Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows can't find cmd.ex, msconfig.exe and regedit.exe. Am I infected


  • This topic is locked This topic is locked
11 replies to this topic

#1 Avalon60

Avalon60

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leeds UK
  • Local time:10:22 AM

Posted 21 March 2015 - 04:27 AM

This has just started to happen on my win8.1 machine.

 

I typed cmd in the search box of the start menu (win8.1), then clicked on it and got a blue band across my monitor saying 'This app cannot run on your PC'
I've never had that before!

So I then right click and select run as Administrator, but then I get another message box telling me that
Windows cannot find
'C:\windows\WinSxS\amd64_microsoft-windows-commandprompt_31bf385ad...\cmd.exe.

For a start cmd.exe is in that location as well as being in the \System32 folder.

I have created 2 shortcuts , 1 for each location, on my desktop an can just click on either and they open up with any errors.

From which location is the correct cmd.exe to use, and why am I getting the said error message.

 

Also, it is the same scenario when I type msconfig.exe and regedit. After right clicking and run as Admin, Windows can't find, etc etc in the same WnSxS folder.

I have scanned my system with Malwarebytes anti malware, SpyBot S&D,  EEK, and AdwCleaner.

 

EEK found 0 adware entries , while AdwCleaner found a few registry entries which were deleted by the program.

 

I have also done a sfc /scannow, and nothing was amiss.

 

I started a new topic in the Am I infected section on the above problems here :

http://www.bleepingcomputer.com/forums/t/569244/windows-cant-find-cmdex-msconfigexe-and-regeditexe/

 

I was asked to start a new topic in this thread due to more problems as described lower down.

 

I used/ran the windows all 1 one program and completed the required repairs, but that didn't cure the problem.

Then more or less out of the blue, after I had ran other cleaning tools like HighJackThis, and Runscanner, the problem was cured.

 

Then after a couple of weeks, after I have just very recently updated my hardware, the problem I had previously has returned.

 

I have scanned for malware and spyware using Malware Bytes and Spybot S&D. I have ran Emisofts Emergency Tooltkit 3 times, and have ran the windows repair all in one 3 times, once being in safe mode.

Also I have ran ADW Cleaner, once in Safe Mode and again in Normal Mode

 

Each program now shows no malware or spyware anywhere on my system.

 

Each time I try to open cmd, msconfig or regedit, I get this: a blue band across my monitor saying 'This app cannot run on your PC'

 

Also, yesterday I found that right mouse click on any folder crashes or closes windows explorer down. Another  annoying problem was that my permissions on the folders on my home server had been changed, and I could not write to any folder.

 

Last night when I thought I had cured the 2 problems above, I rebooted for some reason, and both problems came back again..

I have also found that on both occasions I had 'omniboxes' on my system, or at least it hijacked FireFox, but I have now removed it., and yet it still appears each time I open up/run Firefox, as a new page. I don't know where it is coming from, as I have searched and cleaned my system as best as I could.

 

Just one thing I should say is that all my data is on a separate drive, and to the best of my knowledge none of the files are giving me problems or infected.

 

I have just ran the Farbar Scan tool and the logs are attached

Attached Files


Edited by Avalon60, 21 March 2015 - 04:53 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 24 March 2015 - 09:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2293033291-434282674-2231542723-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: FastestFox - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\smarterwiki@wikiatic.com.xpi [2014-04-04]
CHR Extension: (avast! Online Security) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
S2 TunMirror; "C:\Users\Rob\AppData\Local\Temp\405A.tmp\TunMirror.exe" [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S1 ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

#3 Avalon60

Avalon60
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leeds UK
  • Local time:10:22 AM

Posted 24 March 2015 - 03:22 PM

Hi nasdaq and thanks for helping me.

 

FRST_24-03-2015_20-01-11.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Rob (administrator) on WIN8 on 24-03-2015 20:00:26
Running from E:\Downloads\Temp
Loaded Profiles: Rob (Available profiles: Rob & Guest)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.25\AsusFanControlService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON_P2\Status Monitor\SESDBN.EXE
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON_P2\Status Monitor\SEPWDN.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON_P2\Printer Software\SEQLUZ.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Firetrust Ltd) C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(CPUID) D:\HWMonitor\HWMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON_P2\Status Monitor\SEPSPZ.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE
(Weather Display) C:\wdisplay\WeatherDisplay.exe
() C:\wdisplay\croncloud.exe
(Weather Display) C:\wdisplay\clientrawrealtimeftp.exe
() C:\wdisplay\ftpupd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SEQLU] => C:\Program Files\EPSON_P2\Printer Software\SEQLUZ.EXE [950704 2012-11-16] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SESMPSP] => C:\Program Files\EPSON_P2\Status Monitor\SEPSPZ.EXE [459184 2012-11-16] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [3391712 2015-03-18] (Mister Group)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-03-04] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2293033291-434282674-2231542723-1001\...\Run: [uTorrent] => C:\Users\Rob\AppData\Roaming\uTorrent\uTorrent.exe [1740880 2015-03-10] (BitTorrent Inc.)
HKU\S-1-5-21-2293033291-434282674-2231542723-1001\...\Run: [croncloud] => C:\wdisplay\croncloud.exe [2930176 2014-12-23] ()
HKU\S-1-5-21-2293033291-434282674-2231542723-1001\...\Run: [weatherdisplay] => C:\wdisplay\weatherdisplay.exe [43889152 2015-03-12] (Weather Display)
HKU\S-1-5-21-2293033291-434282674-2231542723-1001\...\Policies\Explorer: [NoReadingPane] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk
ShortcutTarget: MailWasherPro.lnk -> C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe (Firetrust Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2293033291-434282674-2231542723-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2293033291-434282674-2231542723-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
HKU\S-1-5-21-2293033291-434282674-2231542723-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2012-10-28] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-01-08] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-08] (Oracle Corporation)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll [2012-10-28] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2012-10-28] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-26] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-26] (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll [2012-10-28] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2012-10-28] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2012-10-28] (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default
FF SelectedSearchEngine: omniboxes
FF Homepage: https://www.google.co.uk/
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-20] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-08] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin HKU\S-1-5-21-2293033291-434282674-2231542723-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-27] (Apple Inc.)
FF Extension: Bitdefender QuickScan - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-24]
FF Extension: Disconnect - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\2.0@disconnect.me.xpi [2014-06-03]
FF Extension: Autofill Forms - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\autofillForms@blueimp.net.xpi [2014-04-04]
FF Extension: Easy Screenshot - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\easyscreenshot@mozillaonline.com.xpi [2014-04-04]
FF Extension: Firebug - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\firebug@software.joehewitt.com.xpi [2014-04-04]
FF Extension: The Camelizer - Price Tracker - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\izer@camelcamelcamel.com.xpi [2014-06-26]
FF Extension: Gmail Notifier (restartless) - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2014-04-04]
FF Extension: pwgen - Passwort Generator - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\pwgen@alouche.net.xpi [2014-04-04]
FF Extension: QuickPasswords - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\QuickPasswords@axelg.com.xpi [2014-04-04]
FF Extension: S3.Google Translator - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\s3google@translator.xpi [2014-06-03]
FF Extension: Saved Password Editor - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2014-04-04]
FF Extension: FastestFox - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\smarterwiki@wikiatic.com.xpi [2014-04-04]
FF Extension: TinEye Reverse Image Search - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\tineye@ideeinc.com.xpi [2014-04-04]
FF Extension: Google Translator for Firefox - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\translator@zoli.bod.xpi [2014-04-04]
FF Extension: Session Manager - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-04-04]
FF Extension: CouponsHelper - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\{239cc760-75a9-4276-b1fc-c0ceb963f373}.xpi [2014-06-03]
FF Extension: Download Status Bar - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-05-23]
FF Extension: Adblock Plus - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-22]
FF HKU\S-1-5-21-2293033291-434282674-2231542723-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR StartupUrls: Default -> "https://uk.search.yahoo.com/?type=386496&fr=yo-yhp-ch",
            "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> yahoo.com Search
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?ei=utf-8&fr=chr-yo_gc&type=386496&ilc=12&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-22]
CHR Extension: (Docs) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-22]
CHR Extension: (Google Drive) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-22]
CHR Extension: (YouTube) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-22]
CHR Extension: (Google Search) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-22]
CHR Extension: (Google Sheets) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-22]
CHR Extension: (avast! Online Security) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-22]
CHR Extension: (Google Wallet) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-22]
CHR Extension: (Gmail) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.25\AsusFanControlService.exe [1643008 2013-06-13] (ASUSTeK Computer Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [63488 2012-10-28] (IvoSoft) [File not signed]
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2015-03-23] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344976 2015-03-06] (Intel Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-21] (InstallShield®) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [88720 2014-05-05] (Microsoft Corporation)
S4 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\my.ini [8915 2014-08-23] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SESMPWD; C:\Program Files\EPSON_P2\Status Monitor\SEPWDN.EXE [155568 2012-11-16] (SEIKO EPSON CORPORATION)
R2 SESMSDB; C:\Program Files\EPSON_P2\Status Monitor\SESDBN.EXE [343472 2012-11-16] (SEIKO EPSON CORPORATION)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-02] (IObit)
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-02-19] (Emsisoft GmbH)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-06-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-03-24] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-03-24] ()
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-02-19] (Emsisoft GmbH)
R3 cpuz138; C:\Users\Rob\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2015-03-24] (CPUID)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
U5 NetBios; C:\Windows\System32\Drivers\NetBios.sys [48128 2014-10-29] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U5 Tpm; C:\Windows\System32\Drivers\Tpm.sys [159584 2013-08-22] (Microsoft Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 19:53 - 2015-03-24 19:53 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-24 19:53 - 2015-03-24 19:53 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-24 19:53 - 2014-11-22 08:07 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5DD4.tmp
2015-03-24 19:53 - 2014-11-21 20:07 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5DF8.tmp
2015-03-24 19:53 - 2014-11-21 20:07 - 00267632 _____ () C:\Windows\system32\Drivers\asw5E09.tmp
2015-03-24 19:53 - 2014-11-21 20:07 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5E0A.tmp
2015-03-24 19:53 - 2014-11-21 20:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5DD5.tmp
2015-03-24 19:53 - 2014-11-21 20:07 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5DF6.tmp
2015-03-24 19:53 - 2014-11-21 20:07 - 00065776 _____ () C:\Windows\system32\Drivers\asw5DF7.tmp
2015-03-24 19:53 - 2014-11-21 20:07 - 00029208 _____ () C:\Windows\system32\Drivers\asw5DD6.tmp
2015-03-23 13:41 - 2015-03-23 13:41 - 00000000 ____D () C:\ProgramData\Hitman Pro
2015-03-22 18:15 - 2015-03-22 18:15 - 00002298 _____ () C:\Users\Public\Desktop\Tweaking.com - Simple System Tweaker.lnk
2015-03-22 00:50 - 2015-03-22 00:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 14:23 - 2015-03-21 14:23 - 00000000 ____D () C:\Windows\pss
2015-03-21 13:51 - 2015-03-21 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-03-21 13:51 - 2015-03-21 13:51 - 00000000 ____D () C:\Program Files\Classic Shell
2015-03-21 09:14 - 2015-03-21 09:14 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\SUPERAntiSpyware.com
2015-03-21 08:50 - 2015-03-24 20:00 - 00000000 ____D () C:\FRST
2015-03-20 18:04 - 2015-03-20 18:04 - 00001750 _____ () C:\Windows\system32\.crusader
2015-03-20 17:16 - 2015-03-20 17:16 - 00001442 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-20 17:16 - 2015-03-20 17:16 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Epson
2015-03-20 17:16 - 2015-03-20 17:16 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVAST Software
2015-03-20 17:16 - 2015-03-20 17:16 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2015-03-20 17:16 - 2015-03-20 17:16 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2015-03-20 17:16 - 2015-03-20 17:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2015-03-20 17:16 - 2015-03-20 17:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Packages
2015-03-20 17:16 - 2015-03-20 17:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA
2015-03-20 17:16 - 2015-03-20 17:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps
2015-03-20 17:16 - 2015-03-20 17:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2015-03-20 17:16 - 2015-03-20 17:16 - 00000000 _____ () C:\Users\Guest\Sti_Trace.log
2015-03-20 17:15 - 2015-03-20 17:16 - 00000000 ____D () C:\Users\Guest
2015-03-20 17:15 - 2015-03-20 17:15 - 00000430 __RSH () C:\Users\Guest\ntuser.pol
2015-03-20 17:15 - 2015-03-20 17:15 - 00000118 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-20 17:15 - 2015-03-20 17:15 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2015-03-20 17:15 - 2015-03-10 19:17 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-20 17:15 - 2014-12-01 08:56 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-20 17:15 - 2014-12-01 08:56 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-20 17:15 - 2014-05-31 17:06 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\ATI
2015-03-20 17:15 - 2014-05-31 17:06 - 00000000 ____D () C:\Users\Guest\AppData\Local\ATI
2015-03-20 17:15 - 2014-04-04 09:57 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2015-03-20 17:15 - 2014-02-22 04:37 - 00000369 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-20 17:15 - 2014-02-22 04:37 - 00000369 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-20 17:15 - 2013-08-22 15:36 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-20 14:06 - 2015-03-21 09:58 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\GlarySoft
2015-03-20 14:06 - 2015-03-20 14:06 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\DiskDefrag
2015-03-18 18:40 - 2015-03-18 18:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-18 18:40 - 2015-03-18 18:40 - 00001403 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-18 18:40 - 2015-03-18 18:40 - 00001391 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-03-18 18:40 - 2015-03-18 18:40 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-03-18 18:40 - 2015-03-18 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-18 18:40 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-03-18 15:29 - 2015-03-18 15:29 - 00000000 _____ () C:\Windows\EEventManager.INI
2015-03-18 12:26 - 2015-03-18 12:26 - 00000755 _____ () C:\Users\Rob\Desktop\Start Emsisoft Emergency Kit.lnk
2015-03-18 11:52 - 2015-03-18 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
2015-03-18 11:52 - 2015-03-18 11:52 - 00000000 ____D () C:\Program Files (x86)\Magical Jelly Bean
2015-03-18 11:37 - 2015-03-18 11:39 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-18 11:37 - 2015-03-18 11:37 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\Opera Software
2015-03-18 11:37 - 2015-03-18 11:37 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\03D40274-1426678625-05BB-F606-010700080009
2015-03-18 11:37 - 2015-03-18 11:37 - 00000000 ____D () C:\Users\Rob\AppData\Local\Opera Software
2015-03-18 11:30 - 2015-03-18 11:30 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-03-18 11:18 - 2015-03-24 13:02 - 00000000 ____D () C:\Program Files\Windows KMS Activator Ultimate 2014 v2.2
2015-03-18 11:18 - 2015-03-18 11:18 - 00001210 _____ () C:\Users\Public\Desktop\Windows KMS Activator Ultimate 2014 v2.2.lnk
2015-03-18 11:17 - 2015-03-18 11:17 - 00001525 _____ () C:\Users\Public\Desktop\Windows 8 - 8.1 KMS Activator Ultimate 2014 v1.5.1.lnk
2015-03-18 11:17 - 2015-03-18 11:17 - 00000000 ____D () C:\Program Files (x86)\Windows 8 - 8.1 KMS Activator Ultimate 2014 v1.5.1
2015-03-18 11:14 - 2015-03-18 11:14 - 00000000 ____D () C:\Windows\KMSServerService
2015-03-18 11:04 - 2015-03-24 12:00 - 00000482 _____ () C:\Windows\Tasks\InstallShield Update Task.job
2015-03-18 11:04 - 2015-03-18 11:04 - 00003200 _____ () C:\Windows\System32\Tasks\InstallShield Update Task
2015-03-18 11:04 - 2015-03-18 11:04 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-03-18 09:38 - 2015-03-18 09:38 - 00002149 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-03-18 09:38 - 2015-03-18 09:38 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-18 09:37 - 2015-03-13 15:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-18 09:36 - 2015-03-13 19:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-18 09:36 - 2015-03-13 19:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 00833680 _____ () C:\Windows\system32\nvmcumd.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-18 09:36 - 2015-03-13 19:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-17 11:24 - 2015-03-17 11:24 - 00000560 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2015-03-17 11:22 - 2015-03-17 11:22 - 00000517 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-03-17 10:51 - 2015-03-18 11:29 - 00003156 _____ () C:\Windows\System32\Tasks\StartMenuAutoupdate
2015-03-17 10:51 - 2015-03-17 10:51 - 00002069 _____ () C:\Users\Public\Desktop\Start Menu 8.lnk
2015-03-17 10:51 - 2015-03-17 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-03-17 10:50 - 2015-03-17 10:50 - 00000000 ____D () C:\Users\Rob\AppData\Local\StartIsBack
2015-03-17 01:40 - 2015-03-17 01:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-03-17 01:40 - 2015-03-17 01:40 - 00000000 ____D () C:\Users\Rob\Intel
2015-03-17 01:40 - 2015-03-17 01:40 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\Intel Corporation
2015-03-17 01:39 - 2013-12-18 03:35 - 00839896 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2015-03-17 01:39 - 2013-12-18 03:35 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-03-17 01:38 - 2015-03-17 01:38 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-03-17 01:38 - 2015-03-17 01:38 - 00000000 ____D () C:\Program Files\Realtek
2015-03-17 01:38 - 2015-03-17 01:38 - 00000000 _____ () C:\ProgramData\DP45977C.lfl
2015-03-17 01:38 - 2014-03-14 11:08 - 03896920 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-03-17 01:38 - 2014-03-14 09:14 - 00628440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-03-17 01:38 - 2014-03-14 06:42 - 00947928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-03-17 01:38 - 2014-03-11 13:50 - 00853784 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-03-17 01:38 - 2014-03-11 02:06 - 01738032 _____ () C:\Windows\system32\SStudio.dll
2015-03-17 01:38 - 2014-03-07 02:57 - 02794200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-03-17 01:38 - 2014-03-06 08:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-03-17 01:38 - 2014-03-04 21:11 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-03-17 01:38 - 2014-03-04 21:11 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-03-17 01:38 - 2014-03-04 21:11 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-03-17 01:38 - 2014-03-04 21:11 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-03-17 01:38 - 2014-03-04 12:27 - 02831576 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-03-17 01:38 - 2014-03-03 12:21 - 01019608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-03-17 01:38 - 2014-02-27 12:02 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2015-03-17 01:38 - 2014-02-16 12:30 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-03-17 01:38 - 2014-02-06 03:28 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2015-03-17 01:38 - 2014-01-28 03:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-03-17 01:38 - 2013-10-11 03:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-03-17 01:38 - 2013-08-20 09:37 - 00605496 _____ () C:\Windows\system32\audioLibVc.dll
2015-03-17 01:38 - 2013-06-25 04:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-03-17 01:38 - 2013-06-25 04:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-03-17 01:38 - 2013-06-25 04:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-03-17 01:38 - 2012-01-30 03:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-03-17 01:38 - 2012-01-10 02:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-03-17 01:38 - 2011-12-20 07:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-03-17 01:38 - 2011-11-22 08:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-03-17 01:38 - 2011-09-02 06:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-03-17 01:38 - 2011-09-02 06:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-03-17 01:38 - 2011-09-02 06:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-03-17 01:38 - 2011-03-17 04:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-03-17 01:38 - 2011-03-07 09:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-03-17 01:38 - 2010-11-07 23:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-03-17 01:38 - 2010-11-07 23:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-03-17 01:38 - 2010-11-07 23:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-03-17 01:38 - 2010-11-07 23:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-03-17 01:38 - 2010-11-07 23:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-03-17 01:38 - 2010-11-07 23:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-03-17 01:38 - 2010-11-03 10:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-03-17 01:38 - 2010-07-22 08:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-03-17 01:38 - 2009-11-24 01:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-03-17 01:38 - 2009-11-24 01:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-03-17 01:38 - 2009-11-24 01:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-03-17 01:38 - 2009-11-24 01:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-03-17 01:37 - 2015-03-17 01:39 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-03-17 01:37 - 2015-03-17 01:38 - 00000000 ____D () C:\Program Files (x86)\Temp
2015-03-17 01:37 - 2014-03-12 09:19 - 57362432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-03-17 01:37 - 2014-02-26 07:16 - 02080472 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-03-17 01:37 - 2014-02-26 00:48 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2015-03-17 01:37 - 2014-02-26 00:47 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-03-17 01:37 - 2014-02-18 10:12 - 01042520 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-03-17 01:37 - 2014-02-18 10:12 - 00882776 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2015-03-17 01:37 - 2014-02-18 09:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-03-17 01:37 - 2014-02-18 06:48 - 02396760 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-03-17 01:37 - 2014-02-18 06:48 - 01424984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-03-17 01:37 - 2014-02-18 06:48 - 01423960 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-03-17 01:37 - 2014-02-16 12:30 - 28314200 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-03-17 01:37 - 2014-02-16 12:30 - 14742104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-03-17 01:37 - 2014-02-16 12:30 - 12816472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-03-17 01:37 - 2014-02-16 12:30 - 03927640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2015-03-17 01:37 - 2014-02-16 12:30 - 02040920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-03-17 01:37 - 2014-02-16 12:30 - 01933400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2015-03-17 01:37 - 2014-01-31 09:28 - 00938608 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-03-17 01:37 - 2014-01-31 09:27 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-03-17 01:37 - 2013-10-15 19:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-03-17 01:37 - 2013-10-11 04:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-03-17 01:37 - 2013-10-06 16:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-03-17 01:37 - 2013-10-06 16:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-03-17 01:37 - 2013-10-06 16:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-03-17 01:37 - 2013-09-09 20:02 - 06217904 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-03-17 01:37 - 2013-09-09 20:02 - 00313520 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-03-17 01:37 - 2013-09-09 20:01 - 01938608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-03-17 01:37 - 2013-09-09 20:01 - 00260272 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-03-17 01:37 - 2013-08-14 07:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-03-17 01:37 - 2013-08-14 07:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-03-17 01:37 - 2013-06-21 03:01 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2015-03-17 01:37 - 2013-04-03 06:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-03-17 01:37 - 2012-08-31 11:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-03-17 01:37 - 2012-08-31 11:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-03-17 01:37 - 2012-08-31 11:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-03-17 01:37 - 2012-08-31 11:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-03-17 01:37 - 2012-08-31 11:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-03-17 01:37 - 2012-03-08 03:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-03-17 01:37 - 2011-08-23 09:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-03-17 01:37 - 2011-05-31 01:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-03-17 01:37 - 2011-05-31 01:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-03-17 01:37 - 2011-05-31 01:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-03-17 01:37 - 2011-05-31 01:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-03-17 01:37 - 2011-05-31 01:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-03-17 01:37 - 2011-05-31 01:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-03-17 01:37 - 2011-05-31 01:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-03-17 01:37 - 2011-05-31 01:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-03-17 01:37 - 2011-05-31 01:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-03-17 01:37 - 2011-05-31 01:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-03-17 01:37 - 2011-05-31 01:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-03-17 01:37 - 2011-05-31 01:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-03-17 01:37 - 2010-09-27 01:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-03-17 01:35 - 2015-03-20 10:39 - 00000401 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-03-17 01:33 - 2015-03-16 22:22 - 00000010 _____ () C:\Windows\GSetup.ini
2015-03-17 01:33 - 2009-08-27 07:04 - 00207400 ____R () C:\Windows\GSetup.exe
2015-03-17 01:31 - 2015-03-17 01:31 - 00000000 _____ () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-03-17 01:29 - 2015-03-19 20:28 - 00000000 ____D () C:\Windows\LastGood
2015-03-17 01:19 - 2015-03-17 01:19 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-03-16 22:23 - 2015-03-24 09:14 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log
2015-03-15 18:06 - 2015-03-17 16:51 - 00000000 ____D () C:\WeatherLink
2015-03-15 18:06 - 2015-03-17 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherLink
2015-03-15 18:06 - 2015-03-15 18:06 - 00000000 ____D () C:\Windows\SysWOW64\Silabs
2015-03-14 12:49 - 2015-03-21 11:54 - 00000000 ____D () C:\AV-CLS
2015-03-14 12:00 - 2015-03-20 16:49 - 00473464 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 11:51 - 2015-03-13 11:51 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ProduKey
2015-03-13 11:51 - 2015-03-13 11:51 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2015-03-13 11:31 - 2015-03-13 11:46 - 00000000 ___RD () C:\ESD
2015-03-10 18:34 - 2015-03-06 02:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 18:34 - 2015-03-06 02:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 18:34 - 2015-02-25 23:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 18:34 - 2015-02-20 03:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 18:34 - 2015-02-20 02:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 18:34 - 2015-02-20 02:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 18:34 - 2015-02-20 02:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 18:34 - 2015-02-06 23:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-10 18:34 - 2015-02-03 23:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-10 18:34 - 2015-02-03 23:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-10 18:34 - 2015-02-03 23:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-10 18:34 - 2015-02-02 23:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-10 18:34 - 2015-02-02 23:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-10 18:34 - 2015-01-30 23:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-10 18:34 - 2015-01-30 23:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-10 18:34 - 2015-01-29 01:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-10 18:34 - 2015-01-29 01:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-10 18:34 - 2015-01-27 03:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-10 18:34 - 2015-01-24 01:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-10 18:34 - 2015-01-23 07:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-10 18:34 - 2015-01-23 05:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-10 18:33 - 2015-02-06 01:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-10 18:33 - 2015-02-06 01:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-10 18:33 - 2015-02-05 20:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-10 18:33 - 2015-02-03 00:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-10 18:33 - 2015-02-03 00:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-10 18:33 - 2015-01-30 23:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 18:33 - 2015-01-30 03:01 - 00132608 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BthA2DP.sys
2015-03-10 18:33 - 2015-01-30 03:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-10 18:33 - 2015-01-30 03:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-03-10 18:33 - 2015-01-30 02:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-10 18:33 - 2015-01-30 02:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-10 18:33 - 2015-01-30 02:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-10 18:33 - 2015-01-30 01:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-10 18:33 - 2015-01-30 01:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-10 18:33 - 2015-01-30 01:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-10 18:33 - 2015-01-30 01:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-10 18:33 - 2015-01-30 01:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-10 18:33 - 2015-01-30 01:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-10 18:33 - 2015-01-30 01:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-10 18:33 - 2015-01-30 01:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-10 18:33 - 2015-01-30 01:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-10 18:33 - 2015-01-30 01:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-10 18:33 - 2015-01-29 01:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 18:33 - 2015-01-29 01:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-10 18:33 - 2015-01-29 01:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-10 18:33 - 2015-01-29 01:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 18:33 - 2015-01-29 00:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-10 18:33 - 2015-01-29 00:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-10 18:33 - 2015-01-29 00:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-10 18:33 - 2015-01-29 00:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-10 18:33 - 2015-01-28 15:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 18:33 - 2015-01-28 15:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-10 18:33 - 2015-01-28 15:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-10 18:33 - 2015-01-28 02:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-10 18:33 - 2015-01-28 01:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-10 18:33 - 2015-01-27 04:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 18:33 - 2015-01-27 02:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 18:32 - 2015-02-21 01:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 18:32 - 2015-02-21 00:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 18:32 - 2015-02-21 00:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 18:32 - 2015-02-21 00:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-10 18:32 - 2015-02-21 00:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 18:32 - 2015-02-20 23:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 18:32 - 2015-02-20 23:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 18:32 - 2015-02-20 02:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 18:32 - 2015-02-20 02:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 18:32 - 2015-02-20 02:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 18:32 - 2015-02-20 02:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-10 18:32 - 2015-02-20 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 18:32 - 2015-02-20 02:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 18:32 - 2015-02-20 02:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 18:32 - 2015-02-20 02:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-10 18:32 - 2015-02-20 02:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 18:32 - 2015-02-20 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 18:32 - 2015-02-20 02:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 18:32 - 2015-02-20 01:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-10 18:32 - 2015-02-20 01:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-10 18:32 - 2015-02-20 01:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-10 18:32 - 2015-02-20 01:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 18:32 - 2015-02-20 01:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 18:32 - 2015-02-20 01:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 18:32 - 2015-02-20 01:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 18:32 - 2015-02-20 01:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 18:32 - 2015-02-20 01:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-10 18:32 - 2015-02-20 01:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-10 18:32 - 2015-02-20 01:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 18:32 - 2015-02-20 01:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-10 18:32 - 2015-02-20 01:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 18:32 - 2015-02-20 01:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 18:32 - 2015-02-20 01:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 18:32 - 2015-02-20 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 18:32 - 2015-02-20 01:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 18:32 - 2015-02-20 00:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 18:32 - 2015-02-20 00:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 18:32 - 2015-02-12 17:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 18:32 - 2015-02-12 17:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 18:32 - 2015-02-07 23:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-10 18:32 - 2015-02-07 23:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-10 18:32 - 2015-01-29 18:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 18:32 - 2015-01-29 18:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 18:32 - 2014-12-11 05:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-10 18:31 - 2015-01-28 01:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 18:31 - 2015-01-28 01:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 18:31 - 2015-01-27 23:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-10 18:31 - 2015-01-27 23:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-10 18:31 - 2015-01-21 05:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 18:31 - 2015-01-21 05:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 17:14 - 2015-03-24 09:29 - 00000000 ____D () C:\Users\Rob\AppData\Local\CrashDumps
2015-03-10 17:14 - 2015-03-22 18:03 - 00001092 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-03-10 17:14 - 2015-03-22 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-03-10 17:14 - 2015-03-10 17:14 - 00000000 ____D () C:\Program Files\Oracle
2015-03-10 17:14 - 2015-03-02 15:20 - 00922168 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-03-10 17:14 - 2015-03-02 15:18 - 00128592 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-03-10 17:13 - 2015-03-10 17:13 - 111197384 _____ (Oracle Corporation) C:\Users\Rob\Desktop\VirtualBox-4.3.24-98716-Win(1).exe
2015-03-10 12:53 - 2015-03-22 18:04 - 00000000 ____D () C:\Users\Rob\VirtualBox VMs
2015-03-10 12:52 - 2015-03-23 18:59 - 00000000 ____D () C:\Users\Rob\.VirtualBox
2015-03-09 09:18 - 2015-03-09 09:18 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-09 08:55 - 2015-03-09 08:55 - 00003246 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-2293033291-434282674-2231542723-1001
2015-03-09 08:51 - 2015-03-09 09:09 - 00003760 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-03-08 20:55 - 2015-03-20 10:58 - 00000000 __SHD () C:\$360Section
2015-03-08 20:52 - 2015-03-20 10:58 - 00000000 ____D () C:\ProgramData\360Quarant
2015-03-08 20:52 - 2015-03-08 20:52 - 00000000 ____D () C:\Windows\Tasks\360Disabled
2015-03-08 20:51 - 2015-03-20 18:06 - 00000000 ____D () C:\Program Files (x86)\360
2015-03-06 19:18 - 2015-03-06 19:33 - 00102400 _____ () C:\Windows\RegBootClean.exe
2015-03-06 18:45 - 2015-03-06 18:45 - 00003076 _____ () C:\Windows\System32\Tasks\{FE69983F-D832-481E-B574-0E1317F906D4}
2015-03-06 17:02 - 2015-03-06 17:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-06 13:36 - 2015-03-06 13:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-06 12:13 - 2015-03-18 12:39 - 00005862 _____ () C:\EamClean.log
2015-03-06 11:56 - 2015-03-20 10:56 - 00000000 ____D () C:\EEK
2015-03-06 11:27 - 2015-03-06 11:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WIN8-Windows-8.1-Pro-(64-bit).dat
2015-03-06 11:27 - 2015-03-06 11:27 - 00000000 ____D () C:\RegBackup
2015-03-06 10:24 - 2015-03-18 11:08 - 00002175 _____ () C:\Users\Rob\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2015-03-06 10:24 - 2015-03-06 10:24 - 00002266 _____ () C:\Users\Public\Desktop\Tweaking.com - Technicians Toolbox.lnk
2015-03-06 02:17 - 2015-03-06 02:17 - 24802928 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 24003648 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 06067760 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 04782296 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 02946024 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiVAD64.exe
2015-03-06 02:17 - 2015-03-06 02:17 - 02776408 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAAC64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 01513304 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSecureSourceFilter64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 01402336 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 01399240 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 01369088 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 01063936 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00979800 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiWinNextAgent64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00671352 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAudioFilter64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00623616 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00615544 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMux64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00472976 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUMS64.exe
2015-03-06 02:17 - 2015-03-06 02:17 - 00392592 _____ () C:\Windows\system32\igfxTray.exe
2015-03-06 02:17 - 2015-03-06 02:17 - 00385024 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00372224 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00354136 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSilenceFilter64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00304128 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00279952 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-03-06 02:17 - 2015-03-06 02:17 - 00275800 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUtils64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00255488 _____ () C:\Windows\system32\igfxCPL.cpl
2015-03-06 02:17 - 2015-03-06 02:17 - 00249232 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2015-03-06 02:17 - 2015-03-06 02:17 - 00229888 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00220432 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00218512 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-03-06 02:17 - 2015-03-06 02:17 - 00213504 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00211656 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00197464 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiDDEAgent64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00184352 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00183296 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4156.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00178672 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00178176 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00135000 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCUMD64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00127320 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiLogServer64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00086528 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00086528 _____ () C:\Windows\system32\igfxCUIServicePS.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00082432 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00059904 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00036616 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00035328 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00010752 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2015-03-06 02:17 - 2015-03-06 02:17 - 00004016 _____ () C:\Windows\system32\iglhxs64.vp
2015-03-06 02:16 - 2015-03-06 02:16 - 17761872 _____ () C:\Windows\system32\igd11dxva64.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 17285440 _____ () C:\Windows\SysWOW64\igd11dxva32.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 15982080 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 10853888 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 09504256 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 09396160 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 08605632 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 07484416 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 06021437 _____ () C:\Windows\system32\igdclbif.bin
2015-03-06 02:16 - 2015-03-06 02:16 - 04877240 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-03-06 02:16 - 2015-03-06 02:16 - 03550208 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 03320320 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 01131008 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 01029008 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2015-03-06 02:16 - 2015-03-06 02:16 - 01025936 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2015-03-06 02:16 - 2015-03-06 02:16 - 00636016 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 00515488 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 00448912 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2015-03-06 02:16 - 2015-03-06 02:16 - 00398848 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 00350208 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 00339344 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2015-03-06 02:16 - 2015-03-06 02:16 - 00338832 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2015-03-06 02:16 - 2015-03-06 02:16 - 00282696 _____ (Intel Corporation) C:\Windows\system32\igd10idpp64.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 00263120 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10idpp32.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 00227328 _____ () C:\Windows\system32\igdde64.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 00187392 _____ () C:\Windows\SysWOW64\igdde32.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 00169984 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll
2015-03-06 02:16 - 2015-03-06 02:16 - 00157072 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-03-06 02:16 - 2015-03-06 02:16 - 00152064 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2015-03-05 04:37 - 2015-03-05 04:14 - 00169992 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\psmounterex.sys
2015-03-04 18:10 - 2015-01-15 22:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-04 18:10 - 2015-01-15 22:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-04 18:10 - 2015-01-14 04:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-03-04 18:10 - 2015-01-14 03:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-03-04 18:10 - 2015-01-12 02:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-04 18:10 - 2015-01-12 01:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-04 18:10 - 2015-01-12 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-04 18:10 - 2015-01-12 01:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-04 18:10 - 2014-12-19 08:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-04 18:10 - 2014-12-19 08:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-03-04 18:10 - 2014-12-13 21:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-04 18:10 - 2014-12-13 21:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-03-04 18:10 - 2014-12-09 03:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-04 18:10 - 2014-12-09 01:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-04 18:10 - 2014-12-09 01:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-04 18:10 - 2014-04-15 23:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-03-04 18:10 - 2014-04-15 23:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-03-04 18:09 - 2015-01-19 18:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-03-04 18:09 - 2014-12-19 06:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-04 18:09 - 2014-12-12 02:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-04 18:09 - 2014-12-12 00:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-03-04 18:09 - 2014-12-08 19:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-03-04 18:09 - 2014-12-08 19:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-04 18:09 - 2014-12-08 19:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-03-04 18:09 - 2014-12-08 19:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-03-04 18:09 - 2014-12-08 19:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-03-04 18:09 - 2014-12-08 19:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-04 18:09 - 2014-12-08 19:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-03-04 18:09 - 2014-12-08 19:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-03-04 18:09 - 2014-12-06 03:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-03-04 18:09 - 2014-12-06 01:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-04 18:09 - 2014-12-06 01:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-03-04 17:54 - 2015-03-04 17:54 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\NVIDIA
2015-03-04 17:47 - 2014-11-22 10:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-03-04 17:47 - 2014-11-22 10:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-03-04 17:40 - 2015-03-18 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-04 17:40 - 2015-03-07 10:25 - 00001363 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-03-04 17:40 - 2015-03-04 17:47 - 00000000 ____D () C:\Users\Rob\AppData\Local\NVIDIA Corporation
2015-03-04 17:40 - 2015-03-04 17:47 - 00000000 ____D () C:\Users\Rob\AppData\Local\NVIDIA
2015-03-04 17:40 - 2014-12-13 00:12 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-04 17:40 - 2014-12-13 00:12 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-04 17:40 - 2014-12-13 00:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-04 17:40 - 2014-12-13 00:12 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-04 17:40 - 2014-11-22 10:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-03-04 17:40 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-03-04 17:40 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-03-04 17:40 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-03-04 17:40 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-03-04 17:40 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-03-04 17:40 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-03-04 17:39 - 2015-03-24 09:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-04 17:39 - 2015-03-18 09:38 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-04 17:39 - 2015-03-13 19:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-04 17:39 - 2015-03-13 16:16 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-04 17:39 - 2015-03-13 16:16 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-04 17:39 - 2015-03-13 16:16 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-04 17:39 - 2015-03-13 16:16 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-04 17:39 - 2015-03-13 16:16 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-04 17:39 - 2015-03-13 16:16 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-04 17:39 - 2015-03-11 13:10 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-04 17:39 - 2015-03-04 17:47 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-04 17:39 - 2014-07-02 20:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2015-03-04 17:39 - 2014-07-02 20:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2015-03-04 17:38 - 2015-03-13 19:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-04 17:38 - 2015-03-13 19:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-04 17:38 - 2015-03-13 19:41 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-04 17:37 - 2015-03-18 09:37 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-04 17:30 - 2015-03-04 17:30 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-03-02 15:18 - 2015-03-02 15:18 - 00204264 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2015-03-02 15:18 - 2015-03-02 15:18 - 00156360 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2015-03-02 15:18 - 2015-03-02 15:18 - 00141440 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 19:58 - 2014-06-19 18:55 - 00000161 _____ () C:\Windows\SysWOW64\arcconfig.xml
2015-03-24 19:53 - 2014-09-22 19:51 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-24 19:53 - 2014-09-22 19:50 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-24 19:53 - 2014-09-22 19:50 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-24 19:53 - 2014-09-22 19:50 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-24 19:53 - 2014-09-22 19:50 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-24 19:53 - 2014-09-22 19:50 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-24 19:53 - 2014-09-22 19:50 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-24 19:53 - 2014-09-22 19:50 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-24 19:53 - 2014-09-22 19:50 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-24 19:52 - 2014-04-03 19:19 - 00801720 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-24 19:23 - 2014-04-04 19:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-24 19:00 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-24 16:58 - 2014-10-20 17:06 - 01450569 _____ () C:\Windows\WindowsUpdate.log
2015-03-24 11:53 - 2014-05-31 07:24 - 00165659 _____ () C:\MyXML.xml
2015-03-24 10:16 - 2014-04-03 19:19 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2293033291-434282674-2231542723-1001
2015-03-24 09:13 - 2014-04-04 09:29 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\MailWasherPro
2015-03-24 09:12 - 2014-10-21 09:03 - 00002329 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-03-24 09:12 - 2014-10-20 17:06 - 00072760 _____ () C:\Windows\setupact.log
2015-03-24 09:11 - 2014-04-04 08:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-24 09:11 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-23 18:07 - 2014-06-16 09:47 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\vlc
2015-03-23 16:43 - 2014-04-04 09:10 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\uTorrent
2015-03-23 01:00 - 2014-05-05 11:29 - 00000410 _____ () C:\Windows\Tasks\My Win8 Backup xml.job
2015-03-22 18:15 - 2014-11-03 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-22 18:15 - 2014-11-03 20:49 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-03-22 18:06 - 2014-10-20 18:52 - 00101588 _____ () C:\Windows\PFRO.log
2015-03-22 17:55 - 2014-04-04 10:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-21 10:11 - 2014-10-20 14:52 - 00000000 ____D () C:\Windows\Minidump
2015-03-21 10:11 - 2014-04-03 19:14 - 00000000 ____D () C:\Users\Rob
2015-03-21 10:11 - 2014-04-03 19:08 - 00322234 ____N () C:\Windows\Minidump\032115-8015-01.dmp
2015-03-21 10:09 - 2014-10-20 14:51 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-20 18:23 - 2014-04-03 19:14 - 00001468 _____ () C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-20 18:10 - 2014-04-04 08:07 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-20 18:04 - 2014-07-06 08:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-20 17:40 - 2014-07-05 19:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 17:34 - 2014-10-20 18:50 - 00000000 ____D () C:\AdwCleaner
2015-03-20 17:21 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-20 17:16 - 2014-04-04 04:07 - 00000000 ____D () C:\Windows\Panther
2015-03-20 16:49 - 2014-04-03 19:11 - 00000000 ____D () C:\Windows\CSC
2015-03-20 16:42 - 2013-08-22 13:25 - 00000309 _____ () C:\Windows\win.ini
2015-03-20 15:14 - 2014-05-15 17:40 - 00000430 __RSH () C:\Users\Rob\ntuser.pol
2015-03-20 15:14 - 2014-04-04 08:38 - 00000440 __RSH () C:\ProgramData\ntuser.pol
2015-03-20 10:41 - 2014-04-04 09:03 - 00001098 _____ () C:\Users\Public\Desktop\System Explorer.lnk
2015-03-20 10:41 - 2014-04-04 09:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-03-20 10:40 - 2014-04-04 09:03 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2015-03-20 10:36 - 2014-06-15 08:40 - 00000000 ____D () C:\Users\Rob\AppData\Local\Adobe
2015-03-20 10:36 - 2014-04-04 19:30 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-19 20:12 - 2014-06-25 19:00 - 00122880 _____ () C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-19 15:04 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-19 13:49 - 2014-04-04 12:54 - 00000000 ____D () C:\wdisplay
2015-03-19 10:46 - 2014-04-04 09:35 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\FileZilla
2015-03-18 22:05 - 2014-04-04 10:15 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\QuickScan
2015-03-18 19:24 - 2014-04-04 09:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-18 18:40 - 2014-04-04 09:16 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-03-18 16:40 - 2014-04-04 14:41 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_688
2015-03-18 14:00 - 2014-04-04 14:41 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_772
2015-03-18 12:00 - 2014-04-04 13:03 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2015-03-18 11:35 - 2014-04-04 08:07 - 00001377 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-18 09:37 - 2014-05-02 09:51 - 00000000 ____D () C:\Temp
2015-03-17 16:50 - 2014-04-03 19:25 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2015-03-17 11:24 - 2014-05-25 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-03-17 01:40 - 2014-08-23 15:21 - 00865366 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-17 01:40 - 2014-07-29 09:03 - 00000000 ____D () C:\Program Files\Intel
2015-03-17 01:35 - 2014-05-27 19:27 - 00000000 ____D () C:\Intel
2015-03-17 01:33 - 2014-04-03 19:25 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-17 01:32 - 2014-05-27 19:27 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2015-03-17 01:32 - 2014-05-27 19:27 - 00000000 ____D () C:\ProgramData\ASUS
2015-03-17 01:30 - 2014-05-27 19:27 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-03-15 14:01 - 2014-04-04 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weather Display
2015-03-15 10:13 - 2014-05-27 19:36 - 00000000 _____ () C:\Windows\Path.idx
2015-03-15 10:08 - 2014-05-27 19:31 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-03-14 10:51 - 2014-12-01 19:10 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-13 19:41 - 2015-02-20 01:18 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 19:41 - 2015-02-20 01:18 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 19:41 - 2015-02-20 01:18 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-11 16:36 - 2014-07-21 02:15 - 00002152 _____ () C:\Windows\MB.idx
2015-03-11 07:00 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache
2015-03-10 19:17 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-10 19:17 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-10 19:17 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-10 19:17 - 2013-08-22 15:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-10 19:17 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-10 19:17 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-10 19:17 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-10 19:17 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-10 18:40 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-10 16:59 - 2014-11-16 11:23 - 00000000 ____D () C:\Program Files (x86)\DirectoryListPrintPro
2015-03-10 14:15 - 2014-04-04 08:37 - 00000954 _____ () C:\Users\Rob\Desktop\rufus-2.0.lnk
2015-03-09 16:30 - 2014-04-04 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-03-09 16:30 - 2014-04-04 09:35 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-03-09 11:10 - 2014-04-06 18:10 - 00001985 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-03-09 09:29 - 2014-04-16 19:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-08 20:21 - 2014-05-14 19:42 - 00000000 ____D () C:\Program Files\EPSON_P2
2015-03-08 20:19 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-08 18:18 - 2014-04-03 21:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-08 18:16 - 2014-04-03 21:16 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-07 18:33 - 2014-04-04 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-06 20:26 - 2014-04-04 14:41 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_253
2015-03-06 18:59 - 2014-06-29 10:06 - 00000000 ____D () C:\ProgramData\ProductData
2015-03-06 18:59 - 2014-05-23 08:53 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\IObit
2015-03-06 11:37 - 2014-04-04 14:41 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_40
2015-03-06 09:00 - 2014-05-27 19:26 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-03-06 02:17 - 2014-10-03 17:36 - 02024960 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2015-03-06 02:17 - 2014-10-03 17:36 - 00695808 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2015-03-06 02:17 - 2014-10-03 17:36 - 00344976 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2015-03-06 02:17 - 2014-10-03 17:36 - 00314256 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2015-03-06 02:17 - 2014-10-03 17:36 - 00278528 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2015-03-06 02:17 - 2014-07-21 21:04 - 00086528 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-06 02:17 - 2014-07-21 21:04 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-04 21:24 - 2013-08-22 15:38 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 21:24 - 2013-08-22 15:38 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-04 18:11 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-04 17:39 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\Help
2015-03-04 17:31 - 2014-05-23 08:53 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-03-04 17:30 - 2014-05-31 07:24 - 00000000 ____D () C:\ProgramData\IObit

==================== Files in the root of some directories =======

2014-06-25 19:00 - 2015-03-19 20:12 - 0122880 _____ () C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-17 14:44 - 2014-04-17 14:44 - 0007606 _____ () C:\Users\Rob\AppData\Local\Resmon.ResmonCfg
2014-04-04 10:15 - 2014-04-04 10:15 - 0002048 _____ () C:\ProgramData\1396606513.2336.bin
2014-04-04 10:15 - 2014-04-04 10:15 - 0000419 _____ () C:\ProgramData\1396606513.360.bin
2014-04-04 10:15 - 2014-04-04 10:15 - 0043328 _____ () C:\ProgramData\1396606513.4976.bin
2014-04-04 10:42 - 2014-04-04 10:42 - 0206526 _____ () C:\ProgramData\1396608058.bdinstall.bin
2014-09-22 19:47 - 2014-09-22 19:47 - 0037670 _____ () C:\ProgramData\1411415264.bdinstall.bin
2014-09-22 19:49 - 2014-09-22 19:49 - 0097760 _____ () C:\ProgramData\1411415273.bdinstall.bin
2015-03-17 01:38 - 2015-03-17 01:38 - 0000000 _____ () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-14 12:34

==================== End Of Log ============================

 

AdwCleaner[R14].txt

 

# AdwCleaner v4.113 - Logfile created 24/03/2015 at 20:10:10
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Rob - WIN8
# Running from : D:\Adware Cleaner\adwcleaner_4.113.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\62401dcb-150e-24b0-a17a-9927795c34d1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.4 (x86 en-US)

[ygksjr4l.default] - Line Found : user_pref("browser.search.searchengine.alias", "omniboxes");
[ygksjr4l.default] - Line Found : user_pref("browser.search.searchengine.iconURL", "hxxp://www.omniboxes.com/favicon.ico");
[ygksjr4l.default] - Line Found : user_pref("browser.search.searchengine.name", "omniboxes");
[ygksjr4l.default] - Line Found : user_pref("browser.search.searchengine.url", "hxxp://www.omniboxes.com/web/?type=ds&ts=1426678509&from=obw&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF313589L&q={searchTerms}");
[ygksjr4l.default] - Line Found : user_pref("browser.search.selectedEngine", "omniboxes");

-\\ Pale Moon v


-\\ Google Chrome v41.0.2272.101


-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [6044 bytes] - [20/10/2014 18:50:21]
AdwCleaner[R10].txt - [2951 bytes] - [18/03/2015 16:35:07]
AdwCleaner[R11].txt - [1902 bytes] - [18/03/2015 16:54:55]
AdwCleaner[R12].txt - [1962 bytes] - [18/03/2015 17:03:50]
AdwCleaner[R13].txt - [1979 bytes] - [20/03/2015 17:32:15]
AdwCleaner[R14].txt - [1650 bytes] - [24/03/2015 20:10:10]
AdwCleaner[R1].txt - [925 bytes] - [20/10/2014 18:55:28]
AdwCleaner[R2].txt - [973 bytes] - [21/10/2014 08:54:21]
AdwCleaner[R3].txt - [1098 bytes] - [24/10/2014 19:29:15]
AdwCleaner[R4].txt - [2939 bytes] - [14/12/2014 16:34:05]
AdwCleaner[R5].txt - [4990 bytes] - [14/12/2014 16:35:33]
AdwCleaner[R6].txt - [1886 bytes] - [22/12/2014 10:32:47]
AdwCleaner[R7].txt - [1946 bytes] - [09/01/2015 15:25:23]
AdwCleaner[R8].txt - [2821 bytes] - [06/03/2015 13:07:53]
AdwCleaner[R9].txt - [1657 bytes] - [06/03/2015 18:39:39]
AdwCleaner[S0].txt - [5717 bytes] - [20/10/2014 18:52:18]
AdwCleaner[S1].txt - [1028 bytes] - [21/10/2014 08:55:54]
AdwCleaner[S2].txt - [1155 bytes] - [24/10/2014 19:30:39]
AdwCleaner[S3].txt - [5048 bytes] - [14/12/2014 16:38:22]
AdwCleaner[S4].txt - [2919 bytes] - [06/03/2015 13:10:10]
AdwCleaner[S5].txt - [3046 bytes] - [18/03/2015 16:43:15]
AdwCleaner[S6].txt - [2030 bytes] - [18/03/2015 17:05:59]
AdwCleaner[S7].txt - [2045 bytes] - [20/03/2015 17:34:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R14].txt - [2711 bytes] ##########
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 25 March 2015 - 07:22 AM

I was expecting to see the Fixlog.txt log.

Do the Following Copy or move the Farbar .exe file from this folder in bold E:\Downloads\Temp to your Desktop.

Create the following fixlist.txt as suggested below and save the file to your Desktop.
Run the application from the desktop and click the fix button. Post the Fixlog.txt for my review.
Let me know what problem persists.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2293033291-434282674-2231542723-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: FastestFox - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\smarterwiki@wikiatic.com.xpi [2014-04-04]
CHR Extension: (avast! Online Security) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-24]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

#5 Avalon60

Avalon60
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leeds UK
  • Local time:10:22 AM

Posted 25 March 2015 - 01:58 PM

After running FRST again, and what I did last night as per your instructions, there has been no change in that I still get the same erorr messages when I try  to run cmd.exe, regedit.exe or msconfig.exe from the search programs and files box. Yet when I type the said file name , the file does appear in the list of programs and or files. When I click on the given file name, cmd.exe, for example I get this message across my screen:

 

'This app cannot run on your PC'

 

Then when I try to run the file as administrator, I get this error message:

 

Windows cannot find
'C:\windows\WinSxS\amd64_microsoft-windows-commandprompt_31bf385ad...\cmd.exe.

 

Please find the Fixlog.txt file below:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Rob at 2015-03-25 18:47:00 Run:2
Running from C:\Users\Rob\Desktop
Loaded Profiles: Rob (Available profiles: Rob & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2293033291-434282674-2231542723-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: FastestFox - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\smarterwiki@wikiatic.com.xpi [2014-04-04]
CHR Extension: (avast! Online Security) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-24]

End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-2293033291-434282674-2231542723-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ygksjr4l.default\Extensions\smarterwiki@wikiatic.com.xpi not found.
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => Key not found.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-25 18:48:42)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => File could not move.

==== End of Fixlog 18:48:42 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 26 March 2015 - 06:51 AM

Lets find out where other cmd.exe files are located.

Please run the Farbar Recovery Scan Tool. Enter cmd.exe in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

#7 Avalon60

Avalon60
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leeds UK
  • Local time:10:22 AM

Posted 26 March 2015 - 01:07 PM

Copy of Search.txt for cmd.exe below:

 

Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Rob at 2015-03-26 18:04:11
Running from C:\Users\Rob\Desktop
Boot Mode: Normal

================== Search Files: "cmd.exe" =============

C:\Windows\WinSxS\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_6.3.9600.17415_none_866c6bf6227abe66\cmd.exe
[2014-11-30 17:13][2014-10-29 01:05] 0315392 ____A (Microsoft Corporation) 622D21C40A25F9834A03BFD5FF4710C1 [File is signed]

C:\Windows\WinSxS\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_6.3.9600.16384_none_861fd11a22b451de\cmd.exe
[2013-08-22 02:54][2014-12-03 05:31] 0047195 ____A () 77C9818180EB1AF14A2E019B31EADBAC

C:\Windows\WinSxS\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_6.3.9600.17415_none_7c17c1a3ee19fc6b\cmd.exe
[2014-11-30 17:13][2014-10-29 01:28] 0357376 ____A (Microsoft Corporation) F5AE03DE0AD60F5B17B82F2CD68402FE [File is signed]

C:\Windows\WinSxS\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_6.3.9600.16384_none_7bcb26c7ee538fe3\cmd.exe
[2013-08-22 10:03][2014-12-03 05:04] 0057589 ____A () 089EDF7CAB7415FCF3D40E35C2530CFF

C:\Windows\SysWOW64\cmd.exe
[2014-11-30 17:13][2014-10-29 01:05] 0315392 ____A (Microsoft Corporation) 622D21C40A25F9834A03BFD5FF4710C1 [File is signed]

C:\Windows\System32\cmd.exe
[2014-11-30 17:13][2014-10-29 01:28] 0357376 ____A (Microsoft Corporation) F5AE03DE0AD60F5B17B82F2CD68402FE [File is signed]

====== End Of Search ======



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 27 March 2015 - 08:15 AM


Your error refers to
C:\Windows\WinSxS\wow64_microsoft-windows-commandprompt_31bf3856a...
The 6 is not listed in any of the items found.


Lets check the registry.

Please run the Farbar Recovery Scan Tool. Enter cmd.exe in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#9 Avalon60

Avalon60
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leeds UK
  • Local time:10:22 AM

Posted 27 March 2015 - 08:40 AM

Hi nasdaq, just to clear up any confusion on my part, the 6 lines you are referring to does show that cmd.exe is there on each line.

 

Search.txt for cmd.exe in the registry:

 

Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Rob at 2015-03-27 13:38:45
Running from C:\Users\Rob\Desktop
Boot Mode: Normal

================== Search Registry: "cmd.exe" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\runas\command]
""="cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\runas\command]
"IsolatedCommand"="cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\cmd.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\runas\command]
""="%SystemRoot%\System32\cmd.exe /C "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00021400-0000-0000-C000-000000000046}\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\runas\command]
""="%SystemRoot%\System32\cmd.exe /C "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\background\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\runas\command]
""="cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\runas\command]
"IsolatedCommand"="cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\shell\runas\command]
""="cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\shell\runas\command]
"IsolatedCommand"="cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\runas\command]
""="cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\runas\command]
"IsolatedCommand"="cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00021400-0000-0000-C000-000000000046}\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}]
"AppName"="cmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEDIAG.EXE]
""="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE]
""="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00C5BD287292A9D4DA7F5470EA57D7C5]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\de-DE\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\016A66130ACC7E542BB45432DDB0F29D]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\zh-CN\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0371F302E0A7C264398F478E79F25C6F]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\cs-CZ\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05B5FB31DDFFF3E40A617CE97CF9A61C]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\ja-JP\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06E0D75403CFB964B8DE98D374A93BC6]
"591C48D40F6843B4F8EDA471BE1403A6"="C:\Program Files\Microsoft\Web Platform Installer\WebpiCmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B3DABCA944D8CC4091095458FB7A541]
"591C48D40F6843B4F8EDA471BE1403A6"="C:\Program Files\Microsoft\Web Platform Installer\WebpiCmd.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14361CC109240AE458A0F413986FFF43]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\it-IT\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14BACB7611D95ED4D8B77BFD5CCBD1E3]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\appcmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16EC33ED9383FB7418F84F96797623E9]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\ru-RU\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1CBEA0CF38D9CEF46B1A93F4D6C2A68A]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\zh-TW\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23E521459F490CA42AB840578F8A4137]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\tr-TR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D5C656DB0B8FB14BB4EF3EF09D0C03D]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\ru-RU\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\306432C3813F51E418F8824D83C6EB18]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\it-IT\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\333282CAEF5BB784BB95B02AE1EB38CF]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\fr-FR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3D34A9059DBB6654C8D7F18375886305]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\ja-JP\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\473330006EB269040AA9AA95C2DC7324]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\tr-TR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\519C0AAE9E5DA30419530B127741EA06]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\ko-KR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\587178F2692ADE144854710E2B955D4D]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\de-DE\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6EB1F81439D6B4840A0E965ED9252D95]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\IisExpressAdminCmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\702F507C1E809D345A9EC176F0F8DB5D]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\zh-CN\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7144DE8540C5171408FA2E5BC52E232C]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\ko-KR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754E554DFB6F7CC46B09F4F43BA2C82D]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\pt-BR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BD3F380A9748F441B351114BAC4008B]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\es-ES\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CA8CF362066E2345A04F1D058517970]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\en-us\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94707EFD8D0AF5442B23CA485D9F81C1]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\pl-PL\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\951F046AE68517E4ABD42DB1AB2E619B]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\pl-PL\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\99ED63374F9401C4ABD535952E082360]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\cs-CZ\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ABB9A7F0ACEC524499D321A6618C7C20]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\appcmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5A2A3600C16E9C4EA0A82063E3EE730]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\pt-BR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B7395387249DBBB4B9F2F60A18566119]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\IisExpressAdminCmd.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8F9B25730E60354E8E3DF13173D21CC]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\IisExpressAdminCmd.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB6509E5F5631FF4FB162D8F5108CECF]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\IisExpressAdminCmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA1155C3AB7CEAC4EA484128FE564907]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\es-ES\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F959AE51C190A4087A8964A9C8742E]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\en-us\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE03FC4F104BF404FB0A0D3B04E9DA82]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\fr-FR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4E111487D05C804CB7D474D7680063B]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\zh-TW\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}]
"AppName"="cmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\IEDIAG.EXE]
""="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE]
""="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{00021400-0000-0000-C000-000000000046}\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\runas\command]
""="cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\runas\command]
"IsolatedCommand"="cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\cmd.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\runas\command]
""="%SystemRoot%\System32\cmd.exe /C "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00021400-0000-0000-C000-000000000046}\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\runas\command]
""="%SystemRoot%\System32\cmd.exe /C "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\background\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\runas\command]
""="cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\runas\command]
"IsolatedCommand"="cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\shell\runas\command]
""="cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\shell\runas\command]
"IsolatedCommand"="cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\runas\command]
""="cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\runas\command]
"IsolatedCommand"="cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00021400-0000-0000-C000-000000000046}\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}]
"AppName"="cmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEDIAG.EXE]
""="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE]
""="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00C5BD287292A9D4DA7F5470EA57D7C5]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\de-DE\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\016A66130ACC7E542BB45432DDB0F29D]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\zh-CN\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0371F302E0A7C264398F478E79F25C6F]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\cs-CZ\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05B5FB31DDFFF3E40A617CE97CF9A61C]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\ja-JP\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06E0D75403CFB964B8DE98D374A93BC6]
"591C48D40F6843B4F8EDA471BE1403A6"="C:\Program Files\Microsoft\Web Platform Installer\WebpiCmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B3DABCA944D8CC4091095458FB7A541]
"591C48D40F6843B4F8EDA471BE1403A6"="C:\Program Files\Microsoft\Web Platform Installer\WebpiCmd.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14361CC109240AE458A0F413986FFF43]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\it-IT\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14BACB7611D95ED4D8B77BFD5CCBD1E3]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\appcmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16EC33ED9383FB7418F84F96797623E9]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\ru-RU\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1CBEA0CF38D9CEF46B1A93F4D6C2A68A]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\zh-TW\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23E521459F490CA42AB840578F8A4137]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\tr-TR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D5C656DB0B8FB14BB4EF3EF09D0C03D]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\ru-RU\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\306432C3813F51E418F8824D83C6EB18]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\it-IT\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\333282CAEF5BB784BB95B02AE1EB38CF]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\fr-FR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3D34A9059DBB6654C8D7F18375886305]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\ja-JP\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\473330006EB269040AA9AA95C2DC7324]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\tr-TR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\519C0AAE9E5DA30419530B127741EA06]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\ko-KR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\587178F2692ADE144854710E2B955D4D]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\de-DE\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6EB1F81439D6B4840A0E965ED9252D95]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\IisExpressAdminCmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\702F507C1E809D345A9EC176F0F8DB5D]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\zh-CN\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7144DE8540C5171408FA2E5BC52E232C]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\ko-KR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754E554DFB6F7CC46B09F4F43BA2C82D]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\pt-BR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BD3F380A9748F441B351114BAC4008B]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\es-ES\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CA8CF362066E2345A04F1D058517970]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\en-us\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94707EFD8D0AF5442B23CA485D9F81C1]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\pl-PL\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\951F046AE68517E4ABD42DB1AB2E619B]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\pl-PL\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\99ED63374F9401C4ABD535952E082360]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\cs-CZ\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ABB9A7F0ACEC524499D321A6618C7C20]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\appcmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5A2A3600C16E9C4EA0A82063E3EE730]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\pt-BR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B7395387249DBBB4B9F2F60A18566119]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\IisExpressAdminCmd.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8F9B25730E60354E8E3DF13173D21CC]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\IisExpressAdminCmd.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB6509E5F5631FF4FB162D8F5108CECF]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\IisExpressAdminCmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA1155C3AB7CEAC4EA484128FE564907]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\es-ES\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F959AE51C190A4087A8964A9C8742E]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files (x86)\IIS Express\en-us\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE03FC4F104BF404FB0A0D3B04E9DA82]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\fr-FR\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4E111487D05C804CB7D474D7680063B]
"9AF16FB7BFDB365489DACF0BAD82CC7C"="C:\Program Files\IIS Express\zh-TW\appcmd.exe.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}]
"AppName"="cmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\IEDIAG.EXE]
""="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE]
""="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{00021400-0000-0000-C000-000000000046}\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\cmd\command]
""="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]
"ComSpec"="%SystemRoot%\system32\cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"ComSpec"="%SystemRoot%\system32\cmd.exe"
[HKEY_USERS\S-1-5-21-2293033291-434282674-2231542723-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Windows\WinSxS\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_6.3.9600.17415_none_866c6bf6227abe66\cmd.exe"="0x534143500100000000000000070000002800000000D00400E80A050001000000000000000000030671220000975FD891C99ECE010000000000000000"
[HKEY_USERS\S-1-5-21-2293033291-434282674-2231542723-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"D:\AV-CLS\A2\a2cmd.exe"="0x5341435001000000000000000700000028000000B0AD1B00D6921C0001000000000000000000010671000000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000E5010000000000000100000001000000"
[HKEY_USERS\S-1-5-21-2293033291-434282674-2231542723-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Rob\Desktop\cmd.exe"="0x53414350010000000000000007000000280000000074050047AE050001000000000000000000030673220000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000003D080000000000000200000002000000"
[HKEY_USERS\S-1-5-21-2293033291-434282674-2231542723-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\system32\cmd.exe.FriendlyAppName"="Windows Command Processor"
[HKEY_USERS\S-1-5-21-2293033291-434282674-2231542723-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\system32\cmd.exe.ApplicationCompany"="Microsoft Corporation"
[HKEY_USERS\S-1-5-21-2293033291-434282674-2231542723-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\system32\cmd.exe.FriendlyAppName"="Windows Command Processor"
[HKEY_USERS\S-1-5-21-2293033291-434282674-2231542723-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\system32\cmd.exe.ApplicationCompany"="Microsoft Corporation"

====== End Of Search ======



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 27 March 2015 - 09:06 AM

So I then right click and select run as Administrator, but then I get another message box telling me that
Windows cannot find
'C:\windows\WinSxS\amd64_microsoft-windows-commandprompt_31bf385ad...\cmd.exe.



None of the registry keys listed are referencing
C:\windows\WinSxS\amd64_microsoft-windows-commandprompt_31bf385ad

This is no longer malware and not my forte to fix.

I suggest you start a new topic in the Windows 7 forum.
http://www.bleepingcomputer.com/forums/f/167/windows-7/

An expert with that Operating system may be able to help you.

#11 Avalon60

Avalon60
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leeds UK
  • Local time:10:22 AM

Posted 27 March 2015 - 09:58 AM

AAh, yes I see what you are referring to, my apologies:

 

Windows cannot find

'C:\Windows\WinSxS\amd64_microsoft-windows-commandprompt_31bf3856ad....\cmd.exe

 

This where it is located:

C:\Windows\WinSxS\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_6.3.9600.16384_none_7bcb26c7ee538fe3

 

Anyways , thanks for your help and assistance, and as you say I will go to the windows 8 group with this problem



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 02 April 2015 - 06:45 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users