C:\ProgramData\Waldorf
2015-02-28 17:41 - 2015-02-28 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waldorf Lector v1.03 VST2 VST3 x86 RePack
2015-02-28 17:41 - 2015-02-28 17:41 - 00000000 ____D () C:\Users\Jay\Documents\Waldorf
2015-02-28 17:41 - 2015-02-28 17:41 - 00000000 ____D () C:\Users\Jay\Documents\VST3 Presets
2015-02-28 16:42 - 2015-02-28 19:09 - 00000000 ____D () C:\Program Files (x86)\eLicenser
2015-02-28 16:37 - 2015-02-28 16:37 - 00058101 _____ () C:\Windows\unins001.dat
2015-02-28 16:37 - 2015-02-28 16:37 - 00000000 ____D () C:\Users\Public\Documents\XILS-lab
2015-02-28 16:37 - 2015-02-28 16:36 - 00715153 _____ () C:\Windows\unins001.exe
2015-02-28 16:33 - 2015-02-28 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tone2 RayBlaster
2015-02-28 16:29 - 2015-02-28 16:29 - 00000000 ____D () C:\Users\Jay\Documents\u-he
2015-02-28 16:29 - 2015-02-28 16:29 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\u-he
2015-02-28 16:26 - 2015-02-28 16:26 - 00000000 ____D () C:\ProgramData\Sonic Academy
2015-02-28 15:55 - 2015-02-28 15:55 - 00000000 ____D () C:\Program Files (x86)\discoDSP
2015-02-28 15:55 - 2003-11-18 00:37 - 00072192 _____ () C:\Windows\SysWOW64\zlibwapi.dll
2015-02-28 15:54 - 2015-02-28 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\discoDSP
2015-02-28 15:54 - 2015-02-28 20:41 - 00000000 ____D () C:\Users\Jay\Documents\discoDSP
2015-02-25 19:59 - 2015-02-25 20:07 - 00000000 __HDC () C:\ProgramData\{0EB7C0FC-5BF4-474E-B5F9-A6E991727B3E}
2015-02-25 17:54 - 2015-02-25 17:54 - 00000807 _____ () C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk
2015-02-25 17:54 - 2014-12-13 21:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 17:54 - 2014-12-13 21:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-24 22:55 - 2015-02-24 22:55 - 00000000 ____D () C:\Users\Jay\AppData\Local\doubleTwist Corporation
2015-02-24 22:00 - 2015-03-10 18:44 - 00000000 ____D () C:\OutputFolder
2015-02-24 21:55 - 2015-02-27 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Video Joiner
2015-02-24 21:55 - 2015-02-24 21:55 - 00129024 _____ () C:\Windows\SysWOW64\AVERM.dll
2015-02-24 21:55 - 2015-02-24 21:55 - 00028672 _____ () C:\Windows\SysWOW64\AVEQT.dll
2015-02-24 18:45 - 2015-02-24 18:45 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\New Version Available
2015-02-24 18:45 - 2015-02-24 18:45 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Free AVI MPEG WMV MP4 FLV Video Joiner
2015-02-24 18:27 - 2015-02-24 18:27 - 00002758 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-23 20:47 - 2015-02-23 20:47 - 00000000 ____D () C:\Program Files (x86)\AnarchyRhythms
2015-02-23 19:54 - 2015-02-23 20:46 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments
2015-02-23 19:51 - 2015-02-23 19:51 - 00000000 __HDC () C:\ProgramData\{F92C204F-6C39-4D56-B100-EC929C871966}
2015-02-23 19:43 - 2015-02-23 19:43 - 00000000 ____D () C:\ProgramData\Native Instruments
2015-02-23 19:26 - 2015-02-23 19:26 - 39926136 _____ (Native Instruments GmbH) C:\Users\Jay\Reaktor5.dll
2015-02-23 19:26 - 2015-02-23 19:26 - 00063864 _____ (Native Instruments GmbH) C:\Users\Jay\Reaktor5 Surround.dll
2015-02-23 19:26 - 2015-02-23 19:26 - 00063864 _____ (Native Instruments GmbH) C:\Users\Jay\Reaktor5 FX2x8.dll
2015-02-23 19:26 - 2015-02-23 19:26 - 00063864 _____ (Native Instruments GmbH) C:\Users\Jay\Reaktor5 FX.dll
2015-02-22 10:29 - 2015-02-22 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\beatassist.eu
2015-02-22 10:18 - 2015-02-22 10:18 - 00003146 _____ () C:\Windows\System32\Tasks\{3135F72D-2BF2-432B-A5F8-44D5C4C5A77C}
2015-02-20 20:01 - 2015-02-22 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dancida VSTi
2015-02-19 21:21 - 2015-02-19 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DMS Dimension
2015-02-18 21:21 - 2015-02-18 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tone2 FilterBank3
2015-02-18 21:08 - 2015-02-18 21:08 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\UnfilteredAudio
2015-02-18 20:53 - 2015-02-18 20:53 - 00000000 ____D () C:\ProgramData\UnfilteredAudio
2015-02-18 20:49 - 2015-02-18 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gater
2015-02-16 19:36 - 2015-02-16 19:36 - 00001366 _____ () C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WavePad.lnk
2015-02-16 19:16 - 2015-03-12 22:19 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-02-16 19:16 - 2015-03-05 22:19 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\NCH Software
2015-02-16 19:16 - 2015-03-05 22:19 - 00000000 ____D () C:\ProgramData\NCH Software
2015-02-16 19:16 - 2015-03-05 22:19 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-02-16 19:16 - 2015-02-16 19:16 - 00001172 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Multitrack Recording Software.lnk
2015-02-16 19:16 - 2015-02-16 19:16 - 00000000 ____D () C:\Users\Jay\Documents\Mixpad Projects
2015-02-16 18:17 - 2015-02-16 18:20 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Loomer
2015-02-16 18:17 - 2015-02-16 18:17 - 00000000 ____D () C:\Users\Jay\Documents\Loomer
2015-02-16 18:17 - 2015-02-16 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loomer
2015-02-16 18:17 - 2015-02-16 18:17 - 00000000 ____D () C:\ProgramData\Loomer
2015-02-16 18:17 - 2015-02-16 18:17 - 00000000 ____D () C:\Program Files (x86)\Loomer
2015-02-15 20:47 - 2015-03-03 19:36 - 00000000 ____D () C:\Users\Jay\Documents\Max
2015-02-15 20:47 - 2015-02-15 20:47 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Cycling '74

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2070-01-25 20:15 - 2015-01-25 18:11 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2CAF99CC-9489-4E96-B82F-CD57ABCEB3BA}
2070-01-25 20:07 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2070-01-03 00:44 - 2013-08-22 15:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2070-01-02 17:09 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Public\Libraries
2070-01-02 16:48 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Recovery
2015-03-17 19:41 - 2015-01-25 17:12 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2392774962-3475126928-3884295361-1001
2015-03-17 19:38 - 2015-01-25 18:11 - 00000000 ___DO () C:\Users\Jay\SkyDrive
2015-03-17 19:35 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-17 19:34 - 2015-01-31 22:32 - 00040882 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-03-17 19:34 - 2015-01-25 21:27 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-03-17 19:34 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-17 19:17 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-16 21:28 - 2015-01-27 19:58 - 00102400 ___SH () C:\Users\Jay\Downloads\Thumbs.db
2015-03-16 21:00 - 2015-02-01 20:54 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\vlc
2015-03-16 20:50 - 2015-01-25 18:39 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Azureus
2015-03-16 20:44 - 2015-01-25 20:54 - 00000000 ____D () C:\Program Files\KMSpico
2015-03-16 10:55 - 2015-02-07 08:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-15 22:49 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-15 00:07 - 2015-01-26 19:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-15 00:04 - 2015-01-26 19:57 - 00000000 ____D () C:\Dell
2015-03-14 17:16 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-13 20:20 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache
2015-03-11 20:15 - 2013-08-22 14:44 - 00336504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 20:09 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-11 20:09 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 20:09 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 20:09 - 2013-08-22 15:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 20:09 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-11 20:09 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-11 20:09 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-11 20:09 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-11 19:00 - 2015-02-04 20:58 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Apple Computer
2015-03-11 18:50 - 2013-10-17 15:27 - 00036928 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\htcnprot.sys
2015-03-11 18:22 - 2015-02-12 16:35 - 00262920 _____ (Intel Corporation) C:\Windows\system32\IPROSetMonitor.exe
2015-03-11 18:22 - 2015-01-26 20:11 - 00000000 ____D () C:\Program Files\Intel
2015-03-10 18:08 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-09 18:06 - 2015-01-25 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-03-08 16:50 - 2015-02-04 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-03-08 14:52 - 2015-01-25 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-08 14:41 - 2015-01-25 21:07 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-07 22:07 - 2015-02-07 10:25 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Celemony Software GmbH
2015-03-07 19:43 - 2015-01-26 19:26 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2015-03-07 19:43 - 2015-01-26 19:26 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2015-03-07 19:43 - 2015-01-26 19:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2015-03-07 19:43 - 2015-01-26 19:19 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2015-03-07 19:43 - 2013-08-22 11:22 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2015-03-07 19:43 - 2013-08-22 11:22 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2015-03-07 19:43 - 2013-08-22 11:17 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2015-03-07 19:43 - 2013-08-22 11:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2015-03-07 19:43 - 2013-08-22 11:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2015-03-07 19:43 - 2013-08-22 03:56 - 00377856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2015-03-07 19:43 - 2013-08-22 03:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2015-03-07 19:43 - 2013-08-22 03:51 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2015-03-07 19:43 - 2013-08-22 03:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2015-03-07 19:43 - 2013-08-22 03:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2015-03-07 11:37 - 2015-01-28 21:22 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Ableton
2015-03-06 18:56 - 2015-02-04 19:12 - 00000000 ____D () C:\Program Files (x86)\VstPlugIns
2015-03-04 19:56 - 2015-02-11 19:40 - 00000000 ____D () C:\Windows\SecureLib
2015-03-04 18:17 - 2015-02-04 21:48 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2015-03-04 18:16 - 2015-02-04 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2015-03-03 20:54 - 2015-02-12 20:12 - 00086016 _____ (MindVision Software) C:\Windows\unvise32.exe
2015-03-03 20:54 - 2015-02-12 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ohm Force
2015-03-03 18:04 - 2015-01-30 22:52 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Xfer
2015-03-03 17:16 - 2015-02-04 21:57 - 00000000 ____D () C:\Users\Jay\Documents\Native Instruments
2015-03-03 17:16 - 2015-02-04 21:57 - 00000000 ____D () C:\Users\Jay\AppData\Local\Native Instruments
2015-03-03 16:21 - 2015-02-12 19:53 - 00000000 ____D () C:\Users\Jay\Documents\FXpansion
2015-03-03 16:20 - 2015-02-12 19:52 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\FXpansion
2015-03-03 16:17 - 2015-02-12 19:53 - 00000000 ____D () C:\Program Files\FXpansion
2015-03-03 16:17 - 2015-02-12 19:52 - 00000000 ____D () C:\Program Files (x86)\FXpansion
2015-03-02 20:36 - 2015-02-01 15:44 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\MeldaProduction
2015-03-01 18:46 - 2014-02-07 03:32 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-02-28 22:34 - 2015-02-04 21:48 - 00000000 ____D () C:\Program Files\Native Instruments
2015-02-28 20:46 - 2013-08-22 15:43 - 00000000 ____D () C:\Windows\DigitalLocker
2015-02-28 20:46 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\tracing
2015-02-28 19:04 - 2015-01-30 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2015-02-27 17:29 - 2015-02-04 18:37 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\PACE Anti-Piracy
2015-02-27 17:29 - 2015-02-04 18:37 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2015-02-27 17:29 - 2014-01-20 16:00 - 00000000 ___HD () C:\Users\Jay\AppData\Local\ZPhkCZ0EOY
2015-02-25 20:14 - 2015-02-07 15:29 - 00018546 _____ () C:\Windows\SysWOW64\gmon.out
2015-02-25 20:11 - 2015-02-04 20:47 - 00000016 _____ () C:\Windows\SysWOW64\w3data.vss
2015-02-25 20:11 - 2015-02-04 20:47 - 00000016 _____ () C:\Windows\SysWOW64\msvcsv60.dll
2015-02-25 20:11 - 2015-02-04 20:47 - 00000016 _____ () C:\Windows\msocreg32.dat
2015-02-25 20:11 - 2015-02-04 19:18 - 00000016 _____ () C:\Users\Jay\AppData\Roaming\msregsvv.dll
2015-02-25 20:11 - 2015-02-04 19:18 - 00000016 _____ () C:\ProgramData\autobk.inc
2015-02-24 22:54 - 2015-01-26 20:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-19 18:39 - 2015-01-30 22:51 - 00000000 ____D () C:\Users\Jay\Documents\Xfer
2015-02-16 19:36 - 2015-02-02 20:42 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sugar Bytes
2015-02-16 18:30 - 2015-02-02 20:42 - 00000000 ____D () C:\Users\Jay\Documents\Sugar Bytes

==================== Files in the root of some directories =======

2015-02-04 19:18 - 2015-02-25 20:11 - 0000016 _____ () C:\Users\Jay\AppData\Roaming\msregsvv.dll
2015-01-31 17:02 - 2015-01-31 17:02 - 1249792 _____ (http://www.ruby-lang.org/) C:\Users\Jay\AppData\Roaming\msvcr90-ruby191.dll
2015-03-05 22:19 - 2015-03-05 22:19 - 0001167 _____ () C:\Users\Jay\AppData\Roaming\trace_FilterInstaller.txt
2015-03-05 22:19 - 2015-03-05 22:19 - 0000000 _____ () C:\Users\Jay\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-02-04 19:18 - 2015-02-25 20:11 - 0000016 _____ () C:\ProgramData\autobk.inc
2015-03-07 12:16 - 2015-03-07 12:16 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Jay\Reaktor5 FX.dll
C:\Users\Jay\Reaktor5 FX2x8.dll
C:\Users\Jay\Reaktor5 Surround.dll
C:\Users\Jay\Reaktor5.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-13 10:51

==================== End Of Log ============================

Attached Files


Edited by deeprybka, 17 March 2015 - 04:29 PM.
link has been removed


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:43 AM

Posted 17 March 2015 - 04:56 PM


Step 1

Scan with mbam.pngMalwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif

Step 2

Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 jay1977

jay1977
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 17 March 2015 - 05:01 PM

ok will do may not reply tonight though



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:43 AM

Posted 17 March 2015 - 05:01 PM

OK. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 jay1977

jay1977
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 17 March 2015 - 05:58 PM

Hiya just ran Malwarebytes heres the log...

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17/03/2015
Scan Time: 22:03:04
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.17.07
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Jay

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 391024
Time Elapsed: 52 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent.DED, C:\Users\Jay\Desktop\Quarantine.zip, Quarantined, [5356f2304e3c4ceacabb13e31ae75ba5],

Physical Sectors: 0
(No malicious items detected)

(end)

 

That was the zip file that i sent you earlier....going onto step 2



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:43 AM

Posted 17 March 2015 - 06:08 PM

That was the zip file that i sent you earlier....going onto step 2

:thumbup2:


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 jay1977

jay1977
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 17 March 2015 - 06:11 PM

Heres the Hitman Pro results....

 

 

HitmanPro 3.7.9.238
www.hitmanpro.com
   Computer name . . . . : MUSIKMAKER
   Windows . . . . . . . : 6.3.0.9600.X64/2
   User name . . . . . . : MUSIKMAKER\Jay
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2015-03-17 23:02:07
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 4s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 4
   Traces  . . . . . . . : 45
   Objects scanned . . . : 1,805,341
   Files scanned . . . . : 83,366
   Remnants scanned  . . : 483,535 files / 1,238,440 keys
Malware _____________________________________________________________________
   C:\FRST\Quarantine\C\ProgramData\Microsoft\Security\Client\temp\tmp75B4.exe
      Size . . . . . . . : 579,584 bytes
      Age  . . . . . . . : 1.1 days (2015-03-16 19:27:22)
      Entropy  . . . . . : 6.9
      SHA-256  . . . . . : B5E32992526A66F235B7E9F4640B17B5DB72042D6BFA4B60A7631F3624768C79
    > Bitdefender  . . . : Gen:Variant.Kazy.576955
    > Kaspersky  . . . . : Backdoor.Win32.Simda.aoog
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -0.7s C:\FRST\Quarantine\C\ProgramData\Microsoft\Security\Client\temp\tmp75B4.tmp
          0.0s C:\FRST\Quarantine\C\ProgramData\Microsoft\Security\Client\temp\tmp75B4.exe
   C:\FRST\Quarantine\C\ProgramData\Microsoft\Security\Client\temp\tmp9719.exe
      Size . . . . . . . : 409,600 bytes
      Age  . . . . . . . : 2.4 days (2015-03-15 12:55:57)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CE9987FB38CED5342E64344A447AB3DDD8F1B7B478D73800F2516939D8A74AA7
    > Bitdefender  . . . : Gen:Variant.Zusy.131998
    > Kaspersky  . . . . : Trojan-Ransom.Win32.Foreign.lzud
      Fuzzy  . . . . . . : 116.0
      Forensic Cluster
         -0.5s C:\FRST\Quarantine\C\ProgramData\Microsoft\Security\Client\temp\tmp9719.tmp
          0.0s C:\FRST\Quarantine\C\ProgramData\Microsoft\Security\Client\temp\tmp9719.exe
   C:\FRST\Quarantine\C\ProgramData\Microsoft\Security\Client\temp\tmpA7A5.exe
      Size . . . . . . . : 176,128 bytes
      Age  . . . . . . . : 1.2 days (2015-03-16 19:12:17)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : F597F6D7BE54791D87AFD624984781EE4A14032C9FB04D5FF601211B5AE24E67
      Product  . . . . . : Orange Project
      Publisher  . . . . : Orange Project
      Description  . . . : Orange Project
      Version  . . . . . : 4.08.0007
      LanguageID . . . . : 1126
    > Bitdefender  . . . : Trojan.GenericKD.2228659
    > Kaspersky  . . . . : Trojan.Win32.Muref.dz
      Fuzzy  . . . . . . : 102.0
      Forensic Cluster
         -0.8s C:\Windows\Prefetch\SVCHOST.EXE-4D8DA32A.pf
         -0.4s C:\FRST\Quarantine\C\ProgramData\Microsoft\Security\Client\temp\tmpA7A5.tmp
          0.0s C:\FRST\Quarantine\C\ProgramData\Microsoft\Security\Client\temp\tmpA7A5.exe
         11.0s C:\Windows\Prefetch\TMPA7A5.EXE-8A3D058A.pf
   C:\FRST\Quarantine\C\Users\Jay\AppData\Local\Ijvnsoft\tmpA7A5.exe
      Size . . . . . . . : 176,128 bytes
      Age  . . . . . . . : 1.2 days (2015-03-16 19:13:03)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : F597F6D7BE54791D87AFD624984781EE4A14032C9FB04D5FF601211B5AE24E67
      Product  . . . . . : Orange Project
      Publisher  . . . . : Orange Project
      Description  . . . : Orange Project
      Version  . . . . . : 4.08.0007
      LanguageID . . . . : 1126
    > Bitdefender  . . . : Trojan.GenericKD.2228659
    > Kaspersky  . . . . : Trojan.Win32.Muref.dz
      Fuzzy  . . . . . . : 102.0
      Forensic Cluster
          0.0s C:\FRST\Quarantine\C\Users\Jay\AppData\Local\Ijvnsoft\tmpA7A5.exe
          0.2s C:\FRST\Quarantine\C\Users\Jay\AppData\Local\Ijvnsoft\{7AB2A8A5-475D-37C4-3C2D-D58C07F2CA33}

Suspicious files ____________________________________________________________
   C:\Users\Jay\Desktop\MiniToolBox.exe
      Size . . . . . . . : 402,944 bytes
      Age  . . . . . . . : 1.1 days (2015-03-16 19:48:27)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 04505690D3A8C561ADA2C87568627A7ABB2D3AB0937BFD853652D3C61621AA57
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
   C:\Users\Jay\Desktop\New folder\FRST64.exe
      Size . . . . . . . : 2,095,616 bytes
      Age  . . . . . . . : 1.0 days (2015-03-16 22:34:46)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 72AAB1C62CF0BC00F5B102954B603D1509B2AF5F0BD1911E9CAE98C4DDE2D152
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

Potential Unwanted Programs _________________________________________________
   C:\Windows\Reimage.ini (ReimageRepair)
   HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL\ (ReimageRepair)
   HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}\ (ReimageRepair)
   HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}\ (ReimageRepair)
   HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}\ (ReimageRepair)
   HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\ (ReimageRepair)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\REI_AxControl.DLL\ (ReimageRepair)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}\ (ReimageRepair)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}\ (ReimageRepair)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}\ (ReimageRepair)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\ (ReimageRepair)
   HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASAPI32\ (StormWatch)
   HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASMANCS\ (StormWatch)
   HKLM\SOFTWARE\Reimage\ (ReimageRepair)
   HKU\S-1-5-21-2392774962-3475126928-3884295361-1001\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.\ (ReimageRepair)
   HKU\S-1-5-21-2392774962-3475126928-3884295361-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}\ (ReimageRepair)
   HKU\S-1-5-21-2392774962-3475126928-3884295361-1001\Software\reimage\ (ReimageRepair)
Cookies _____________________________________________________________________
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\1U9M8KUR.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\34ET45B4.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\5T2SQQNT.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\5YYD58E0.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\92OOW96N.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\93YAJ9B3.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\AOYWJ415.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\C4ME0GX4.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\DM1AH9VR.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\EBNQ1KAJ.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\G4AJ76EL.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\M04DNT83.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\NH44NXM7.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\ORYDBWG1.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\REDLQCAU.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\SX48IYII.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\TRAR7EQ2.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\TY0W9NNM.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\UFNJNJVM.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\W8XZTRF8.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\WX66VS9D.txt
   C:\Users\Jay\AppData\Local\Microsoft\Windows\INetCookies\XHJD0ZN1.txt





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users