Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gambali dll file, zombie News. Cannot get rid of it.


  • This topic is locked This topic is locked
12 replies to this topic

#1 Azanath

Azanath

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 25 March 2015 - 08:13 AM

Hi, This might be lengthy but I want to get as much detail as possible because this is just crazy.

 

A couple weeks ago, I was using Google Chrome and went to Amazon.com to look at some ebooks.  I also have my own website through Yahoo Small Business and had a tab open to that. 

 

I went to click on an e-book description and something downloaded so fast I couldn't catch it.  I closed the browser and went to add / remove programs to see if anything odd was there.  There were some tool bars that weren't there before and something called, Gambali.  I removed them all through the add / remove programs. Rebooted.

 

They no longer showed up in the programs and features.  I went back to my website that I own, using Chrome.  There was an ad that popped up across my banner that said, Zombie News.  Another one off to the right, a small square that said, Zombie threat meter that kept changing color from green to orange to red and would say, alert high, etc.  I also had a huge ad to the right of that where the scroll bar would be, advertising truck ads. 

 

I checked my code on my site and seen nothing unusual there. 

 

I ran several virus / malware programs.  Malware Bytes, AVG, Trend Micro Housecall online scan.  Malware bytes found something and I got rid of that.  I re scanned my system and it came up clean.  I went back to my site.  Ads still there. 

 

Had my fiancee look at my site on his system, using Chrome.  No ads.  However, this might be of noteworthy value. 

I had a Chrome application that made your browser page look like Windows 8 desktop.  It had boxes you could type a url into and save it for that particular site.  My fiancee did not have this application. 

 

I looked up the application on Chrome Store and it had been removed due to TOS violations.  It was still working for some people while others it was not.  It was still working for me.  I deleted Chrome, reinstalled it.  Ads still showed up. 

 

I ran Hijack this log.  It showed the Gambali.  I ran Malware Bytes, it showed my system as clean.  I went to the path that Hijack this pointed me to.  It was empty.  I enabled hidden files and folders.  Still nothing in the folder. 

 

I deleted Chrome yet again and went to my site using Internet Explorer.  Ads were not there.  I downloaded Firefox, ads were not there. 

 

I went to Google support and started chatting with a gentleman.  He was very eager to help me and was going to look at my computer remotely.  He asked me to give him all possible details.  I started to do this but as soon as I told him about the Chrome Application and that I thought it was something with that app, he disappeared offline and did not come back.  I waited for over an hour while trying to research the issue. 

 

So, as of tonight, I am seeing the gambali thing pop up again it says it's a .dll file and it won't let me remove it because it's in use by another program even though I have tried to delete it after disconnecting fully from the internet and booting in safe mode without networking and even with networking, I tried all options.  I cannot figure out what program is using this. 

 

I'm not finding anything in my processes, even though I know that doesn't mean something still isn't running in the background somewhere. 

 

I typed in Gambali tonight in my browser and it pointed to your site.  There was a posting called, Ads by SASA crippling me.  The thread was closed and marked as resolved but unfortunately there was nothing more about how it was resolved.  I tried typing in Gambali into the search on the forum here and it came up with nothing.  Maybe it's listed under something else? 

 

Here are the logs for the FRST.  Any help would be so greatly appreciated and I would be sure to post any results if they work or  not.  :-) 

 

I looked through these logs and highlighted a few things in blue that don't look quite right to me.  I also tried to update my Microsoft Security Essentials tonight and it would not connect.  It says, Real time protection is: on.  Virus and spyware definitions: Connection Failed. 

 

 

Thank you for your time, Sincerely, Azanath.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Azzy at 2015-03-25 04:32:50
Running from C:\Users\Azzy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Aion (HKLM-x32\...\NCW-AION) (Version: 1.0.0.2 - NC Interactive, LLC)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ArtRage Studio (HKLM-x32\...\{71C0F2FA-8AA8-482C-96E4-A8124F2DC84D}) (Version: 3.5.4 - Ambient Design)
Autodesk SketchBook Express 6.2 (HKLM-x32\...\{34CBACD3-040E-43D6-86C1-9FBE44B180BF}) (Version: 6.2.0000 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bryce 7.0 Content (HKLM-x32\...\Bryce 7.0 Content 7.0.0.21) (Version: 7.0.0.21 - DAZ 3D)
Bryce 7.1 (HKLM-x32\...\Bryce 7.1 7.1.0.109) (Version: 7.1.0.109 - DAZ 3D)
Bryce Lightning 7.0 (HKLM-x32\...\Bryce Lightning 7.0 7.1.0.109) (Version: 7.1.0.109 - DAZ 3D)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
ClickCharts Diagram Flowchart Software (HKLM-x32\...\ClickCharts) (Version: 1.09 - NCH Software)
Color Efex Pro 3.0 Wacom Edition 6 (HKLM-x32\...\Color Efex Pro 3.0 Wacom Edition 6 Stand-Alone) (Version: 3.1.1.1 - Nik Software, Inc.)
Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.100.0000 - Corel Corporation)
Corel Painter Essentials 3 (x32 Version: 3.2 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deadly Boss Mods Updater (HKLM-x32\...\DeadlyBossModsUpdater) (Version: 1.07.00 - Master Games International, Inc)
Deadly Boss Mods Updater (x32 Version: 1.07.00 - Master Games International, Inc) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dynomite Deluxe (HKLM-x32\...\Dynomite Deluxe) (Version:  - PopCap Games)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Epson Event Manager (HKLM-x32\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION)
EPSON NX130 Series Printer Uninstall (HKLM\...\EPSON NX130 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.68 - NCH Software)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hexagon 2 (HKLM-x32\...\Hexagon 2 2.5.1.79) (Version: 2.5.1.79 - DAZ 3D)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.5.1 - iolo technologies, LLC)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.3426 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.5317 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.5317 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.3.0309 - Lenovo)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\OneDriveSetup.exe) (Version: 17.3.4724.0224 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Myst Online: Uru Live (remove only) (HKLM-x32\...\MOUL) (Version:  - )
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NCsoft Launcher (HKLM-x32\...\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}) (Version: 1.5.19002 - NCsoft)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Orion File Recovery Software (HKLM-x32\...\Orion) (Version: 1.09 - NCH Software)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 13.0 - Corel)
PhotoImpact X3 (x32 Version: 13.0 - Corel) Hidden
Planetside (HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\soe-Planetside) (Version: 1.0.3.183 - Sony Online Entertainment)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Real-Draw PRO 5.2.4 (HKLM-x32\...\Real-Draw PRO_is1) (Version:  - Mediachance)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RIFT (HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\RIFT) (Version:  - Trion Worlds, Inc.)
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Serif PagePlus Starter Edition 4 (HKLM-x32\...\{975944CC-90F8-43C8-9F7E-C722FC212E6B}) (Version: 4.0.0.4 - Serif (Europe) Ltd)
Serif PagePlus: Poster Template Pack 1 (HKLM-x32\...\{561989D6-1BEE-452D-83FE-6E8AB80F341A}) (Version: 1.0.1.042 - Serif (Europe) Ltd)
Serif PanoramaPlus Starter Edition (HKLM-x32\...\{64AEB598-E518-4AD0-B02B-99F365B8054C}) (Version: 2.0.0.001 - Serif (Europe) Ltd)
Serif PhotoPlus Starter Edition 3 (HKLM-x32\...\{5DF61899-B4D4-4CD5-9F3D-78ADBBF7DC2A}) (Version: 3.0.0.008 - Serif (Europe) Ltd)
Serif WebPlus X7 (HKLM\...\{DDC54AEA-0ED0-4F2F-9C3C-7C382D80B5FB}) (Version: 15.0.3.35 - Serif (Europe) Ltd)
Serif WebPlus: Interest Template - Photography 1 (HKLM-x32\...\{E23FEC6A-C2D9-4D91-ADF4-FD513B4421A3}) (Version: 1.0.1.007 - Serif (Europe) Ltd)
Serif WebPlus: Interest Template - Photography 2 (HKLM-x32\...\{465C892E-BEE0-422F-A992-EA627D1943A3}) (Version: 1.2.0.027 - Serif (Europe) Ltd)
Stickies 8.0a (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TurboTop 2.7 (HKLM-x32\...\TurboTop_is1) (Version: 2.7.0.1 - Savard Software)
TwistedBrush Open Studio (HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\TwistedBrush Open Studio) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Driver Package - Advanced Micro Devices, Inc System  (04/15/2010 5.12.0.13) (HKLM\...\219D5BE6B14468E687B5EFF7979E68AA355A5299) (Version: 04/15/2010 5.12.0.13 - Advanced Micro Devices, Inc)
Windows Driver Package - AMD USB  (03/30/2010 1.0.0.5) (HKLM\...\D38587A239DFF85877AA1BCAA58B37B5CF7A6AF5) (Version: 03/30/2010 1.0.0.5 - AMD)
Windows Driver Package - C-Media Inc. (USBPNPA) MEDIA  (08/12/2010 7.12.8.2150) (HKLM\...\9C6B01824B9DA73213D89D4410EB251F8487AB55) (Version: 08/12/2010 7.12.8.2150 - C-Media Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xara 3D Maker 7 (HKLM-x32\...\MAGIX_{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}) (Version: 7.0.0.442 - Xara Group Ltd)
Xara 3D Maker 7 (Version: 7.0.0.442 - Xara Group Ltd) Hidden
Yahoo SiteBuilder (HKLM-x32\...\Yahoo SiteBuilder) (Version: 2.8.8 - Yahoo Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

02-03-2015 16:40:43 Windows Update
06-03-2015 11:51:09 Windows Update
10-03-2015 15:31:32 Windows Update
10-03-2015 22:27:50 Windows Update
14-03-2015 20:04:05 Windows Update
18-03-2015 20:03:52 Windows Update
22-03-2015 11:09:04 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00654D73-BD35-4E97-9DDF-AFDF75031672} - System32\Tasks\{BC0DE690-0FC6-431A-931E-829399D76132} => C:\Program Files (x86)\Microsoft Games\Pandora's Box\Pandora.exe [2000-02-02] (Microsoft Corporation)
Task: {0707448D-020F-43C2-ADDB-340CC9DBA31E} - \gtaUpt No Task File <==== ATTENTION
Task: {0C11A7E1-1956-4893-9A87-964EC40FD4A6} - System32\Tasks\{3C04243E-0170-413E-A096-C7FAE7F1460E} => pcalua.exe -a C:\Users\Azzy\Downloads\wmp11-windowsxp-x64-enu.exe -d C:\Users\Azzy\Downloads
Task: {13789611-52B3-4C9F-9776-1773003C5DA4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {1FE27AA3-2539-4C0B-9F3E-A0396FD9EB5E} - System32\Tasks\{60BA29C9-8D2D-4ED9-A7F2-0ECC7A5B2B33} => C:\Users\Azzy\Desktop\Microsoft Pandora's Box.exe
Task: {2273BF74-FB16-45F3-8333-09D7A8603F62} - System32\Tasks\{937D29EE-C4AD-42BE-A23D-4380374FB7A6} => pcalua.exe -a C:\Users\Azzy\Desktop\HLX5-PhotoPlus-SE-Installer-EN.exe -d C:\Users\Azzy\Desktop
Task: {251EC935-546F-4C76-B9C0-2D2EC0A1ED59} - System32\Tasks\{595EFAEF-B628-4508-A8D8-D219514283C8} => pcalua.exe -a "C:\Program Files\PopCap Games\TipTop Deluxe\PopUninstall.exe" -c C:\Program Files\PopCap Games\TipTop Deluxe\Install.log
Task: {3BA30474-E426-402F-A9C1-491A2433E7B3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {438F0657-8496-41EC-A9F2-6262790568E8} - System32\Tasks\AdobeAAMUpdater-1.0-Azzy-PC-Azzy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {51B79F01-4F6F-4593-9A61-217102799E09} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {53E4CF10-B0B9-4A80-A792-318FC103501B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {557892B1-DCB6-462F-B65E-D45E993BF1ED} - System32\Tasks\{7743441E-0876-4614-B2DB-AF7C897DB6AE} => pcalua.exe -a C:\Users\Azzy\Desktop\ESD_SerifContent_Images-PhotoFrames.exe -d C:\Users\Azzy\Desktop
Task: {57DC003A-DEE9-476D-9C6E-B7A0CAF22C19} - System32\Tasks\{32A084C7-5E03-4587-AC73-B3EBC157D2DB} => pcalua.exe -a "C:\Users\Azzy\AppData\Local\Sony Online Entertainment\ApplicationUpdater\Uninstaller.exe"
Task: {5ECDD357-3ADE-42F4-9BE9-93FB72D144C3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {621DA607-8554-4688-85C6-32C5A205AD7D} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2015-03-16] (iolo technologies, LLC)
Task: {63D50E88-C4ED-4D5D-B21F-345DCAFD4D12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25] (Google Inc.)
Task: {67F174B2-930B-49E4-983D-96DF0455BEB8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {68ACCED0-D27D-43F8-999D-71B5B9AF8A65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6BFBEE60-DD1F-4003-AF49-F60F5ED61C96} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {82F94BC6-8263-48A3-AADD-507131B42429} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25] (Google Inc.)
Task: {AB28769B-45E6-4875-B390-460E70F7ADAA} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Azzy-PC-Azzy Azzy-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {B6F38F29-F0A9-4E42-8D45-E28FBFCADF18} - System32\Tasks\{35AFE5B7-2516-4BCE-BA5A-2C7FECD52F19} => C:\Program Files (x86)\Microsoft Games\Pandora's Box\Pandora.exe [2000-02-02] (Microsoft Corporation)
Task: {C71012EC-F82F-49F9-9944-24B9DA4B8167} - System32\Tasks\{53642B4E-47EE-4DD0-BBBA-324630C42F92} => C:\Users\Azzy\Desktop\pandoras box\Pandora's Box\Pandora.exe
Task: {C748EB5B-695D-40F8-A475-FF5CC14C7142} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {CB4A0008-6F58-4B8F-A493-AFF8A9760951} - System32\Tasks\easyVPN => C:\Program Files (x86)\EasyVpn\app\easyvpn.exe
Task: {E9416CD9-0D4E-4BFE-A098-C7BD4ABCE13A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-20 22:23 - 2014-11-20 22:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-03-02 23:02 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-04-25 07:51 - 2011-03-15 20:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2006-11-02 21:40 - 2006-11-02 21:40 - 00174656 _____ () C:\windows\SysWOW64\PSIService.exe
2014-09-26 15:41 - 2014-09-26 15:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-03-19 03:10 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-14 17:54 - 2014-04-21 15:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-11-20 22:23 - 2014-11-20 22:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-07-21 15:29 - 2013-07-21 15:29 - 00000000 _____ () C:\windows\system32\aticfx32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:EC77041F
AlternateDataStreams: C:\Users\Azzy\Desktop\everythingblizzard.wpp:SummaryInformation
AlternateDataStreams: C:\Users\Azzy\Desktop\everythingblizzard.wpp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Azzy\Desktop\Site2guildrules.wpp:SummaryInformation
AlternateDataStreams: C:\Users\Azzy\Desktop\Site2guildrules.wpp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-533468569-4081723625-3906534183-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Azzy\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 10.0.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel MediaOne\CorelIOMonitor.exe
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

==================== Accounts: =============================

Administrator (S-1-5-21-533468569-4081723625-3906534183-500 - Administrator - Disabled)
ASPNET (S-1-5-21-533468569-4081723625-3906534183-1010 - Limited - Enabled)
Azzy (S-1-5-21-533468569-4081723625-3906534183-1002 - Administrator - Enabled) => C:\Users\Azzy
Guest (S-1-5-21-533468569-4081723625-3906534183-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-533468569-4081723625-3906534183-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2015 03:53:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 36.0.4.5557, time stamp: 0x550d0883
Faulting module name: mozalloc.dll, version: 36.0.4.5557, time stamp: 0x550cfa82
Exception code: 0x80000003
Fault offset: 0x00001e02
Faulting process id: 0x1ae8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (03/25/2015 03:02:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow-64.exe version 6.1.2.19802 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: df4

Start Time: 01d066e28b698245

Termination Time: 465

Application Path: C:\Program Files (x86)\World of Warcraft\Wow-64.exe

Report Id:

Error: (03/24/2015 10:51:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7878

Error: (03/24/2015 10:51:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7878

Error: (03/24/2015 10:51:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/24/2015 10:51:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6630

Error: (03/24/2015 10:51:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6630

Error: (03/24/2015 10:51:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/24/2015 10:51:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5382

Error: (03/24/2015 10:51:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5382


System errors:
=============
Error: (03/25/2015 04:25:03 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.193.3462.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/25/2015 04:15:02 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.193.3462.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/25/2015 03:41:04 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/25/2015 03:21:25 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.193.3462.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/25/2015 03:11:12 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.193.3462.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/25/2015 00:30:31 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.193.3462.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/24/2015 02:57:13 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.193.3462.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/24/2015 07:33:16 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.193.3462.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/23/2015 11:41:26 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.193.3462.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/22/2015 03:57:49 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ASUS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{49B862D4-8A5B-49FB-A4DE-CAAA6641FD32}.
The master browser is stopping or an election is being forced.


Microsoft Office Sessions:
=========================
Error: (03/25/2015 03:53:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.4.5557550d0883mozalloc.dll36.0.4.5557550cfa828000000300001e021ae801d066e6e8927feaC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll367e33a8-d2dd-11e4-a289-8c89a5d47e0e

Error: (03/25/2015 03:02:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.1.2.19802df401d066e28b698245465C:\Program Files (x86)\World of Warcraft\Wow-64.exe

Error: (03/24/2015 10:51:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7878

Error: (03/24/2015 10:51:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7878

Error: (03/24/2015 10:51:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/24/2015 10:51:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6630

Error: (03/24/2015 10:51:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6630

Error: (03/24/2015 10:51:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/24/2015 10:51:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5382

Error: (03/24/2015 10:51:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5382


CodeIntegrity Errors:
===================================
  Date: 2015-02-25 00:07:06.151
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-25 00:07:06.115
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-25 00:04:36.769
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-25 00:04:36.734
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-25 00:04:34.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-25 00:04:34.027
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A6-3620 APU with Radeon™ HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 5626.01 MB
Available physical RAM: 3504.2 MB
Total Pagefile: 11250.2 MB
Available Pagefile: 8573.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.34 GB) (Free:333.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A2B82327)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

==================== End Of Log ============================

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Azzy (administrator) on AZZY-PC on 25-03-2015 04:31:40
Running from C:\Users\Azzy\Desktop
Loaded Profiles: Azzy (Available profiles: Azzy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
() C:\Windows\jmesoft\Service.exe
() C:\Windows\SysWOW64\PSIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJA.EXE
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4547872 2015-03-16] (iolo technologies, LLC)
HKLM-x32\...\RunOnce: [SMRequiresRestart] => [X]
HKLM-x32\...\RunOnce: [4FA12186-8D89-4137-B5DF-B472F6A69F8B] => [X]
HKLM-x32\...\RunOnce: [iolo WebUpdate Reboot] => [X]
HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\Run: [PlayNC Launcher] => [X]
HKU\S-1-5-21-533468569-4081723625-3906534183-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-533468569-4081723625-3906534183-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-533468569-4081723625-3906534183-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-533468569-4081723625-3906534183-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-533468569-4081723625-3906534183-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-26] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-26] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Azzy\AppData\Roaming\Mozilla\Firefox\Profiles\j04axjv4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll [2014-01-28] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-26] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-10] (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-10-11] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-21] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-533468569-4081723625-3906534183-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-10] (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\duckduckgo.xml [2014-06-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nchfastsearch.xml [2014-06-05]
FF Extension: AdBlock for Facebook - C:\Users\Azzy\AppData\Roaming\Mozilla\Firefox\Profiles\j04axjv4.default\Extensions\jid1-dwtGBwQjx3SUQc@jetpack.xpi [2015-03-01]
FF Extension: The Fox, Only Better - C:\Users\Azzy\AppData\Roaming\Mozilla\Firefox\Profiles\j04axjv4.default\Extensions\thefoxonlybetter@quicksaver.xpi [2015-03-01]
FF HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\Firefox\Extensions: [{71C1C668-A2D0-C0B0-7E97-861AA82184A0}] - C:\Program Files (x86)\ver4SpeeditUp\189.xpi


Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-26]
CHR Extension: (Color Dripping) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\afdjgcfonmljobnnhbhiacipngbhblgi [2015-02-26]
CHR Extension: (Google Docs) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-26]
CHR Extension: (Google Drive) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-26]
CHR Extension: (YouTube) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-26]
CHR Extension: (Google Search) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-26]
CHR Extension: (Pandora) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-02-26]
CHR Extension: (Google Sheets) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-26]
CHR Extension: (Google Wallet) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-10-11] (Perfect World Entertainment Inc)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4702920 2015-02-12] (iolo technologies, LLC)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-08] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
U2 ProtexisLicensing; C:\windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S2 sppsvc; C:\Windows\SysWOW64\sppsvc.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)
S4 cae99edb; "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation)
S3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [58368 2011-05-17] (GenesysLogic) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
S3 Secdrv; C:\windows\SysWOW64\drivers\SECDRV.SYS [14304 1999-05-14] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-25] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 04:31 - 2015-03-25 04:32 - 00020589 _____ () C:\Users\Azzy\Desktop\FRST.txt
2015-03-25 04:31 - 2015-03-25 04:31 - 00000000 ____D () C:\FRST
2015-03-25 04:27 - 2015-03-25 04:27 - 02095616 _____ (Farbar) C:\Users\Azzy\Desktop\FRST64.exe
2015-03-25 03:53 - 2015-03-25 03:53 - 00000000 ____D () C:\Users\Azzy\AppData\Local\CrashDumps
2015-03-25 03:41 - 2015-03-25 03:55 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-25 03:41 - 2015-03-25 03:41 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-03-25 03:40 - 2015-03-25 03:40 - 16727128 _____ () C:\Users\Azzy\Desktop\RogueKiller.exe
2015-03-21 14:25 - 2015-03-21 14:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-19 11:48 - 2015-03-19 11:48 - 01185040 _____ () C:\windows\is-JN216.exe
2015-03-19 11:48 - 2015-03-19 11:48 - 00022693 _____ () C:\windows\is-JN216.msg
2015-03-19 11:48 - 2015-03-19 11:48 - 00000491 _____ () C:\windows\is-JN216.lst
2015-03-16 03:13 - 2015-03-16 03:28 - 00000000 ____D () C:\Users\Azzy\Desktop\wow shots crop
2015-03-16 02:46 - 2015-03-16 03:11 - 00000000 ____D () C:\Users\Azzy\Desktop\wow shots march 2015
2015-03-10 22:56 - 2015-03-11 01:21 - 00000000 ____D () C:\Users\Azzy\Desktop\jpg and png site files
2015-03-10 15:34 - 2015-02-19 21:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-10 15:34 - 2015-02-19 21:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-10 15:34 - 2015-02-19 21:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-10 15:34 - 2015-02-19 21:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-10 15:34 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-10 15:34 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-10 15:34 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-10 15:34 - 2015-02-19 21:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-10 15:34 - 2015-02-19 20:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-10 15:34 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-10 15:34 - 2015-02-02 20:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-10 15:34 - 2015-02-02 20:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-10 15:34 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-10 15:34 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-10 15:34 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-10 15:33 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-10 15:33 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-10 15:33 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-10 15:33 - 2015-02-02 20:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-10 15:33 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-10 15:33 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-10 15:33 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-10 15:33 - 2015-02-02 20:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-10 15:33 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-10 15:33 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-10 15:33 - 2015-02-02 20:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-10 15:33 - 2015-02-02 20:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-10 15:33 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-10 15:33 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-10 15:33 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-10 15:33 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-10 15:33 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-10 15:33 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-10 15:33 - 2015-02-02 20:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-10 15:33 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-10 15:33 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-10 15:32 - 2015-03-05 22:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-10 15:32 - 2015-03-05 22:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-10 15:32 - 2015-03-05 22:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-10 15:32 - 2015-03-05 22:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-10 15:32 - 2015-03-05 22:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-10 15:32 - 2015-03-05 22:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-10 15:32 - 2015-03-05 22:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-10 15:32 - 2015-03-05 22:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-10 15:32 - 2015-03-05 22:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-10 15:32 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-10 15:32 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-10 15:32 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-10 15:32 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-10 15:32 - 2015-02-25 20:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-10 15:32 - 2015-02-23 20:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-10 15:32 - 2015-02-23 19:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-10 15:32 - 2015-02-20 17:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-10 15:32 - 2015-02-20 17:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-10 15:32 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-10 15:32 - 2015-02-20 17:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-10 15:32 - 2015-02-20 16:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-10 15:32 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-10 15:32 - 2015-02-19 20:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-10 15:32 - 2015-02-19 20:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-10 15:32 - 2015-02-19 19:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-10 15:32 - 2015-02-19 19:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-10 15:32 - 2015-02-19 19:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-10 15:32 - 2015-02-19 19:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-10 15:32 - 2015-02-19 19:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-10 15:32 - 2015-02-19 19:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-10 15:32 - 2015-02-19 19:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-10 15:32 - 2015-02-19 19:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-10 15:32 - 2015-02-19 19:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-10 15:32 - 2015-02-19 19:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-10 15:32 - 2015-02-19 19:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-10 15:32 - 2015-02-19 19:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 15:32 - 2015-02-19 19:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-10 15:32 - 2015-02-19 19:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-10 15:32 - 2015-02-19 19:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-10 15:32 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-10 15:32 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-10 15:32 - 2015-02-19 19:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-10 15:32 - 2015-02-19 19:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-10 15:32 - 2015-02-19 19:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-10 15:32 - 2015-02-19 18:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-10 15:32 - 2015-02-19 18:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-10 15:32 - 2015-02-19 18:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-10 15:32 - 2015-02-19 18:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-10 15:32 - 2015-02-19 18:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-10 15:32 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-10 15:32 - 2015-02-19 18:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-10 15:32 - 2015-02-19 18:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 15:32 - 2015-02-19 18:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-10 15:32 - 2015-02-19 18:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-10 15:32 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-10 15:32 - 2015-02-19 18:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-10 15:32 - 2015-02-19 18:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-10 15:32 - 2015-02-19 18:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-10 15:32 - 2015-02-19 18:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-10 15:32 - 2015-02-19 18:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-10 15:32 - 2015-02-19 17:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-10 15:32 - 2015-02-19 17:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-10 15:32 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-10 15:32 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-10 15:32 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-10 15:32 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-10 15:32 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-10 15:32 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-10 15:32 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-10 15:32 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-10 15:32 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-10 15:31 - 2015-02-20 18:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-10 15:31 - 2015-02-19 19:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-10 15:31 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-10 15:31 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-10 15:31 - 2015-02-19 19:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-10 15:31 - 2015-02-19 19:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-10 15:31 - 2015-02-19 18:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-10 15:31 - 2015-02-19 18:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-10 15:31 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-10 15:31 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-03 23:41 - 2015-03-03 23:42 - 00027302 _____ () C:\Users\Azzy\Downloads\www.facebook.com.htm
2015-03-02 23:54 - 2015-03-03 02:58 - 00000000 ____D () C:\Users\Azzy\Desktop\burn this
2015-03-02 23:43 - 2015-03-11 00:34 - 00004966 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Azzy-PC-Azzy Azzy-PC
2015-03-02 23:28 - 2015-03-02 23:29 - 06431728 _____ (Microsoft Corporation) C:\Users\Azzy\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe
2015-03-02 23:04 - 2015-03-02 23:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-02 23:02 - 2015-03-19 03:11 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-02 23:02 - 2015-03-02 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-01 18:38 - 2015-03-21 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-01 18:38 - 2015-03-01 18:38 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-01 17:26 - 2015-03-01 17:26 - 00001256 _____ () C:\Users\Azzy\Desktop\url.htm
2015-02-27 01:28 - 2015-02-27 01:28 - 00002002 _____ () C:\Users\Azzy\Desktop\Yahoo SiteBuilder.lnk
2015-02-27 01:28 - 2015-02-27 01:28 - 00000000 ____D () C:\Users\Azzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo
2015-02-27 01:27 - 2015-02-27 01:28 - 00000000 ____D () C:\Program Files (x86)\Yahoo SiteBuilder
2015-02-26 18:17 - 2015-02-26 18:17 - 00000000 ____D () C:\Users\Azzy\AppData\Local\Apple Computer
2015-02-26 10:46 - 2015-02-26 10:46 - 00000247 _____ () C:\windows\system32\2015-02-26-17-46-13.090-aswFe.exe-5200.log
2015-02-26 10:46 - 2015-02-26 10:46 - 00000197 _____ () C:\windows\system32\2015-02-26-17-46-09.047-AvastVBoxSVC.exe-5864.log
2015-02-26 10:39 - 2015-02-26 10:39 - 00000247 _____ () C:\windows\system32\2015-02-26-17-39-51.004-aswFe.exe-6048.log
2015-02-26 10:37 - 2015-02-26 10:37 - 00000247 _____ () C:\windows\system32\2015-02-26-17-37-17.089-aswFe.exe-5800.log
2015-02-26 10:37 - 2015-02-26 10:37 - 00000197 _____ () C:\windows\system32\2015-02-26-17-37-13.006-AvastVBoxSVC.exe-2300.log
2015-02-26 10:32 - 2015-02-26 10:32 - 00000000 ____D () C:\windows\SysWOW64\vbox
2015-02-26 10:32 - 2015-02-26 10:32 - 00000000 ____D () C:\windows\system32\vbox
2015-02-26 10:29 - 2015-02-26 10:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-26 03:51 - 2015-02-26 03:51 - 00000505 _____ () C:\Users\Azzy\Desktop\what are these.txt
2015-02-26 01:25 - 2015-02-26 01:26 - 02406064 _____ (Trend Micro Inc.) C:\Users\Azzy\Downloads\HousecallLauncher64.exe
2015-02-25 22:17 - 2015-02-25 22:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-25 22:16 - 2015-02-25 22:17 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Azzy\Downloads\revosetup.exe
2015-02-25 20:47 - 2015-03-11 17:42 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 20:47 - 2015-02-25 20:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 20:47 - 2015-02-25 20:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 20:47 - 2014-11-21 07:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-25 20:47 - 2014-11-21 07:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-25 20:47 - 2014-11-21 07:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-25 20:46 - 2015-02-25 20:46 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Azzy\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-25 16:49 - 2015-01-08 20:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-25 16:49 - 2015-01-08 20:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-25 16:49 - 2015-01-08 20:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-25 16:49 - 2015-01-08 19:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-25 04:00 - 2015-01-08 16:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 04:00 - 2015-01-08 16:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-25 00:56 - 2015-02-25 01:29 - 00003028 _____ () C:\windows\System32\Tasks\easyVPN
2015-02-25 00:55 - 2015-02-25 00:55 - 00027136 _____ (The OpenVPN Project) C:\windows\system32\Drivers\tap0901.sys
2015-02-25 00:55 - 2015-02-24 18:05 - 00318784 _____ (Gambali OEM Software) C:\windows\SysWOW64\Gambali.dll
2015-02-25 00:54 - 2015-02-25 00:54 - 00000045 _____ () C:\user.js
2015-02-24 17:46 - 2015-02-24 17:46 - 00110300 _____ () C:\Users\Azzy\Downloads\Attachments_2015224.zip
2015-02-23 05:55 - 2015-02-23 05:58 - 00000000 ____D () C:\Users\Azzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2015-02-23 05:55 - 2015-02-23 05:55 - 00000000 ____D () C:\Users\Azzy\AppData\Local\Apps\2.0

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 04:25 - 2012-04-25 07:48 - 01243803 _____ () C:\windows\WindowsUpdate.log
2015-03-25 03:07 - 2013-10-28 17:27 - 00000000 ____D () C:\Users\Azzy\AppData\Local\Battle.net
2015-03-25 00:41 - 2013-10-28 12:42 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-03-25 00:27 - 2014-08-25 15:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-03-25 00:26 - 2015-02-03 12:54 - 00000000 ____D () C:\Users\Azzy\Desktop\stuff
2015-03-24 08:23 - 2009-07-13 22:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-03-20 02:00 - 2014-08-28 02:00 - 00000000 ____D () C:\Users\Azzy\AppData\Local\Adobe
2015-03-19 16:36 - 2013-10-28 04:12 - 00778928 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-19 16:36 - 2013-10-28 04:12 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-19 11:49 - 2014-06-18 07:46 - 00000000 ____D () C:\ProgramData\iolo
2015-03-19 11:48 - 2014-06-18 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2015-03-19 11:47 - 2014-06-18 07:50 - 00003118 _____ () C:\windows\System32\Tasks\iolo Process Governor
2015-03-19 11:47 - 2014-06-18 07:50 - 00000000 ____D () C:\ProgramData\ioloGovernor
2015-03-19 11:47 - 2009-07-13 20:20 - 00000000 __RSD () C:\windows\Media
2015-03-19 05:53 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-19 05:53 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-19 05:53 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2015-03-19 05:50 - 2009-07-13 22:13 - 00796974 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-19 05:46 - 2015-01-14 04:03 - 00003926 _____ () C:\windows\setupact.log
2015-03-19 05:46 - 2014-08-14 03:34 - 00687958 _____ () C:\windows\PFRO.log
2015-03-19 05:46 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-19 02:22 - 2012-10-06 21:24 - 00000000 ____D () C:\Users\Azzy
2015-03-16 23:53 - 2014-06-18 07:50 - 00057584 _____ (iolo technologies, LLC) C:\windows\system32\iolobtdfg.exe
2015-03-16 23:53 - 2014-06-18 07:50 - 00026184 _____ (iolo technologies, LLC) C:\windows\system32\smrgdf.exe
2015-03-16 23:38 - 2014-06-18 07:50 - 02155152 _____ (iolo technologies, LLC) C:\windows\system32\Incinerator64.dll
2015-03-16 23:38 - 2014-06-18 07:50 - 02096960 _____ (iolo technologies, LLC) C:\windows\SysWOW64\Incinerator32.dll
2015-03-16 03:11 - 2013-01-26 23:55 - 00000000 ____D () C:\Users\Azzy\Desktop\az
2015-03-11 00:35 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2015-03-10 22:49 - 2009-07-13 21:45 - 00633168 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-10 22:45 - 2014-06-06 22:20 - 00000000 ___RD () C:\Users\Azzy\OneDrive
2015-03-10 22:45 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-10 22:45 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-10 22:39 - 2013-08-14 00:46 - 00000000 ____D () C:\windows\system32\MRT
2015-03-10 22:30 - 2012-10-14 18:04 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-05 23:40 - 2014-06-06 21:28 - 00002152 _____ () C:\Users\Azzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-03 23:38 - 2012-10-06 21:24 - 00000000 ____D () C:\Users\Azzy\AppData\Local\VirtualStore
2015-03-03 06:17 - 2010-11-20 20:27 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-03-03 03:53 - 2014-04-05 08:53 - 00000000 ____D () C:\Users\Azzy\Desktop\party crashers new site designs
2015-03-03 00:02 - 2013-12-16 12:19 - 00000000 ____D () C:\Users\Azzy\Desktop\put to disk
2015-03-02 23:04 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-01 18:39 - 2012-11-22 18:54 - 00000000 ____D () C:\Users\Azzy\AppData\Roaming\Mozilla
2015-03-01 18:39 - 2012-11-22 18:54 - 00000000 ____D () C:\Users\Azzy\AppData\Local\Mozilla
2015-02-28 02:14 - 2014-03-12 12:08 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-02-26 18:15 - 2012-11-15 11:48 - 00000900 ___SH () C:\windows\SysWOW64\KGyGaAvL.sys
2015-02-26 18:15 - 2012-11-15 11:48 - 00000000 ____D () C:\Users\Azzy\AppData\Local\Corel
2015-02-26 18:11 - 2013-06-10 23:22 - 00000000 ____D () C:\Users\Azzy\AppData\Local\PMB Files
2015-02-26 18:04 - 2012-10-09 12:44 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-26 10:43 - 2014-03-24 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-02-26 10:43 - 2014-03-24 00:59 - 00000000 ____D () C:\Program Files\DivX
2015-02-26 10:43 - 2014-03-24 00:57 - 00000000 ____D () C:\ProgramData\DivX
2015-02-26 10:43 - 2014-03-24 00:57 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-02-26 10:40 - 2012-10-09 12:45 - 00000000 ____D () C:\Users\Azzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-26 10:40 - 2012-10-09 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-26 07:27 - 2014-06-18 07:46 - 00000000 ____D () C:\Users\Azzy\AppData\Roaming\iolo
2015-02-26 06:56 - 2013-10-18 17:47 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-26 06:55 - 2014-01-25 11:53 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-02-26 06:55 - 2014-01-25 11:53 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-02-26 06:55 - 2014-01-25 11:53 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-02-26 06:55 - 2014-01-25 11:53 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-26 06:54 - 2012-10-07 20:51 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-26 06:34 - 2014-07-29 22:38 - 00000000 ____D () C:\Users\Azzy\AppData\Roaming\stickies
2015-02-26 06:24 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\tracing
2015-02-26 06:16 - 2014-07-29 22:59 - 00000000 ____D () C:\windows\pss
2015-02-26 05:54 - 2012-04-25 09:02 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-26 01:53 - 2013-07-21 15:32 - 01618472 _____ () C:\Users\Azzy\AppData\Local\census.cache
2015-02-26 01:53 - 2013-07-21 15:32 - 00125690 _____ () C:\Users\Azzy\AppData\Local\ars.cache
2015-02-26 01:35 - 2014-04-01 05:26 - 00000000 ____D () C:\Users\Azzy\Desktop\all games
2015-02-26 01:35 - 2013-03-04 15:02 - 00000000 ____D () C:\Users\Azzy\Desktop\Games
2015-02-25 21:41 - 2014-03-29 21:48 - 00001236 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2015-02-25 21:03 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\security
2015-02-25 01:29 - 2014-07-06 20:55 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-02-25 00:57 - 2009-07-13 19:34 - 00000505 _____ () C:\windows\win.ini

==================== Files in the root of some directories =======

2013-07-21 15:32 - 2015-02-26 01:53 - 0125690 _____ () C:\Users\Azzy\AppData\Local\ars.cache
2013-07-21 15:32 - 2015-02-26 01:53 - 1618472 _____ () C:\Users\Azzy\AppData\Local\census.cache
2014-04-12 13:47 - 2014-04-12 13:47 - 0000092 _____ () C:\Users\Azzy\AppData\Local\fusioncache.dat
2013-07-21 15:23 - 2013-07-21 15:23 - 0000036 _____ () C:\Users\Azzy\AppData\Local\housecall.guid.cache
2014-03-29 23:32 - 2014-03-29 23:32 - 0000218 _____ () C:\Users\Azzy\AppData\Local\recently-used.xbel
2014-02-28 10:30 - 2014-02-28 10:30 - 0000010 _____ () C:\Users\Azzy\AppData\Local\sponge.last.runtime.cache
2013-11-22 06:02 - 2013-11-22 06:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-04-25 08:56 - 2012-04-25 08:56 - 1914000 _____ (Adobe Systems Incorporated) C:\ProgramData\flashax10.exe

Files to move or delete:
====================
C:\ProgramData\flashax10.exe


Some content of TEMP:
====================
C:\Users\Azzy\AppData\Local\Temp\dllnt_dump.dll


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\atieclxx.exe
C:\Windows\SysWOW64\atiesrxx.exe
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\sppsvc.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\SysWOW64\WUDFHost.exe
C:\Windows\System32\aticfx32.dll
C:\Windows\System32\atiu9pag.dll
C:\Windows\System32\atiumdag.dll
C:\Windows\System32\atiumdva.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 02:44

==================== End Of Log ============================

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:42 PM

Posted 25 March 2015 - 09:29 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
  • Note: The log can also be found in here: C:\AdwCleaner\
Step 2: Malwarebytes

Iconic_normal.png Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

The log is available throughout History ->Application logs. Please post it contents in your next reply.

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Edited by Machiavelli, 25 March 2015 - 09:32 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:42 PM

Posted 28 March 2015 - 08:22 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:42 PM

Posted 29 March 2015 - 06:40 AM

User returned.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Azanath

Azanath
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 29 March 2015 - 03:55 PM

Greetings, Machiavelli. 

 

Thank you for re-opening this.  :-) Here are the logs after I followed your instructions that you had sent.  I am so sorry about the confusion where I thought it wouldn't post to the site.  I hope I am sending this to the right place.  Thank you again, and as I told the other gentleman, I will be sending you guys a donation.  I believe in paying for help because your time is worth a lot and it will be put to good use.  :-)   I will await your response to the logs.  I think whatever was in my system is gone now, I'm not seeing any staggering when I run my system, like I was before and my WoW game is working perfectly..no lagging there anymore.  Not sure about those ads that came up on my site though, because I only seen them with Chrome and I'm pretty iffy now about reinstalling Chrome.  Sincerely,  Azanath. 

 

# AdwCleaner v4.113 - Logfile created 29/03/2015 at 02:05:23
# Updated 22/03/2015 by Xplode
# Database : 2015-03-28.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Azzy - AZZY-PC
# Running from : C:\Users\Azzy\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\windows\SysWOW64\Gambali.dll
File Deleted : C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : gtaUpt

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{71C1C668-A2D0-C0B0-7E97-861AA82184A0}]
Key Deleted : HKLM\SOFTWARE\b5927f6b-b3c9-6969-81b7-39f492a57afa
Key Deleted : HKCU\Software\SmileFiles
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.4 (x86 en-US)


-\\ Google Chrome v

[C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Comodo Dragon v

[C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chrome Canary v

[C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R8].txt - [1808 bytes] - [29/03/2015 01:58:12]
AdwCleaner[S8].txt - [2587 bytes] - [29/03/2015 02:05:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2646  bytes] ##########

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/29/2015
Scan Time: 2:09:19 AM
Logfile: malbytes.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.29.03
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Azzy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 422018
Time Elapsed: 15 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 8
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115, Quarantined, [ba8d4efded9d6ccab8a2eb63798c837d],
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki, Quarantined, [ba8d4efded9d6ccab8a2eb63798c837d],
PUP.Optional.MultiPlug.A, C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115, Quarantined, [2027d378d8b293a3aeac82cce61f45bb],
PUP.Optional.MultiPlug.A, C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki, Quarantined, [2027d378d8b293a3aeac82cce61f45bb],
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115, Quarantined, [f4538ac139511224c793d27cb84d0af6],
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki, Quarantined, [f4538ac139511224c793d27cb84d0af6],
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115, Quarantined, [d077b8936b1f52e46bef91bdaf56df21],
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki, Quarantined, [d077b8936b1f52e46bef91bdaf56df21],

Files: 20
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\lsdb.js, Quarantined, [ba8d4efded9d6ccab8a2eb63798c837d],
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\background.html, Quarantined, [ba8d4efded9d6ccab8a2eb63798c837d],
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\content.js, Quarantined, [ba8d4efded9d6ccab8a2eb63798c837d],
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\F0U2b.js, Quarantined, [ba8d4efded9d6ccab8a2eb63798c837d],
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\manifest.json, Quarantined, [ba8d4efded9d6ccab8a2eb63798c837d],
PUP.Optional.MultiPlug.A, C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\lsdb.js, Quarantined, [2027d378d8b293a3aeac82cce61f45bb],
PUP.Optional.MultiPlug.A, C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\background.html, Quarantined, [2027d378d8b293a3aeac82cce61f45bb],
PUP.Optional.MultiPlug.A, C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\content.js, Quarantined, [2027d378d8b293a3aeac82cce61f45bb],
PUP.Optional.MultiPlug.A, C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\F0U2b.js, Quarantined, [2027d378d8b293a3aeac82cce61f45bb],
PUP.Optional.MultiPlug.A, C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\manifest.json, Quarantined, [2027d378d8b293a3aeac82cce61f45bb],
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\lsdb.js, Quarantined, [f4538ac139511224c793d27cb84d0af6],
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\background.html, Quarantined, [f4538ac139511224c793d27cb84d0af6],
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\content.js, Quarantined, [f4538ac139511224c793d27cb84d0af6],
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\F0U2b.js, Quarantined, [f4538ac139511224c793d27cb84d0af6],
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\manifest.json, Quarantined, [f4538ac139511224c793d27cb84d0af6],
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\lsdb.js, Quarantined, [d077b8936b1f52e46bef91bdaf56df21],
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\background.html, Quarantined, [d077b8936b1f52e46bef91bdaf56df21],
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\content.js, Quarantined, [d077b8936b1f52e46bef91bdaf56df21],
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\F0U2b.js, Quarantined, [d077b8936b1f52e46bef91bdaf56df21],
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\115\manifest.json, Quarantined, [d077b8936b1f52e46bef91bdaf56df21],

Physical Sectors: 0
(No malicious items detected)


(end)

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.7 (03.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Azzy on Sun 03/29/2015 at  2:28:42.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\AlawarWrapper
Successfully deleted: [Empty Folder] C:\Users\Azzy\appdata\local\{2D4AD1A6-5664-4F66-A08F-FF73FC91DF83}
Successfully deleted: [Empty Folder] C:\Users\Azzy\appdata\local\{44C3B7D5-8C93-41EF-B16C-9B7E335E88F8}
Successfully deleted: [Empty Folder] C:\Users\Azzy\appdata\local\{B9E1E19B-6DA1-4301-BE62-7F4A3B0F93B0}
Successfully deleted: [Empty Folder] C:\Users\Azzy\appdata\local\{DC83FA99-728C-4D88-9930-B16A1F5698A5}



~~~ FireFox

Successfully deleted: [File] C:\user.js



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/29/2015 at  2:32:21.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Azzy at 2015-03-29 02:35:18
Running from C:\Users\Azzy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Aion (HKLM-x32\...\NCW-AION) (Version: 1.0.0.2 - NC Interactive, LLC)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ArtRage Studio (HKLM-x32\...\{71C0F2FA-8AA8-482C-96E4-A8124F2DC84D}) (Version: 3.5.4 - Ambient Design)
Autodesk SketchBook Express 6.2 (HKLM-x32\...\{34CBACD3-040E-43D6-86C1-9FBE44B180BF}) (Version: 6.2.0000 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bryce 7.0 Content (HKLM-x32\...\Bryce 7.0 Content 7.0.0.21) (Version: 7.0.0.21 - DAZ 3D)
Bryce 7.1 (HKLM-x32\...\Bryce 7.1 7.1.0.109) (Version: 7.1.0.109 - DAZ 3D)
Bryce Lightning 7.0 (HKLM-x32\...\Bryce Lightning 7.0 7.1.0.109) (Version: 7.1.0.109 - DAZ 3D)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
ClickCharts Diagram Flowchart Software (HKLM-x32\...\ClickCharts) (Version: 1.09 - NCH Software)
Color Efex Pro 3.0 Wacom Edition 6 (HKLM-x32\...\Color Efex Pro 3.0 Wacom Edition 6 Stand-Alone) (Version: 3.1.1.1 - Nik Software, Inc.)
Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.100.0000 - Corel Corporation)
Corel Painter Essentials 3 (x32 Version: 3.2 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deadly Boss Mods Updater (HKLM-x32\...\DeadlyBossModsUpdater) (Version: 1.07.00 - Master Games International, Inc)
Deadly Boss Mods Updater (x32 Version: 1.07.00 - Master Games International, Inc) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dynomite Deluxe (HKLM-x32\...\Dynomite Deluxe) (Version:  - PopCap Games)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Epson Event Manager (HKLM-x32\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION)
EPSON NX130 Series Printer Uninstall (HKLM\...\EPSON NX130 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.68 - NCH Software)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hexagon 2 (HKLM-x32\...\Hexagon 2 2.5.1.79) (Version: 2.5.1.79 - DAZ 3D)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.5.1 - iolo technologies, LLC)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.3426 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.5317 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.5317 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.3.0309 - Lenovo)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\OneDriveSetup.exe) (Version: 17.3.4724.0224 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Myst Online: Uru Live (remove only) (HKLM-x32\...\MOUL) (Version:  - )
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NCsoft Launcher (HKLM-x32\...\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}) (Version: 1.5.19002 - NCsoft)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Orion File Recovery Software (HKLM-x32\...\Orion) (Version: 1.09 - NCH Software)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 13.0 - Corel)
PhotoImpact X3 (x32 Version: 13.0 - Corel) Hidden
Planetside (HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\soe-Planetside) (Version: 1.0.3.183 - Sony Online Entertainment)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Real-Draw PRO 5.2.4 (HKLM-x32\...\Real-Draw PRO_is1) (Version:  - Mediachance)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RIFT (HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\RIFT) (Version:  - Trion Worlds, Inc.)
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Serif PagePlus Starter Edition 4 (HKLM-x32\...\{975944CC-90F8-43C8-9F7E-C722FC212E6B}) (Version: 4.0.0.4 - Serif (Europe) Ltd)
Serif PagePlus: Poster Template Pack 1 (HKLM-x32\...\{561989D6-1BEE-452D-83FE-6E8AB80F341A}) (Version: 1.0.1.042 - Serif (Europe) Ltd)
Serif PanoramaPlus Starter Edition (HKLM-x32\...\{64AEB598-E518-4AD0-B02B-99F365B8054C}) (Version: 2.0.0.001 - Serif (Europe) Ltd)
Serif PhotoPlus Starter Edition 3 (HKLM-x32\...\{5DF61899-B4D4-4CD5-9F3D-78ADBBF7DC2A}) (Version: 3.0.0.008 - Serif (Europe) Ltd)
Serif WebPlus X7 (HKLM\...\{DDC54AEA-0ED0-4F2F-9C3C-7C382D80B5FB}) (Version: 15.0.3.35 - Serif (Europe) Ltd)
Serif WebPlus: Interest Template - Photography 1 (HKLM-x32\...\{E23FEC6A-C2D9-4D91-ADF4-FD513B4421A3}) (Version: 1.0.1.007 - Serif (Europe) Ltd)
Serif WebPlus: Interest Template - Photography 2 (HKLM-x32\...\{465C892E-BEE0-422F-A992-EA627D1943A3}) (Version: 1.2.0.027 - Serif (Europe) Ltd)
Stickies 8.0a (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TurboTop 2.7 (HKLM-x32\...\TurboTop_is1) (Version: 2.7.0.1 - Savard Software)
TwistedBrush Open Studio (HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\TwistedBrush Open Studio) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Driver Package - Advanced Micro Devices, Inc System  (04/15/2010 5.12.0.13) (HKLM\...\219D5BE6B14468E687B5EFF7979E68AA355A5299) (Version: 04/15/2010 5.12.0.13 - Advanced Micro Devices, Inc)
Windows Driver Package - AMD USB  (03/30/2010 1.0.0.5) (HKLM\...\D38587A239DFF85877AA1BCAA58B37B5CF7A6AF5) (Version: 03/30/2010 1.0.0.5 - AMD)
Windows Driver Package - C-Media Inc. (USBPNPA) MEDIA  (08/12/2010 7.12.8.2150) (HKLM\...\9C6B01824B9DA73213D89D4410EB251F8487AB55) (Version: 08/12/2010 7.12.8.2150 - C-Media Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xara 3D Maker 7 (HKLM-x32\...\MAGIX_{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}) (Version: 7.0.0.442 - Xara Group Ltd)
Xara 3D Maker 7 (Version: 7.0.0.442 - Xara Group Ltd) Hidden
Yahoo SiteBuilder (HKLM-x32\...\Yahoo SiteBuilder) (Version: 2.8.8 - Yahoo Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

02-03-2015 16:40:43 Windows Update
06-03-2015 11:51:09 Windows Update
10-03-2015 15:31:32 Windows Update
10-03-2015 22:27:50 Windows Update
14-03-2015 20:04:05 Windows Update
18-03-2015 20:03:52 Windows Update
22-03-2015 11:09:04 Windows Update
27-03-2015 00:14:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00654D73-BD35-4E97-9DDF-AFDF75031672} - System32\Tasks\{BC0DE690-0FC6-431A-931E-829399D76132} => C:\Program Files (x86)\Microsoft Games\Pandora's Box\Pandora.exe [2000-02-02] (Microsoft Corporation)
Task: {0C11A7E1-1956-4893-9A87-964EC40FD4A6} - System32\Tasks\{3C04243E-0170-413E-A096-C7FAE7F1460E} => pcalua.exe -a C:\Users\Azzy\Downloads\wmp11-windowsxp-x64-enu.exe -d C:\Users\Azzy\Downloads
Task: {13789611-52B3-4C9F-9776-1773003C5DA4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {1FE27AA3-2539-4C0B-9F3E-A0396FD9EB5E} - System32\Tasks\{60BA29C9-8D2D-4ED9-A7F2-0ECC7A5B2B33} => C:\Users\Azzy\Desktop\Microsoft Pandora's Box.exe
Task: {2273BF74-FB16-45F3-8333-09D7A8603F62} - System32\Tasks\{937D29EE-C4AD-42BE-A23D-4380374FB7A6} => pcalua.exe -a C:\Users\Azzy\Desktop\HLX5-PhotoPlus-SE-Installer-EN.exe -d C:\Users\Azzy\Desktop
Task: {251EC935-546F-4C76-B9C0-2D2EC0A1ED59} - System32\Tasks\{595EFAEF-B628-4508-A8D8-D219514283C8} => pcalua.exe -a "C:\Program Files\PopCap Games\TipTop Deluxe\PopUninstall.exe" -c C:\Program Files\PopCap Games\TipTop Deluxe\Install.log
Task: {3BA30474-E426-402F-A9C1-491A2433E7B3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {438F0657-8496-41EC-A9F2-6262790568E8} - System32\Tasks\AdobeAAMUpdater-1.0-Azzy-PC-Azzy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {51B79F01-4F6F-4593-9A61-217102799E09} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {53E4CF10-B0B9-4A80-A792-318FC103501B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {557892B1-DCB6-462F-B65E-D45E993BF1ED} - System32\Tasks\{7743441E-0876-4614-B2DB-AF7C897DB6AE} => pcalua.exe -a C:\Users\Azzy\Desktop\ESD_SerifContent_Images-PhotoFrames.exe -d C:\Users\Azzy\Desktop
Task: {57DC003A-DEE9-476D-9C6E-B7A0CAF22C19} - System32\Tasks\{32A084C7-5E03-4587-AC73-B3EBC157D2DB} => pcalua.exe -a "C:\Users\Azzy\AppData\Local\Sony Online Entertainment\ApplicationUpdater\Uninstaller.exe"
Task: {5ECDD357-3ADE-42F4-9BE9-93FB72D144C3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {63D50E88-C4ED-4D5D-B21F-345DCAFD4D12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25] (Google Inc.)
Task: {67F174B2-930B-49E4-983D-96DF0455BEB8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {68ACCED0-D27D-43F8-999D-71B5B9AF8A65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6BFBEE60-DD1F-4003-AF49-F60F5ED61C96} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7AC7BE24-4DE8-47E1-8105-3BBDBFE16726} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2015-03-23] (iolo technologies, LLC)
Task: {82F94BC6-8263-48A3-AADD-507131B42429} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25] (Google Inc.)
Task: {AB28769B-45E6-4875-B390-460E70F7ADAA} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Azzy-PC-Azzy Azzy-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {B6F38F29-F0A9-4E42-8D45-E28FBFCADF18} - System32\Tasks\{35AFE5B7-2516-4BCE-BA5A-2C7FECD52F19} => C:\Program Files (x86)\Microsoft Games\Pandora's Box\Pandora.exe [2000-02-02] (Microsoft Corporation)
Task: {C71012EC-F82F-49F9-9944-24B9DA4B8167} - System32\Tasks\{53642B4E-47EE-4DD0-BBBA-324630C42F92} => C:\Users\Azzy\Desktop\pandoras box\Pandora's Box\Pandora.exe
Task: {C748EB5B-695D-40F8-A475-FF5CC14C7142} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {CB4A0008-6F58-4B8F-A493-AFF8A9760951} - System32\Tasks\easyVPN => C:\Program Files (x86)\EasyVpn\app\easyvpn.exe
Task: {E9416CD9-0D4E-4BFE-A098-C7BD4ABCE13A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-20 22:23 - 2014-11-20 22:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-03-02 23:02 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2006-11-02 21:40 - 2006-11-02 21:40 - 00174656 _____ () C:\windows\SysWOW64\PSIService.exe
2014-05-14 17:54 - 2014-04-21 15:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-11-20 22:23 - 2014-11-20 22:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-09-26 15:41 - 2014-09-26 15:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-03-19 03:10 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:EC77041F
AlternateDataStreams: C:\Users\Azzy\Desktop\everythingblizzard.wpp:SummaryInformation
AlternateDataStreams: C:\Users\Azzy\Desktop\everythingblizzard.wpp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Azzy\Desktop\Site2guildrules.wpp:SummaryInformation
AlternateDataStreams: C:\Users\Azzy\Desktop\Site2guildrules.wpp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-533468569-4081723625-3906534183-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Azzy\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 10.0.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel MediaOne\CorelIOMonitor.exe
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

==================== Accounts: =============================

Administrator (S-1-5-21-533468569-4081723625-3906534183-500 - Administrator - Disabled)
ASPNET (S-1-5-21-533468569-4081723625-3906534183-1010 - Limited - Enabled)
Azzy (S-1-5-21-533468569-4081723625-3906534183-1002 - Administrator - Enabled) => C:\Users\Azzy
Guest (S-1-5-21-533468569-4081723625-3906534183-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-533468569-4081723625-3906534183-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD A6-3620 APU with Radeon™ HD Graphics
Percentage of memory in use: 25%
Total physical RAM: 5626.01 MB
Available physical RAM: 4169.22 MB
Total Pagefile: 11250.2 MB
Available Pagefile: 9600.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.34 GB) (Free:329.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A2B82327)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

==================== End Of Log ============================

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Azzy (administrator) on AZZY-PC on 29-03-2015 02:34:30
Running from C:\Users\Azzy\Desktop
Loaded Profiles: Azzy (Available profiles: Azzy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
() C:\Windows\SysWOW64\PSIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJA.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4547872 2015-03-23] (iolo technologies, LLC)
HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\Run: [PlayNC Launcher] => [X]
HKU\S-1-5-21-533468569-4081723625-3906534183-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-533468569-4081723625-3906534183-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-533468569-4081723625-3906534183-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-26] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-26] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Azzy\AppData\Roaming\Mozilla\Firefox\Profiles\j04axjv4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll [2014-01-28] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-26] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-10] (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2015-03-10] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-21] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-533468569-4081723625-3906534183-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-10] (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\duckduckgo.xml [2014-06-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nchfastsearch.xml [2014-06-05]
FF Extension: AdBlock for Facebook - C:\Users\Azzy\AppData\Roaming\Mozilla\Firefox\Profiles\j04axjv4.default\Extensions\jid1-dwtGBwQjx3SUQc@jetpack.xpi [2015-03-01]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-26]
CHR Extension: (Color Dripping) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\afdjgcfonmljobnnhbhiacipngbhblgi [2015-02-26]
CHR Extension: (Google Docs) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-26]
CHR Extension: (Google Drive) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-26]
CHR Extension: (YouTube) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-26]
CHR Extension: (Google Search) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-26]
CHR Extension: (Pandora) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-02-26]
CHR Extension: (Google Sheets) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-26]
CHR Extension: (Google Wallet) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2015-03-10] (Perfect World Entertainment Inc)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4703432 2015-03-23] (iolo technologies, LLC)
S2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-08] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 ProtexisLicensing; C:\windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S2 sppsvc; C:\Windows\SysWOW64\sppsvc.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)
S4 cae99edb; "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation)
S3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [58368 2011-05-17] (GenesysLogic) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
S3 Secdrv; C:\windows\SysWOW64\drivers\SECDRV.SYS [14304 1999-05-14] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-25] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 02:34 - 2015-03-29 02:34 - 00019717 _____ () C:\Users\Azzy\Desktop\FRST.txt
2015-03-29 02:32 - 2015-03-29 02:33 - 00001234 _____ () C:\Users\Azzy\Desktop\JRT.txt
2015-03-29 02:26 - 2015-03-29 02:26 - 00006577 _____ () C:\Users\Azzy\Desktop\malbytes.txt
2015-03-29 02:08 - 2015-03-29 02:08 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-29 02:07 - 2015-03-29 02:07 - 00002726 _____ () C:\Users\Azzy\Desktop\AdwCleaner[S8].txt
2015-03-29 01:58 - 2015-03-29 02:05 - 00000000 ____D () C:\AdwCleaner
2015-03-29 01:49 - 2015-03-29 01:49 - 01389240 _____ (Thisisu) C:\Users\Azzy\Desktop\JRT.exe
2015-03-29 01:47 - 2015-03-29 01:47 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Azzy\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-29 01:34 - 2015-03-29 01:34 - 02168320 _____ () C:\Users\Azzy\Desktop\AdwCleaner.exe
2015-03-25 06:47 - 2015-03-25 06:47 - 00001168 _____ () C:\Users\Azzy\Desktop\cubis2.exe - Shortcut.lnk
2015-03-25 04:31 - 2015-03-29 02:34 - 00000000 ____D () C:\FRST
2015-03-25 04:27 - 2015-03-25 04:27 - 02095616 _____ (Farbar) C:\Users\Azzy\Desktop\FRST64.exe
2015-03-25 03:53 - 2015-03-25 03:53 - 00000000 ____D () C:\Users\Azzy\AppData\Local\CrashDumps
2015-03-25 03:41 - 2015-03-25 03:55 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-25 03:41 - 2015-03-25 03:41 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-03-25 03:40 - 2015-03-25 03:40 - 16727128 _____ () C:\Users\Azzy\Desktop\RogueKiller.exe
2015-03-21 14:25 - 2015-03-21 14:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-19 11:48 - 2015-03-19 11:48 - 01185040 _____ () C:\windows\is-JN216.exe
2015-03-19 11:48 - 2015-03-19 11:48 - 00022693 _____ () C:\windows\is-JN216.msg
2015-03-19 11:48 - 2015-03-19 11:48 - 00000491 _____ () C:\windows\is-JN216.lst
2015-03-16 03:13 - 2015-03-16 03:28 - 00000000 ____D () C:\Users\Azzy\Desktop\wow shots crop
2015-03-16 02:46 - 2015-03-16 03:11 - 00000000 ____D () C:\Users\Azzy\Desktop\wow shots march 2015
2015-03-10 22:56 - 2015-03-11 01:21 - 00000000 ____D () C:\Users\Azzy\Desktop\jpg and png site files
2015-03-10 15:34 - 2015-02-19 21:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-10 15:34 - 2015-02-19 21:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-10 15:34 - 2015-02-19 21:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-10 15:34 - 2015-02-19 21:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-10 15:34 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-10 15:34 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-10 15:34 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-10 15:34 - 2015-02-19 21:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-10 15:34 - 2015-02-19 20:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-10 15:34 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-10 15:34 - 2015-02-02 20:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-10 15:34 - 2015-02-02 20:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-10 15:34 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-10 15:34 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-10 15:34 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-10 15:33 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-10 15:33 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-10 15:33 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-10 15:33 - 2015-02-02 20:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-10 15:33 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-10 15:33 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-10 15:33 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-10 15:33 - 2015-02-02 20:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-10 15:33 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-10 15:33 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-10 15:33 - 2015-02-02 20:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-10 15:33 - 2015-02-02 20:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-10 15:33 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-10 15:33 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-10 15:33 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-10 15:33 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-10 15:33 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-10 15:33 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-10 15:33 - 2015-02-02 20:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-10 15:33 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-10 15:33 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-10 15:32 - 2015-03-05 22:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-10 15:32 - 2015-03-05 22:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-10 15:32 - 2015-03-05 22:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-10 15:32 - 2015-03-05 22:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-10 15:32 - 2015-03-05 22:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-10 15:32 - 2015-03-05 22:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-10 15:32 - 2015-03-05 22:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-10 15:32 - 2015-03-05 22:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-10 15:32 - 2015-03-05 22:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-10 15:32 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-10 15:32 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-10 15:32 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-10 15:32 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-10 15:32 - 2015-02-25 20:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-10 15:32 - 2015-02-23 20:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-10 15:32 - 2015-02-23 19:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-10 15:32 - 2015-02-20 17:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-10 15:32 - 2015-02-20 17:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-10 15:32 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-10 15:32 - 2015-02-20 17:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-10 15:32 - 2015-02-20 16:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-10 15:32 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-10 15:32 - 2015-02-19 20:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-10 15:32 - 2015-02-19 20:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-10 15:32 - 2015-02-19 19:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-10 15:32 - 2015-02-19 19:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-10 15:32 - 2015-02-19 19:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-10 15:32 - 2015-02-19 19:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-10 15:32 - 2015-02-19 19:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-10 15:32 - 2015-02-19 19:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-10 15:32 - 2015-02-19 19:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-10 15:32 - 2015-02-19 19:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-10 15:32 - 2015-02-19 19:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-10 15:32 - 2015-02-19 19:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-10 15:32 - 2015-02-19 19:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-10 15:32 - 2015-02-19 19:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 15:32 - 2015-02-19 19:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-10 15:32 - 2015-02-19 19:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-10 15:32 - 2015-02-19 19:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-10 15:32 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-10 15:32 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-10 15:32 - 2015-02-19 19:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-10 15:32 - 2015-02-19 19:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-10 15:32 - 2015-02-19 19:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-10 15:32 - 2015-02-19 18:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-10 15:32 - 2015-02-19 18:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-10 15:32 - 2015-02-19 18:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-10 15:32 - 2015-02-19 18:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-10 15:32 - 2015-02-19 18:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-10 15:32 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-10 15:32 - 2015-02-19 18:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-10 15:32 - 2015-02-19 18:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 15:32 - 2015-02-19 18:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-10 15:32 - 2015-02-19 18:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-10 15:32 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-10 15:32 - 2015-02-19 18:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-10 15:32 - 2015-02-19 18:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-10 15:32 - 2015-02-19 18:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-10 15:32 - 2015-02-19 18:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-10 15:32 - 2015-02-19 18:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-10 15:32 - 2015-02-19 17:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-10 15:32 - 2015-02-19 17:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-10 15:32 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-10 15:32 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-10 15:32 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-10 15:32 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-10 15:32 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-10 15:32 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-10 15:32 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-10 15:32 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-10 15:32 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-10 15:31 - 2015-02-20 18:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-10 15:31 - 2015-02-19 19:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-10 15:31 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-10 15:31 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-10 15:31 - 2015-02-19 19:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-10 15:31 - 2015-02-19 19:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-10 15:31 - 2015-02-19 18:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-10 15:31 - 2015-02-19 18:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-10 15:31 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-10 15:31 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-03 23:41 - 2015-03-03 23:42 - 00027302 _____ () C:\Users\Azzy\Downloads\www.facebook.com.htm
2015-03-02 23:54 - 2015-03-03 02:58 - 00000000 ____D () C:\Users\Azzy\Desktop\burn this
2015-03-02 23:43 - 2015-03-11 00:34 - 00004966 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Azzy-PC-Azzy Azzy-PC
2015-03-02 23:28 - 2015-03-02 23:29 - 06431728 _____ (Microsoft Corporation) C:\Users\Azzy\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe
2015-03-02 23:04 - 2015-03-02 23:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-02 23:02 - 2015-03-19 03:11 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-02 23:02 - 2015-03-02 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-01 18:38 - 2015-03-25 17:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-01 18:38 - 2015-03-01 18:38 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-01 17:26 - 2015-03-01 17:26 - 00001256 _____ () C:\Users\Azzy\Desktop\url.htm
2015-02-27 01:28 - 2015-02-27 01:28 - 00002002 _____ () C:\Users\Azzy\Desktop\Yahoo SiteBuilder.lnk
2015-02-27 01:28 - 2015-02-27 01:28 - 00000000 ____D () C:\Users\Azzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo
2015-02-27 01:27 - 2015-02-27 01:28 - 00000000 ____D () C:\Program Files (x86)\Yahoo SiteBuilder

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 02:14 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 02:14 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 02:11 - 2012-04-25 07:48 - 01694096 _____ () C:\windows\WindowsUpdate.log
2015-03-29 02:11 - 2009-07-13 22:13 - 00796974 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-29 02:09 - 2015-02-25 20:47 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-29 02:08 - 2015-02-25 20:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-29 02:06 - 2015-01-14 04:03 - 00004150 _____ () C:\windows\setupact.log
2015-03-29 02:06 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-29 02:00 - 2014-08-28 02:00 - 00000000 ____D () C:\Users\Azzy\AppData\Local\Adobe
2015-03-29 01:46 - 2013-01-26 23:55 - 00000000 ____D () C:\Users\Azzy\Desktop\az
2015-03-29 00:22 - 2014-08-14 03:34 - 00690934 _____ () C:\windows\PFRO.log
2015-03-29 00:22 - 2014-06-18 07:46 - 00000000 ____D () C:\ProgramData\iolo
2015-03-28 10:44 - 2009-07-13 22:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-03-27 23:47 - 2013-10-28 17:27 - 00000000 ____D () C:\Users\Azzy\AppData\Local\Battle.net
2015-03-27 16:22 - 2014-03-12 12:08 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-03-26 05:38 - 2014-06-18 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2015-03-26 05:37 - 2014-06-18 07:50 - 00003118 _____ () C:\windows\System32\Tasks\iolo Process Governor
2015-03-26 05:37 - 2014-06-18 07:50 - 00000000 ____D () C:\ProgramData\ioloGovernor
2015-03-26 05:37 - 2009-07-13 20:20 - 00000000 __RSD () C:\windows\Media
2015-03-25 06:38 - 2014-10-21 03:10 - 00000000 ____D () C:\Users\Azzy\AppData\Roaming\Arc
2015-03-25 00:41 - 2013-10-28 12:42 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-03-25 00:27 - 2014-08-25 15:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-03-25 00:26 - 2015-02-03 12:54 - 00000000 ____D () C:\Users\Azzy\Desktop\stuff
2015-03-23 23:52 - 2014-06-18 07:50 - 00057584 _____ (iolo technologies, LLC) C:\windows\system32\iolobtdfg.exe
2015-03-23 23:52 - 2014-06-18 07:50 - 00026184 _____ (iolo technologies, LLC) C:\windows\system32\smrgdf.exe
2015-03-23 23:37 - 2014-06-18 07:50 - 02155152 _____ (iolo technologies, LLC) C:\windows\system32\Incinerator64.dll
2015-03-23 23:37 - 2014-06-18 07:50 - 02096960 _____ (iolo technologies, LLC) C:\windows\SysWOW64\Incinerator32.dll
2015-03-19 16:36 - 2013-10-28 04:12 - 00778928 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-19 16:36 - 2013-10-28 04:12 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-19 05:53 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2015-03-19 02:22 - 2012-10-06 21:24 - 00000000 ____D () C:\Users\Azzy
2015-03-17 06:15 - 2015-02-25 20:47 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2015-02-25 20:47 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2015-02-25 20:47 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-11 00:35 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2015-03-10 22:49 - 2009-07-13 21:45 - 00633168 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-10 22:45 - 2014-06-06 22:20 - 00000000 ___RD () C:\Users\Azzy\OneDrive
2015-03-10 22:45 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-10 22:45 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-10 22:39 - 2013-08-14 00:46 - 00000000 ____D () C:\windows\system32\MRT
2015-03-10 22:30 - 2012-10-14 18:04 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-05 23:40 - 2014-06-06 21:28 - 00002152 _____ () C:\Users\Azzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-03 23:38 - 2012-10-06 21:24 - 00000000 ____D () C:\Users\Azzy\AppData\Local\VirtualStore
2015-03-03 06:17 - 2010-11-20 20:27 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-03-03 03:53 - 2014-04-05 08:53 - 00000000 ____D () C:\Users\Azzy\Desktop\party crashers new site designs
2015-03-03 00:02 - 2013-12-16 12:19 - 00000000 ____D () C:\Users\Azzy\Desktop\put to disk
2015-03-02 23:04 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-01 18:39 - 2012-11-22 18:54 - 00000000 ____D () C:\Users\Azzy\AppData\Roaming\Mozilla
2015-03-01 18:39 - 2012-11-22 18:54 - 00000000 ____D () C:\Users\Azzy\AppData\Local\Mozilla

==================== Files in the root of some directories =======

2013-07-21 15:32 - 2015-02-26 01:53 - 0125690 _____ () C:\Users\Azzy\AppData\Local\ars.cache
2013-07-21 15:32 - 2015-02-26 01:53 - 1618472 _____ () C:\Users\Azzy\AppData\Local\census.cache
2014-04-12 13:47 - 2014-04-12 13:47 - 0000092 _____ () C:\Users\Azzy\AppData\Local\fusioncache.dat
2013-07-21 15:23 - 2013-07-21 15:23 - 0000036 _____ () C:\Users\Azzy\AppData\Local\housecall.guid.cache
2014-03-29 23:32 - 2014-03-29 23:32 - 0000218 _____ () C:\Users\Azzy\AppData\Local\recently-used.xbel
2014-02-28 10:30 - 2014-02-28 10:30 - 0000010 _____ () C:\Users\Azzy\AppData\Local\sponge.last.runtime.cache
2013-11-22 06:02 - 2013-11-22 06:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-04-25 08:56 - 2012-04-25 08:56 - 1914000 _____ (Adobe Systems Incorporated) C:\ProgramData\flashax10.exe

Files to move or delete:
====================
C:\ProgramData\flashax10.exe


Some content of TEMP:
====================
C:\Users\Azzy\AppData\Local\Temp\Quarantine.exe
C:\Users\Azzy\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\atieclxx.exe
C:\Windows\SysWOW64\atiesrxx.exe
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\sppsvc.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\SysWOW64\WUDFHost.exe
C:\Windows\System32\aticfx32.dll
C:\Windows\System32\atiu9pag.dll
C:\Windows\System32\atiumdag.dll
C:\Windows\System32\atiumdva.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 02:44

==================== End Of Log ============================



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:42 PM

Posted 29 March 2015 - 06:13 PM

Hey,
thanks for the donation. :) It seems that system files are damaged. We have to fix them later.

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\Run: [PlayNC Launcher] => [X]
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-533468569-4081723625-3906534183-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    C:\ProgramData\flashax10.exe
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Windows Repair All In One
  • Download Windows Repair (All in One) from this site
  • Install the program then run it.
NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.
  • Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
  • If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk. In that case make sure you restart computer.
p22004342.gif
  • Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:
p22004343.gif
  • Go to Step 4 and under "System Restore" click on Create button:
p22004346.gif
  • Go to Start Repairs tab and click Start button. Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design. Click on Start button.
 
p22004347.gif
  • Post Windows Repair log which is located in the following folder:
    • 64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    • 32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
Step 5: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Azanath

Azanath
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 31 March 2015 - 02:27 PM

Hi, Machiavelli.  Here are the logs you have requested.  I, messed up on the ESET.txt log but...I tend to write everything down as well, in case I can't access my computer for whatever reason, so I will highlight that in red for you when I get to that part.  It didn't give me any path to where the things were lurking, just the names of what they were. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Azzy (administrator) on AZZY-PC on 30-03-2015 23:01:35
Running from C:\Users\Azzy\Desktop
Loaded Profiles: Azzy (Available profiles: Azzy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
() C:\Windows\jmesoft\Service.exe
() C:\Windows\SysWOW64\PSIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJA.EXE
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4547872 2015-03-23] (iolo technologies, LLC)
HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-533468569-4081723625-3906534183-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-533468569-4081723625-3906534183-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-26] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-26] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Azzy\AppData\Roaming\Mozilla\Firefox\Profiles\j04axjv4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-19] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll [2014-01-28] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-26] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-10] (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2015-03-10] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-21] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-533468569-4081723625-3906534183-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-10] (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\duckduckgo.xml [2014-06-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nchfastsearch.xml [2014-06-05]
FF Extension: AdBlock for Facebook - C:\Users\Azzy\AppData\Roaming\Mozilla\Firefox\Profiles\j04axjv4.default\Extensions\jid1-dwtGBwQjx3SUQc@jetpack.xpi [2015-03-01]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-26]
CHR Extension: (Color Dripping) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\afdjgcfonmljobnnhbhiacipngbhblgi [2015-02-26]
CHR Extension: (Google Docs) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-26]
CHR Extension: (Google Drive) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-26]
CHR Extension: (YouTube) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-26]
CHR Extension: (Google Search) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-26]
CHR Extension: (Pandora) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-02-26]
CHR Extension: (Google Sheets) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-26]
CHR Extension: (Google Wallet) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2015-03-10] (Perfect World Entertainment Inc)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4703432 2015-03-23] (iolo technologies, LLC)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-08] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 ProtexisLicensing; C:\windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 sppsvc; C:\Windows\SysWOW64\sppsvc.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)
S4 cae99edb; "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation)
S3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [58368 2011-05-17] (GenesysLogic) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
S3 Secdrv; C:\windows\SysWOW64\drivers\SECDRV.SYS [14304 1999-05-14] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-25] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 23:01 - 2015-03-30 23:02 - 00018865 _____ () C:\Users\Azzy\Desktop\FRST.txt
2015-03-29 13:59 - 2015-03-29 13:59 - 00000000 ____D () C:\Users\Azzy\Desktop\log files 3-29-2015
2015-03-29 02:08 - 2015-03-29 02:08 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-29 01:58 - 2015-03-29 02:05 - 00000000 ____D () C:\AdwCleaner
2015-03-29 01:49 - 2015-03-29 01:49 - 01389240 _____ (Thisisu) C:\Users\Azzy\Desktop\JRT.exe
2015-03-29 01:47 - 2015-03-29 01:47 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Azzy\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-29 01:34 - 2015-03-29 01:34 - 02168320 _____ () C:\Users\Azzy\Desktop\AdwCleaner.exe
2015-03-25 06:47 - 2015-03-25 06:47 - 00001168 _____ () C:\Users\Azzy\Desktop\cubis2.exe - Shortcut.lnk
2015-03-25 04:31 - 2015-03-30 23:01 - 00000000 ____D () C:\FRST
2015-03-25 04:27 - 2015-03-25 04:27 - 02095616 _____ (Farbar) C:\Users\Azzy\Desktop\FRST64.exe
2015-03-25 03:53 - 2015-03-25 03:53 - 00000000 ____D () C:\Users\Azzy\AppData\Local\CrashDumps
2015-03-25 03:41 - 2015-03-25 03:55 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-25 03:41 - 2015-03-25 03:41 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-03-25 03:40 - 2015-03-25 03:40 - 16727128 _____ () C:\Users\Azzy\Desktop\RogueKiller.exe
2015-03-21 14:25 - 2015-03-21 14:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-19 11:48 - 2015-03-19 11:48 - 01185040 _____ () C:\windows\is-JN216.exe
2015-03-19 11:48 - 2015-03-19 11:48 - 00022693 _____ () C:\windows\is-JN216.msg
2015-03-19 11:48 - 2015-03-19 11:48 - 00000491 _____ () C:\windows\is-JN216.lst
2015-03-16 03:13 - 2015-03-16 03:28 - 00000000 ____D () C:\Users\Azzy\Desktop\wow shots crop
2015-03-10 22:56 - 2015-03-11 01:21 - 00000000 ____D () C:\Users\Azzy\Desktop\jpg and png site files
2015-03-10 15:34 - 2015-02-19 21:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-10 15:34 - 2015-02-19 21:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-10 15:34 - 2015-02-19 21:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-10 15:34 - 2015-02-19 21:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-10 15:34 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-10 15:34 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-10 15:34 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-10 15:34 - 2015-02-19 21:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-10 15:34 - 2015-02-19 20:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-10 15:34 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-10 15:34 - 2015-02-02 20:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-10 15:34 - 2015-02-02 20:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-10 15:34 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-10 15:34 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-10 15:34 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-10 15:33 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-10 15:33 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-10 15:33 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-10 15:33 - 2015-02-02 20:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-10 15:33 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-10 15:33 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-10 15:33 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-10 15:33 - 2015-02-02 20:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-10 15:33 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-10 15:33 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-10 15:33 - 2015-02-02 20:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-10 15:33 - 2015-02-02 20:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-10 15:33 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-10 15:33 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-10 15:33 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-10 15:33 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-10 15:33 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-10 15:33 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-10 15:33 - 2015-02-02 20:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-10 15:33 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-10 15:33 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-10 15:32 - 2015-03-05 22:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-10 15:32 - 2015-03-05 22:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-10 15:32 - 2015-03-05 22:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-10 15:32 - 2015-03-05 22:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-10 15:32 - 2015-03-05 22:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-10 15:32 - 2015-03-05 22:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-10 15:32 - 2015-03-05 22:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-10 15:32 - 2015-03-05 22:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-10 15:32 - 2015-03-05 22:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-10 15:32 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-10 15:32 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-10 15:32 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-10 15:32 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-10 15:32 - 2015-02-25 20:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-10 15:32 - 2015-02-23 20:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-10 15:32 - 2015-02-23 19:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-10 15:32 - 2015-02-20 17:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-10 15:32 - 2015-02-20 17:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-10 15:32 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-10 15:32 - 2015-02-20 17:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-10 15:32 - 2015-02-20 16:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-10 15:32 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-10 15:32 - 2015-02-19 20:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-10 15:32 - 2015-02-19 20:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-10 15:32 - 2015-02-19 19:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-10 15:32 - 2015-02-19 19:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-10 15:32 - 2015-02-19 19:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-10 15:32 - 2015-02-19 19:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-10 15:32 - 2015-02-19 19:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-10 15:32 - 2015-02-19 19:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-10 15:32 - 2015-02-19 19:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-10 15:32 - 2015-02-19 19:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-10 15:32 - 2015-02-19 19:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-10 15:32 - 2015-02-19 19:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-10 15:32 - 2015-02-19 19:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-10 15:32 - 2015-02-19 19:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 15:32 - 2015-02-19 19:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-10 15:32 - 2015-02-19 19:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-10 15:32 - 2015-02-19 19:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-10 15:32 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-10 15:32 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-10 15:32 - 2015-02-19 19:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-10 15:32 - 2015-02-19 19:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-10 15:32 - 2015-02-19 19:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-10 15:32 - 2015-02-19 18:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-10 15:32 - 2015-02-19 18:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-10 15:32 - 2015-02-19 18:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-10 15:32 - 2015-02-19 18:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-10 15:32 - 2015-02-19 18:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-10 15:32 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-10 15:32 - 2015-02-19 18:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-10 15:32 - 2015-02-19 18:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 15:32 - 2015-02-19 18:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-10 15:32 - 2015-02-19 18:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-10 15:32 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-10 15:32 - 2015-02-19 18:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-10 15:32 - 2015-02-19 18:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-10 15:32 - 2015-02-19 18:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-10 15:32 - 2015-02-19 18:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-10 15:32 - 2015-02-19 18:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-10 15:32 - 2015-02-19 17:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-10 15:32 - 2015-02-19 17:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-10 15:32 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-10 15:32 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-10 15:32 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-10 15:32 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-10 15:32 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-10 15:32 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-10 15:32 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-10 15:32 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-10 15:32 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-10 15:31 - 2015-02-20 18:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-10 15:31 - 2015-02-19 19:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-10 15:31 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-10 15:31 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-10 15:31 - 2015-02-19 19:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-10 15:31 - 2015-02-19 19:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-10 15:31 - 2015-02-19 18:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-10 15:31 - 2015-02-19 18:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-10 15:31 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-10 15:31 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-03 23:41 - 2015-03-03 23:42 - 00027302 _____ () C:\Users\Azzy\Downloads\www.facebook.com.htm
2015-03-02 23:54 - 2015-03-03 02:58 - 00000000 ____D () C:\Users\Azzy\Desktop\burn this
2015-03-02 23:43 - 2015-03-11 00:34 - 00004966 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Azzy-PC-Azzy Azzy-PC
2015-03-02 23:28 - 2015-03-02 23:29 - 06431728 _____ (Microsoft Corporation) C:\Users\Azzy\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe
2015-03-02 23:04 - 2015-03-02 23:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-02 23:02 - 2015-03-19 03:11 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-02 23:02 - 2015-03-02 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-01 18:38 - 2015-03-25 17:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-01 18:38 - 2015-03-01 18:38 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-01 17:26 - 2015-03-01 17:26 - 00001256 _____ () C:\Users\Azzy\Desktop\url.htm

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 23:02 - 2012-04-25 07:48 - 02052284 _____ () C:\windows\WindowsUpdate.log
2015-03-30 22:58 - 2015-01-14 04:03 - 00004262 _____ () C:\windows\setupact.log
2015-03-30 22:58 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-30 22:57 - 2014-08-14 03:34 - 00696010 _____ () C:\windows\PFRO.log
2015-03-30 16:39 - 2009-07-13 22:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-03-30 02:02 - 2013-10-28 17:27 - 00000000 ____D () C:\Users\Azzy\AppData\Local\Battle.net
2015-03-30 02:00 - 2014-08-28 02:00 - 00000000 ____D () C:\Users\Azzy\AppData\Local\Adobe
2015-03-29 14:02 - 2014-03-12 12:08 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-03-29 14:00 - 2015-02-03 12:54 - 00000000 ____D () C:\Users\Azzy\Desktop\stuff
2015-03-29 13:16 - 2012-10-06 21:24 - 00000000 ____D () C:\Users\Azzy
2015-03-29 12:54 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 12:54 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 12:51 - 2009-07-13 22:13 - 00796974 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-29 02:09 - 2015-02-25 20:47 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-29 02:08 - 2015-02-25 20:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-29 01:46 - 2013-01-26 23:55 - 00000000 ____D () C:\Users\Azzy\Desktop\az
2015-03-29 00:22 - 2014-06-18 07:46 - 00000000 ____D () C:\ProgramData\iolo
2015-03-26 05:38 - 2014-06-18 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2015-03-26 05:37 - 2014-06-18 07:50 - 00003118 _____ () C:\windows\System32\Tasks\iolo Process Governor
2015-03-26 05:37 - 2014-06-18 07:50 - 00000000 ____D () C:\ProgramData\ioloGovernor
2015-03-26 05:37 - 2009-07-13 20:20 - 00000000 __RSD () C:\windows\Media
2015-03-25 06:38 - 2014-10-21 03:10 - 00000000 ____D () C:\Users\Azzy\AppData\Roaming\Arc
2015-03-25 00:41 - 2013-10-28 12:42 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-03-25 00:27 - 2014-08-25 15:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-03-23 23:52 - 2014-06-18 07:50 - 00057584 _____ (iolo technologies, LLC) C:\windows\system32\iolobtdfg.exe
2015-03-23 23:52 - 2014-06-18 07:50 - 00026184 _____ (iolo technologies, LLC) C:\windows\system32\smrgdf.exe
2015-03-23 23:37 - 2014-06-18 07:50 - 02155152 _____ (iolo technologies, LLC) C:\windows\system32\Incinerator64.dll
2015-03-23 23:37 - 2014-06-18 07:50 - 02096960 _____ (iolo technologies, LLC) C:\windows\SysWOW64\Incinerator32.dll
2015-03-19 16:36 - 2013-10-28 04:12 - 00778928 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-19 16:36 - 2013-10-28 04:12 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-19 05:53 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2015-03-17 06:15 - 2015-02-25 20:47 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2015-02-25 20:47 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2015-02-25 20:47 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-11 00:35 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2015-03-10 22:49 - 2009-07-13 21:45 - 00633168 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-10 22:45 - 2014-06-06 22:20 - 00000000 ___RD () C:\Users\Azzy\OneDrive
2015-03-10 22:45 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-10 22:45 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-10 22:39 - 2013-08-14 00:46 - 00000000 ____D () C:\windows\system32\MRT
2015-03-10 22:30 - 2012-10-14 18:04 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-05 23:40 - 2014-06-06 21:28 - 00002152 _____ () C:\Users\Azzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-03 23:38 - 2012-10-06 21:24 - 00000000 ____D () C:\Users\Azzy\AppData\Local\VirtualStore
2015-03-03 06:17 - 2010-11-20 20:27 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-03-03 03:53 - 2014-04-05 08:53 - 00000000 ____D () C:\Users\Azzy\Desktop\party crashers new site designs
2015-03-03 00:02 - 2013-12-16 12:19 - 00000000 ____D () C:\Users\Azzy\Desktop\put to disk
2015-03-02 23:04 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-01 18:39 - 2012-11-22 18:54 - 00000000 ____D () C:\Users\Azzy\AppData\Roaming\Mozilla
2015-03-01 18:39 - 2012-11-22 18:54 - 00000000 ____D () C:\Users\Azzy\AppData\Local\Mozilla

==================== Files in the root of some directories =======

2013-07-21 15:32 - 2015-02-26 01:53 - 0125690 _____ () C:\Users\Azzy\AppData\Local\ars.cache
2013-07-21 15:32 - 2015-02-26 01:53 - 1618472 _____ () C:\Users\Azzy\AppData\Local\census.cache
2014-04-12 13:47 - 2014-04-12 13:47 - 0000092 _____ () C:\Users\Azzy\AppData\Local\fusioncache.dat
2013-07-21 15:23 - 2013-07-21 15:23 - 0000036 _____ () C:\Users\Azzy\AppData\Local\housecall.guid.cache
2014-03-29 23:32 - 2014-03-29 23:32 - 0000218 _____ () C:\Users\Azzy\AppData\Local\recently-used.xbel
2014-02-28 10:30 - 2014-02-28 10:30 - 0000010 _____ () C:\Users\Azzy\AppData\Local\sponge.last.runtime.cache
2013-11-22 06:02 - 2013-11-22 06:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\atieclxx.exe
C:\Windows\SysWOW64\atiesrxx.exe
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\sppsvc.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\SysWOW64\WUDFHost.exe
C:\Windows\System32\aticfx32.dll
C:\Windows\System32\atiu9pag.dll
C:\Windows\System32\atiumdag.dll
C:\Windows\System32\atiumdva.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 02:44

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Azzy at 2015-03-30 23:03:03
Running from C:\Users\Azzy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Aion (HKLM-x32\...\NCW-AION) (Version: 1.0.0.2 - NC Interactive, LLC)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ArtRage Studio (HKLM-x32\...\{71C0F2FA-8AA8-482C-96E4-A8124F2DC84D}) (Version: 3.5.4 - Ambient Design)
Autodesk SketchBook Express 6.2 (HKLM-x32\...\{34CBACD3-040E-43D6-86C1-9FBE44B180BF}) (Version: 6.2.0000 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bryce 7.0 Content (HKLM-x32\...\Bryce 7.0 Content 7.0.0.21) (Version: 7.0.0.21 - DAZ 3D)
Bryce 7.1 (HKLM-x32\...\Bryce 7.1 7.1.0.109) (Version: 7.1.0.109 - DAZ 3D)
Bryce Lightning 7.0 (HKLM-x32\...\Bryce Lightning 7.0 7.1.0.109) (Version: 7.1.0.109 - DAZ 3D)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
ClickCharts Diagram Flowchart Software (HKLM-x32\...\ClickCharts) (Version: 1.09 - NCH Software)
Color Efex Pro 3.0 Wacom Edition 6 (HKLM-x32\...\Color Efex Pro 3.0 Wacom Edition 6 Stand-Alone) (Version: 3.1.1.1 - Nik Software, Inc.)
Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.100.0000 - Corel Corporation)
Corel Painter Essentials 3 (x32 Version: 3.2 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deadly Boss Mods Updater (HKLM-x32\...\DeadlyBossModsUpdater) (Version: 1.07.00 - Master Games International, Inc)
Deadly Boss Mods Updater (x32 Version: 1.07.00 - Master Games International, Inc) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dynomite Deluxe (HKLM-x32\...\Dynomite Deluxe) (Version:  - PopCap Games)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Epson Event Manager (HKLM-x32\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION)
EPSON NX130 Series Printer Uninstall (HKLM\...\EPSON NX130 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.68 - NCH Software)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hexagon 2 (HKLM-x32\...\Hexagon 2 2.5.1.79) (Version: 2.5.1.79 - DAZ 3D)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.5.1 - iolo technologies, LLC)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.3426 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.5317 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.5317 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.3.0309 - Lenovo)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\OneDriveSetup.exe) (Version: 17.3.4724.0224 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Myst Online: Uru Live (remove only) (HKLM-x32\...\MOUL) (Version:  - )
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NCsoft Launcher (HKLM-x32\...\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}) (Version: 1.5.19002 - NCsoft)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Orion File Recovery Software (HKLM-x32\...\Orion) (Version: 1.09 - NCH Software)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 13.0 - Corel)
PhotoImpact X3 (x32 Version: 13.0 - Corel) Hidden
Planetside (HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\soe-Planetside) (Version: 1.0.3.183 - Sony Online Entertainment)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Real-Draw PRO 5.2.4 (HKLM-x32\...\Real-Draw PRO_is1) (Version:  - Mediachance)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RIFT (HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\RIFT) (Version:  - Trion Worlds, Inc.)
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Serif PagePlus Starter Edition 4 (HKLM-x32\...\{975944CC-90F8-43C8-9F7E-C722FC212E6B}) (Version: 4.0.0.4 - Serif (Europe) Ltd)
Serif PagePlus: Poster Template Pack 1 (HKLM-x32\...\{561989D6-1BEE-452D-83FE-6E8AB80F341A}) (Version: 1.0.1.042 - Serif (Europe) Ltd)
Serif PanoramaPlus Starter Edition (HKLM-x32\...\{64AEB598-E518-4AD0-B02B-99F365B8054C}) (Version: 2.0.0.001 - Serif (Europe) Ltd)
Serif PhotoPlus Starter Edition 3 (HKLM-x32\...\{5DF61899-B4D4-4CD5-9F3D-78ADBBF7DC2A}) (Version: 3.0.0.008 - Serif (Europe) Ltd)
Serif WebPlus X7 (HKLM\...\{DDC54AEA-0ED0-4F2F-9C3C-7C382D80B5FB}) (Version: 15.0.3.35 - Serif (Europe) Ltd)
Serif WebPlus: Interest Template - Photography 1 (HKLM-x32\...\{E23FEC6A-C2D9-4D91-ADF4-FD513B4421A3}) (Version: 1.0.1.007 - Serif (Europe) Ltd)
Serif WebPlus: Interest Template - Photography 2 (HKLM-x32\...\{465C892E-BEE0-422F-A992-EA627D1943A3}) (Version: 1.2.0.027 - Serif (Europe) Ltd)
Stickies 8.0a (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TurboTop 2.7 (HKLM-x32\...\TurboTop_is1) (Version: 2.7.0.1 - Savard Software)
TwistedBrush Open Studio (HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\TwistedBrush Open Studio) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Driver Package - Advanced Micro Devices, Inc System  (04/15/2010 5.12.0.13) (HKLM\...\219D5BE6B14468E687B5EFF7979E68AA355A5299) (Version: 04/15/2010 5.12.0.13 - Advanced Micro Devices, Inc)
Windows Driver Package - AMD USB  (03/30/2010 1.0.0.5) (HKLM\...\D38587A239DFF85877AA1BCAA58B37B5CF7A6AF5) (Version: 03/30/2010 1.0.0.5 - AMD)
Windows Driver Package - C-Media Inc. (USBPNPA) MEDIA  (08/12/2010 7.12.8.2150) (HKLM\...\9C6B01824B9DA73213D89D4410EB251F8487AB55) (Version: 08/12/2010 7.12.8.2150 - C-Media Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xara 3D Maker 7 (HKLM-x32\...\MAGIX_{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}) (Version: 7.0.0.442 - Xara Group Ltd)
Xara 3D Maker 7 (Version: 7.0.0.442 - Xara Group Ltd) Hidden
Yahoo SiteBuilder (HKLM-x32\...\Yahoo SiteBuilder) (Version: 2.8.8 - Yahoo Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-533468569-4081723625-3906534183-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

06-03-2015 11:51:09 Windows Update
10-03-2015 15:31:32 Windows Update
10-03-2015 22:27:50 Windows Update
14-03-2015 20:04:05 Windows Update
18-03-2015 20:03:52 Windows Update
22-03-2015 11:09:04 Windows Update
27-03-2015 00:14:59 Windows Update
30-03-2015 16:51:58 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00654D73-BD35-4E97-9DDF-AFDF75031672} - System32\Tasks\{BC0DE690-0FC6-431A-931E-829399D76132} => C:\Program Files (x86)\Microsoft Games\Pandora's Box\Pandora.exe [2000-02-02] (Microsoft Corporation)
Task: {0C11A7E1-1956-4893-9A87-964EC40FD4A6} - System32\Tasks\{3C04243E-0170-413E-A096-C7FAE7F1460E} => pcalua.exe -a C:\Users\Azzy\Downloads\wmp11-windowsxp-x64-enu.exe -d C:\Users\Azzy\Downloads
Task: {13789611-52B3-4C9F-9776-1773003C5DA4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {1FE27AA3-2539-4C0B-9F3E-A0396FD9EB5E} - System32\Tasks\{60BA29C9-8D2D-4ED9-A7F2-0ECC7A5B2B33} => C:\Users\Azzy\Desktop\Microsoft Pandora's Box.exe
Task: {2273BF74-FB16-45F3-8333-09D7A8603F62} - System32\Tasks\{937D29EE-C4AD-42BE-A23D-4380374FB7A6} => pcalua.exe -a C:\Users\Azzy\Desktop\HLX5-PhotoPlus-SE-Installer-EN.exe -d C:\Users\Azzy\Desktop
Task: {251EC935-546F-4C76-B9C0-2D2EC0A1ED59} - System32\Tasks\{595EFAEF-B628-4508-A8D8-D219514283C8} => pcalua.exe -a "C:\Program Files\PopCap Games\TipTop Deluxe\PopUninstall.exe" -c C:\Program Files\PopCap Games\TipTop Deluxe\Install.log
Task: {3BA30474-E426-402F-A9C1-491A2433E7B3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {438F0657-8496-41EC-A9F2-6262790568E8} - System32\Tasks\AdobeAAMUpdater-1.0-Azzy-PC-Azzy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {51B79F01-4F6F-4593-9A61-217102799E09} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {53E4CF10-B0B9-4A80-A792-318FC103501B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {557892B1-DCB6-462F-B65E-D45E993BF1ED} - System32\Tasks\{7743441E-0876-4614-B2DB-AF7C897DB6AE} => pcalua.exe -a C:\Users\Azzy\Desktop\ESD_SerifContent_Images-PhotoFrames.exe -d C:\Users\Azzy\Desktop
Task: {57DC003A-DEE9-476D-9C6E-B7A0CAF22C19} - System32\Tasks\{32A084C7-5E03-4587-AC73-B3EBC157D2DB} => pcalua.exe -a "C:\Users\Azzy\AppData\Local\Sony Online Entertainment\ApplicationUpdater\Uninstaller.exe"
Task: {5ECDD357-3ADE-42F4-9BE9-93FB72D144C3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {63D50E88-C4ED-4D5D-B21F-345DCAFD4D12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25] (Google Inc.)
Task: {67F174B2-930B-49E4-983D-96DF0455BEB8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {68ACCED0-D27D-43F8-999D-71B5B9AF8A65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6BFBEE60-DD1F-4003-AF49-F60F5ED61C96} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7AC7BE24-4DE8-47E1-8105-3BBDBFE16726} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2015-03-23] (iolo technologies, LLC)
Task: {82F94BC6-8263-48A3-AADD-507131B42429} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25] (Google Inc.)
Task: {AB28769B-45E6-4875-B390-460E70F7ADAA} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Azzy-PC-Azzy Azzy-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {B6F38F29-F0A9-4E42-8D45-E28FBFCADF18} - System32\Tasks\{35AFE5B7-2516-4BCE-BA5A-2C7FECD52F19} => C:\Program Files (x86)\Microsoft Games\Pandora's Box\Pandora.exe [2000-02-02] (Microsoft Corporation)
Task: {C71012EC-F82F-49F9-9944-24B9DA4B8167} - System32\Tasks\{53642B4E-47EE-4DD0-BBBA-324630C42F92} => C:\Users\Azzy\Desktop\pandoras box\Pandora's Box\Pandora.exe
Task: {C748EB5B-695D-40F8-A475-FF5CC14C7142} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {CB4A0008-6F58-4B8F-A493-AFF8A9760951} - System32\Tasks\easyVPN => C:\Program Files (x86)\EasyVpn\app\easyvpn.exe
Task: {CC07C114-E8E5-4320-8D4F-128ADA6B7C37} - System32\Tasks\iolo DelOnReboot => cmd.exe /c del /f C:\ProgramData\iolo\ops\smrr.dll
Task: {E9416CD9-0D4E-4BFE-A098-C7BD4ABCE13A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-20 22:23 - 2014-11-20 22:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-03-02 23:02 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-04-25 07:51 - 2011-03-15 20:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2006-11-02 21:40 - 2006-11-02 21:40 - 00174656 _____ () C:\windows\SysWOW64\PSIService.exe
2014-09-26 15:41 - 2014-09-26 15:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-03-19 03:10 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-14 17:54 - 2014-04-21 15:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-11-20 22:23 - 2014-11-20 22:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:EC77041F
AlternateDataStreams: C:\Users\Azzy\Desktop\everythingblizzard.wpp:SummaryInformation
AlternateDataStreams: C:\Users\Azzy\Desktop\everythingblizzard.wpp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Azzy\Desktop\Site2guildrules.wpp:SummaryInformation
AlternateDataStreams: C:\Users\Azzy\Desktop\Site2guildrules.wpp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-533468569-4081723625-3906534183-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Azzy\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 10.0.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel MediaOne\CorelIOMonitor.exe
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

==================== Accounts: =============================

Administrator (S-1-5-21-533468569-4081723625-3906534183-500 - Administrator - Disabled)
ASPNET (S-1-5-21-533468569-4081723625-3906534183-1010 - Limited - Enabled)
Azzy (S-1-5-21-533468569-4081723625-3906534183-1002 - Administrator - Enabled) => C:\Users\Azzy
Guest (S-1-5-21-533468569-4081723625-3906534183-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-533468569-4081723625-3906534183-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2015 10:59:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 08:48:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10077

Error: (03/30/2015 08:48:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10077

Error: (03/30/2015 08:48:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/30/2015 08:48:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8829

Error: (03/30/2015 08:48:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8829

Error: (03/30/2015 08:48:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/30/2015 08:48:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7581

Error: (03/30/2015 08:48:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7581

Error: (03/30/2015 08:48:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/30/2015 10:58:22 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (03/30/2015 10:58:22 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070005

    Error description: Access is denied.

    Reason: %%892

Error: (03/29/2015 00:57:37 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (03/29/2015 00:57:35 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (03/29/2015 00:47:48 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (03/29/2015 00:47:48 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070005

    Error description: Access is denied.

    Reason: %%892

Error: (03/29/2015 00:47:13 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (03/29/2015 00:34:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (03/30/2015 10:59:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 08:48:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10077

Error: (03/30/2015 08:48:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10077

Error: (03/30/2015 08:48:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/30/2015 08:48:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8829

Error: (03/30/2015 08:48:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8829

Error: (03/30/2015 08:48:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/30/2015 08:48:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7581

Error: (03/30/2015 08:48:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7581

Error: (03/30/2015 08:48:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD A6-3620 APU with Radeon™ HD Graphics
Percentage of memory in use: 36%
Total physical RAM: 5626.01 MB
Available physical RAM: 3591.83 MB
Total Pagefile: 11250.2 MB
Available Pagefile: 9319.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.34 GB) (Free:340.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A2B82327)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

==================== End Of Log ============================

Eset Log: This is the one that I did not save correctly..but wrote it down and just added what it said, to here.

JS/Adware.MultiPlug.A application
JS/Kryptik.ATL trojan
JS/Chromex.AgentL trojan
JS/Adware.MultiPlug.A application
JS/Kryptik.ATL trojan

JS/Chromex.AgentL trojan

---------------------------------------------------------------------------------------------------------

Tweaking.com - Windows Repair - Pre Repairs Scan
Computer: AZZY-PC (Windows 7 Home Premium 6.1.7601 Service Pack 1) (64-bit)
Started at (3/31/2015 11:14:21 AM)
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Scanning Windows Packages Files.
Started at (3/31/2015 11:14:21 AM)

No problems were found with the Packages Files.

Files Checked & Verified: 3,918

Done (3/31/2015 11:14:58 AM)
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Scanning Reparse Points.
Started at (3/31/2015 11:14:58 AM)

Reparse Point: (Type: JUNCTION) (Name: NetHood) (Original Path: C:\Users\Azzy\NetHood) (Target Path: C:\Users\Azzy\AppData\Roaming\Microsoft\Windows\Network Shortcuts) (Creation Time: 10/6/2012 9:24:07 PM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: PrintHood) (Original Path: C:\Users\Azzy\PrintHood) (Target Path: C:\Users\Azzy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts) (Creation Time: 10/6/2012 9:24:07 PM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: My Documents) (Original Path: C:\Windows\SysWOW64\config\systemprofile\My Documents) (Target Path: C:\windows\system32\config\systemprofile\Documents) (Creation Time: 11/2/2013 10:29:07 AM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: NetHood) (Original Path: C:\Windows\SysWOW64\config\systemprofile\NetHood) (Target Path: C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts) (Creation Time: 11/2/2013 10:29:07 AM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: PrintHood) (Original Path: C:\Windows\SysWOW64\config\systemprofile\PrintHood) (Target Path: C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts) (Creation Time: 11/2/2013 10:29:07 AM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: Recent) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Recent) (Target Path: C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent) (Creation Time: 11/2/2013 10:29:07 AM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: SendTo) (Original Path: C:\Windows\SysWOW64\config\systemprofile\SendTo) (Target Path: C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo) (Creation Time: 11/2/2013 10:29:07 AM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: Start Menu) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Start Menu) (Target Path: C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu) (Creation Time: 11/2/2013 10:29:07 AM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: Templates) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Templates) (Target Path: C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates) (Creation Time: 11/2/2013 10:29:07 AM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: My Music) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Documents\My Music) (Target Path: C:\windows\system32\config\systemprofile\Music) (Creation Time: 11/2/2013 10:29:07 AM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: My Pictures) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures) (Target Path: C:\windows\system32\config\systemprofile\Pictures) (Creation Time: 11/2/2013 10:29:07 AM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: My Videos) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos) (Target Path: C:\windows\system32\config\systemprofile\Videos) (Creation Time: 11/2/2013 10:29:07 AM)
Target Path doesn't exist!

Files & Folders Searched: 243,719
Reparse Points Found: 63

Done (3/31/2015 11:17:55 AM)
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Checking Environment Variables.
Started at (3/31/2015 11:17:55 AM)

This folder in the 'Path' variable doesn't exist: C:\Program Files (x86)\AMD APP\bin\x86

This folder in the 'Path' variable doesn't exist: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static

Problems where found with the Environment Variables.

Done (3/31/2015 11:17:56 AM)
--------------------------------------------------------------------------------

Done (3/31/2015 11:17:56 AM)
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Done (3/31/2015 11:17:56 AM)
Scan Complete - Problems Found!

While problems have been found, you can still run the repairs in the program.
But for the best results it is recommended to fix the problems reported in this scan if possible.
If you need help fixing any of the items in the log, just post in the forums at Tweaking.com for help.

----------------------------------------------------------------------------------------------------------------------------------------------

Reparse Point: (Type: JUNCTION) (Name: My Videos) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos) (Target Path: C:\windows\system32\config\systemprofile\Videos) (Creation Time: 11/2/2013 10:29:07 AM)
Target Path doesn't exist!

Files & Folders Searched: 243,719
Reparse Points Found: 63

Done (3/31/2015 11:17:55 AM)
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Checking Environment Variables.
Started at (3/31/2015 11:17:55 AM)

This folder in the 'Path' variable doesn't exist: C:\Program Files (x86)\AMD APP\bin\x86

This folder in the 'Path' variable doesn't exist: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static

Problems where found with the Environment Variables.

Done (3/31/2015 11:17:56 AM)
--------------------------------------------------------------------------------

Done (3/31/2015 11:17:56 AM)
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Done (3/31/2015 11:17:56 AM)
Scan Complete - Problems Found!

While problems have been found, you can still run the repairs in the program.
But for the best results it is recommended to fix the problems reported in this scan if possible.
If you need help fixing any of the items in the log, just post in the forums at Tweaking.com for help.

 

* when I was trying to check my email to get more instructions, I went to the link you have given me in my email and this pop up came up that said.. Warning: Unresponsive script. A script on this page may be busy, or it may have stopped responding. You can stop the script now, open the script in debugger, or let the script continue.

Script: https//cdn.static.zdbb.net/js/walker-min.js:1

 

and then it gives options to continue, debug script, stop script.  ( I did screen shot this if you rather see it, let me know ).

 

I don't seem to be having any major issues that I can tell at this point.  I, haven't tried surfing the net yet or running my games or anything like that.  I wanted to get this post up first.

 

I will await your response when you can.  :-) Thank you.  

 
 



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:42 PM

Posted 01 April 2015 - 06:20 AM

We have to check if the zero bytes files are gone.
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Azanath

Azanath
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 03 April 2015 - 06:03 AM

Hello, Machiavelli.  Here is the FRST log.  :-) thank you.  Did you need the Addition.txt as well? 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Azzy (administrator) on AZZY-PC on 03-04-2015 03:55:10
Running from C:\Users\Azzy\Desktop
Loaded Profiles: Azzy (Available profiles: Azzy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
() C:\Windows\jmesoft\Service.exe
() C:\Windows\SysWOW64\PSIService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJA.EXE
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKU\S-1-5-21-533468569-4081723625-3906534183-1002\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-533468569-4081723625-3906534183-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Azzy\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-533468569-4081723625-3906534183-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-26] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-26] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Azzy\AppData\Roaming\Mozilla\Firefox\Profiles\j04axjv4.default
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-19] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll [2014-01-28] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-26] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-10] (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2015-03-10] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-21] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-533468569-4081723625-3906534183-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-10] (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\duckduckgo.xml [2014-06-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nchfastsearch.xml [2014-06-05]
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Azzy\AppData\Roaming\Mozilla\Firefox\Profiles\j04axjv4.default\Extensions\pavel.sherbakov@gmail.com [2015-03-31]
FF Extension: AdBlock for Facebook - C:\Users\Azzy\AppData\Roaming\Mozilla\Firefox\Profiles\j04axjv4.default\Extensions\jid1-dwtGBwQjx3SUQc@jetpack.xpi [2015-03-01]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-26]
CHR Extension: (Color Dripping) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\afdjgcfonmljobnnhbhiacipngbhblgi [2015-02-26]
CHR Extension: (Google Docs) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-26]
CHR Extension: (Google Drive) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-26]
CHR Extension: (YouTube) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-26]
CHR Extension: (Google Search) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-26]
CHR Extension: (Pandora) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-02-26]
CHR Extension: (Google Sheets) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-26]
CHR Extension: (Google Wallet) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Azzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2015-03-10] (Perfect World Entertainment Inc)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4703432 2015-03-23] (iolo technologies, LLC)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-08] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 ProtexisLicensing; C:\windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S2 sppsvc; C:\Windows\SysWOW64\sppsvc.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-10-28] () <==== ATTENTION (zero size file/folder)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)
S4 cae99edb; "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation)
S3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [58368 2011-05-17] (GenesysLogic) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
S3 Secdrv; C:\windows\SysWOW64\drivers\SECDRV.SYS [14304 1999-05-14] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-25] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 03:55 - 2015-04-03 03:55 - 00019364 _____ () C:\Users\Azzy\Desktop\FRST.txt
2015-03-31 14:52 - 2015-03-31 14:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-31 13:23 - 2015-03-31 13:25 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-03-31 13:15 - 2015-03-31 13:15 - 00000000 ____D () C:\Users\Azzy\Desktop\log files 3-30-2015
2015-03-31 11:04 - 2015-03-31 11:04 - 12840520 _____ () C:\Users\Azzy\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-03-31 11:03 - 2015-03-31 11:06 - 00002159 _____ () C:\Users\Azzy\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2015-03-31 11:03 - 2015-03-31 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-31 11:02 - 2015-03-31 11:02 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-03-31 00:28 - 2015-03-31 00:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-29 13:59 - 2015-03-29 13:59 - 00000000 ____D () C:\Users\Azzy\Desktop\log files 3-29-2015
2015-03-29 02:08 - 2015-03-29 02:08 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-29 01:58 - 2015-03-29 02:05 - 00000000 ____D () C:\AdwCleaner
2015-03-29 01:49 - 2015-03-29 01:49 - 01389240 _____ (Thisisu) C:\Users\Azzy\Desktop\JRT.exe
2015-03-29 01:47 - 2015-03-29 01:47 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Azzy\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-29 01:34 - 2015-03-29 01:34 - 02168320 _____ () C:\Users\Azzy\Desktop\AdwCleaner.exe
2015-03-25 04:31 - 2015-04-03 03:55 - 00000000 ____D () C:\FRST
2015-03-25 04:27 - 2015-03-25 04:27 - 02095616 _____ (Farbar) C:\Users\Azzy\Desktop\FRST64.exe
2015-03-25 03:53 - 2015-03-31 01:43 - 00000000 ____D () C:\Users\Azzy\AppData\Local\CrashDumps
2015-03-25 03:41 - 2015-03-25 03:55 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-25 03:41 - 2015-03-25 03:41 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-03-25 03:40 - 2015-03-25 03:40 - 16727128 _____ () C:\Users\Azzy\Desktop\RogueKiller.exe
2015-03-19 11:48 - 2015-03-19 11:48 - 01185040 _____ () C:\windows\is-JN216.exe
2015-03-19 11:48 - 2015-03-19 11:48 - 00022693 _____ () C:\windows\is-JN216.msg
2015-03-19 11:48 - 2015-03-19 11:48 - 00000491 _____ () C:\windows\is-JN216.lst
2015-03-16 03:13 - 2015-03-16 03:28 - 00000000 ____D () C:\Users\Azzy\Desktop\wow shots crop
2015-03-10 22:56 - 2015-03-11 01:21 - 00000000 ____D () C:\Users\Azzy\Desktop\jpg and png site files
2015-03-10 15:34 - 2015-02-19 21:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-10 15:34 - 2015-02-19 21:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-10 15:34 - 2015-02-19 21:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-10 15:34 - 2015-02-19 21:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-10 15:34 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-10 15:34 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-10 15:34 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-10 15:34 - 2015-02-19 21:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-10 15:34 - 2015-02-19 20:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-10 15:34 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-10 15:34 - 2015-02-02 20:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-10 15:34 - 2015-02-02 20:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-10 15:34 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-10 15:34 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-10 15:34 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-10 15:33 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-10 15:33 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-10 15:33 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-10 15:33 - 2015-02-02 20:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-10 15:33 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-10 15:33 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-10 15:33 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-10 15:33 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-10 15:33 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-10 15:33 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-10 15:33 - 2015-02-02 20:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-10 15:33 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-10 15:33 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-10 15:33 - 2015-02-02 20:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-10 15:33 - 2015-02-02 20:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-10 15:33 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-10 15:33 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-10 15:33 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-10 15:33 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-10 15:33 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-10 15:33 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-10 15:33 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-10 15:33 - 2015-02-02 20:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-10 15:33 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-10 15:33 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-10 15:32 - 2015-03-05 22:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-10 15:32 - 2015-03-05 22:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-10 15:32 - 2015-03-05 22:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-10 15:32 - 2015-03-05 22:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-10 15:32 - 2015-03-05 22:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-10 15:32 - 2015-03-05 22:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-10 15:32 - 2015-03-05 22:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-10 15:32 - 2015-03-05 22:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-10 15:32 - 2015-03-05 22:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-10 15:32 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-10 15:32 - 2015-03-05 22:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-10 15:32 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-10 15:32 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-10 15:32 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-10 15:32 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-10 15:32 - 2015-02-25 20:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-10 15:32 - 2015-02-23 20:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-10 15:32 - 2015-02-23 19:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-10 15:32 - 2015-02-20 17:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-10 15:32 - 2015-02-20 17:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-10 15:32 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-10 15:32 - 2015-02-20 17:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-10 15:32 - 2015-02-20 16:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-10 15:32 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-10 15:32 - 2015-02-19 20:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-10 15:32 - 2015-02-19 20:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-10 15:32 - 2015-02-19 19:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-10 15:32 - 2015-02-19 19:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-10 15:32 - 2015-02-19 19:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-10 15:32 - 2015-02-19 19:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-10 15:32 - 2015-02-19 19:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-10 15:32 - 2015-02-19 19:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-10 15:32 - 2015-02-19 19:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-10 15:32 - 2015-02-19 19:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-10 15:32 - 2015-02-19 19:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-10 15:32 - 2015-02-19 19:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-10 15:32 - 2015-02-19 19:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-10 15:32 - 2015-02-19 19:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 15:32 - 2015-02-19 19:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-10 15:32 - 2015-02-19 19:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-10 15:32 - 2015-02-19 19:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-10 15:32 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-10 15:32 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-10 15:32 - 2015-02-19 19:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-10 15:32 - 2015-02-19 19:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-10 15:32 - 2015-02-19 19:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-10 15:32 - 2015-02-19 18:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-10 15:32 - 2015-02-19 18:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-10 15:32 - 2015-02-19 18:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-10 15:32 - 2015-02-19 18:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-10 15:32 - 2015-02-19 18:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-10 15:32 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-10 15:32 - 2015-02-19 18:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-10 15:32 - 2015-02-19 18:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 15:32 - 2015-02-19 18:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-10 15:32 - 2015-02-19 18:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-10 15:32 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-10 15:32 - 2015-02-19 18:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-10 15:32 - 2015-02-19 18:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-10 15:32 - 2015-02-19 18:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-10 15:32 - 2015-02-19 18:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-10 15:32 - 2015-02-19 18:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-10 15:32 - 2015-02-19 17:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-10 15:32 - 2015-02-19 17:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-10 15:32 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-10 15:32 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-10 15:32 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-10 15:32 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-10 15:32 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-10 15:32 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-10 15:32 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-10 15:32 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-10 15:32 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-10 15:31 - 2015-02-20 18:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-10 15:31 - 2015-02-19 19:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-10 15:31 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-10 15:31 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-10 15:31 - 2015-02-19 19:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-10 15:31 - 2015-02-19 19:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-10 15:31 - 2015-02-19 18:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-10 15:31 - 2015-02-19 18:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-10 15:31 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-10 15:31 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 03:05 - 2012-04-25 07:48 - 01528696 _____ () C:\windows\WindowsUpdate.log
2015-04-03 00:57 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-03 00:57 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 17:48 - 2014-08-25 15:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-02 17:48 - 2013-10-28 17:27 - 00000000 ____D () C:\Users\Azzy\AppData\Local\Battle.net
2015-04-02 17:39 - 2009-07-13 22:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-04-02 12:44 - 2013-10-28 12:42 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-04-01 08:06 - 2014-03-12 12:08 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-04-01 02:00 - 2014-08-28 02:00 - 00000000 ____D () C:\Users\Azzy\AppData\Local\Adobe
2015-03-31 15:26 - 2015-03-01 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-31 13:22 - 2014-03-15 02:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreshGames
2015-03-31 13:16 - 2015-02-03 12:54 - 00000000 ____D () C:\Users\Azzy\Desktop\stuff
2015-03-31 11:51 - 2009-07-13 22:13 - 00796974 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-31 11:47 - 2015-01-14 04:03 - 00004374 _____ () C:\windows\setupact.log
2015-03-31 11:47 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-31 11:11 - 2014-08-14 03:34 - 00699964 _____ () C:\windows\PFRO.log
2015-03-31 00:25 - 2013-01-26 23:55 - 00000000 ____D () C:\Users\Azzy\Desktop\az
2015-03-29 13:16 - 2012-10-06 21:24 - 00000000 ____D () C:\Users\Azzy
2015-03-29 02:09 - 2015-02-25 20:47 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-29 02:08 - 2015-02-25 20:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-29 00:22 - 2014-06-18 07:46 - 00000000 ____D () C:\ProgramData\iolo
2015-03-26 05:38 - 2014-06-18 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2015-03-26 05:37 - 2014-06-18 07:50 - 00003118 _____ () C:\windows\System32\Tasks\iolo Process Governor
2015-03-26 05:37 - 2014-06-18 07:50 - 00000000 ____D () C:\ProgramData\ioloGovernor
2015-03-26 05:37 - 2009-07-13 20:20 - 00000000 __RSD () C:\windows\Media
2015-03-25 06:38 - 2014-10-21 03:10 - 00000000 ____D () C:\Users\Azzy\AppData\Roaming\Arc
2015-03-23 23:52 - 2014-06-18 07:50 - 00057584 _____ (iolo technologies, LLC) C:\windows\system32\iolobtdfg.exe
2015-03-23 23:52 - 2014-06-18 07:50 - 00026184 _____ (iolo technologies, LLC) C:\windows\system32\smrgdf.exe
2015-03-23 23:37 - 2014-06-18 07:50 - 02155152 _____ (iolo technologies, LLC) C:\windows\system32\Incinerator64.dll
2015-03-23 23:37 - 2014-06-18 07:50 - 02096960 _____ (iolo technologies, LLC) C:\windows\SysWOW64\Incinerator32.dll
2015-03-19 16:36 - 2013-10-28 04:12 - 00778928 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-19 16:36 - 2013-10-28 04:12 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-19 05:53 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2015-03-19 03:11 - 2015-03-02 23:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-17 06:15 - 2015-02-25 20:47 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2015-02-25 20:47 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2015-02-25 20:47 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-11 00:35 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2015-03-10 22:49 - 2009-07-13 21:45 - 00633168 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-10 22:45 - 2014-06-06 22:20 - 00000000 ___RD () C:\Users\Azzy\OneDrive
2015-03-10 22:45 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-10 22:45 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-10 22:39 - 2013-08-14 00:46 - 00000000 ____D () C:\windows\system32\MRT
2015-03-10 22:30 - 2012-10-14 18:04 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-05 23:40 - 2014-06-06 21:28 - 00002152 _____ () C:\Users\Azzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

==================== Files in the root of some directories =======

2013-07-21 15:32 - 2015-02-26 01:53 - 0125690 _____ () C:\Users\Azzy\AppData\Local\ars.cache
2013-07-21 15:32 - 2015-02-26 01:53 - 1618472 _____ () C:\Users\Azzy\AppData\Local\census.cache
2014-04-12 13:47 - 2014-04-12 13:47 - 0000092 _____ () C:\Users\Azzy\AppData\Local\fusioncache.dat
2013-07-21 15:23 - 2013-07-21 15:23 - 0000036 _____ () C:\Users\Azzy\AppData\Local\housecall.guid.cache
2014-03-29 23:32 - 2014-03-29 23:32 - 0000218 _____ () C:\Users\Azzy\AppData\Local\recently-used.xbel
2014-02-28 10:30 - 2014-02-28 10:30 - 0000010 _____ () C:\Users\Azzy\AppData\Local\sponge.last.runtime.cache
2013-11-22 06:02 - 2013-11-22 06:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\atieclxx.exe
C:\Windows\SysWOW64\atiesrxx.exe
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\sppsvc.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\SysWOW64\WUDFHost.exe
C:\Windows\System32\aticfx32.dll
C:\Windows\System32\atiu9pag.dll
C:\Windows\System32\atiumdag.dll
C:\Windows\System32\atiumdva.dll

==================== Bamital & volsnap Check =================
 



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:42 PM

Posted 03 April 2015 - 07:04 AM

Hey,
  • Download Farbar's Recovery Scan Tool and save it to your desktop
  • Double-click on FRST.exe/FRST64.exe to open it, in the search box, type the following: atieclxx.exe;atiesrxx.exe;conhost.exe;csrss.exe;dwm.exe;lsass.exe;lsm.exe;services.exe;smss.exe;spoolsv.exe;sppsvc.exe;taskhost.exe;winlogon.exe;WUDFHost.exe;aticfx32.dll;atiu9pag.dll;atiumdag.dll;atiumdva.dll
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Azanath

Azanath
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 03 April 2015 - 07:39 AM

Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Azzy at 2015-04-03 05:27:53
Running from C:\Users\Azzy\Desktop
Boot Mode: Normal

================== Search Files: "atieclxx.exe;atiesrxx.exe;conhost.exe;csrss.exe;dwm.exe;lsass.exe;lsm.exe;services.exe;smss.exe;spoolsv.exe;sppsvc.exe;taskhost.exe;winlogon.exe;WUDFHost.exe;aticfx32.dll;atiu9pag.dll;atiumdag.dll;atiumdva.dll" =============

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[2014-10-15 01:35][2014-07-15 20:23] 0455680 ____A (Microsoft Corporation) 98AA0BFEE089C7E5DADB94190D93456C [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014-05-13 13:04][2014-03-04 04:08] 0455680 ____A (Microsoft Corporation) 6CE2AE073BD21C542FC2C707CAE944CC [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014-10-15 01:35][2014-07-16 19:07] 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014-05-13 13:04][2014-03-04 02:43] 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010-11-20 20:24][2010-11-20 20:24] 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.22172_none_86ab4a318a459fda\taskhost.exe
[2013-01-09 15:19][2012-11-22 22:50] 0069120 ____A (Microsoft Corporation) C671F1B7D4242A5EC7AF2D548F072671 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.18010_none_86608c5a70f925bc\taskhost.exe
[2013-01-09 15:19][2012-11-22 20:13] 0068608 ____A (Microsoft Corporation) 639774C9ACD063F028F6084ABF5593AD [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.17514_none_8664adc870f5633a\taskhost.exe
[2010-11-20 20:24][2010-11-20 20:24] 0069120 ____A (Microsoft Corporation) 517110BD83835338C037269E603DB55D [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.1.7601.17514_none_036ad230212a39ce\lsm.exe
[2010-11-20 20:23][2010-11-20 20:23] 0343040 ____A (Microsoft Corporation) 9662EE182644511439F1C53745DC1C88 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22948_none_0acdca854903940a\smss.exe
[2015-03-10 15:33][2015-02-02 20:50] 0112640 ____A (Microsoft Corporation) 8CD5A97B8D155718D357B2D9BC6B113D [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22943_none_0ac8c91349081557\smss.exe
[2015-03-10 15:33][2015-01-26 20:56] 0112640 ____A (Microsoft Corporation) B75198D88A34994DE1E4D9F2286DF759 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22923_none_0ade68eb48f7dd75\smss.exe
[2014-05-13 13:04][2014-04-11 19:31] 0112640 ____A (Microsoft Corporation) 3442A918386D4716D74C661543151746 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22921_none_0adc685748f9aac7\smss.exe
[2014-05-13 13:04][2014-04-11 19:31] 0112640 ____A (Microsoft Corporation) 3442A918386D4716D74C661543151746 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22908_none_0af90a3548e32446\smss.exe
[2014-05-13 13:04][2014-04-11 19:31] 0112640 ____A (Microsoft Corporation) 3442A918386D4716D74C661543151746 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22780_none_0a9a84b9492b3ec8\smss.exe
[2014-05-13 13:04][2014-04-11 19:31] 0112640 ____A (Microsoft Corporation) 3442A918386D4716D74C661543151746 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_0abdf375491039d3\smss.exe
[2014-05-13 13:04][2014-04-11 19:31] 0112640 ____A (Microsoft Corporation) 3442A918386D4716D74C661543151746 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe
[2013-10-09 06:33][2013-08-28 18:04] 0112640 ____A (Microsoft Corporation) B2B31D4C79EFD883097FA24D02E79C12 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe
[2013-09-11 03:37][2013-08-01 22:06] 0112640 ____A (Microsoft Corporation) CB5DA3E44456D1084BCD87F5B1B3152B [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05\smss.exe
[2013-04-09 18:32][2013-03-18 19:57] 0112640 ____A (Microsoft Corporation) 498E2A20E145199709CD100CDBA8603D [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18741_none_0a3d29ce2fec45b8\smss.exe
[2015-03-10 15:33][2015-02-02 20:30] 0112640 ____A (Microsoft Corporation) 63D3C30B497347495B8EA78A38188969 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18738_none_0a4efbc02fdddb28\smss.exe
[2015-03-10 15:33][2015-01-28 20:18] 0112640 ____A (Microsoft Corporation) 83C0199B7C06AC3C33212E1A0DC2260E [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe
[2013-09-11 03:37][2013-08-01 17:59] 0112640 ____A (Microsoft Corporation) F0970A4BC8395659C22BF53D0FADF16F [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013-04-09 18:32][2013-03-18 20:06] 0112640 ____A (Microsoft Corporation) F0371DE302FFFF8F086661611BE60848 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2009-07-13 16:19][2009-07-13 18:39] 0112640 ____A (Microsoft Corporation) 1911A3356FA3F77CCC825CCBAC038C2A [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-security-spp_31bf3856ad364e35_6.1.7601.17514_none_78875ce737927d27\sppsvc.exe
[2010-11-20 20:23][2010-11-20 20:23] 3524608 ____A (Microsoft Corporation) E17E0188BB90FAE42D83E98707EFA59C [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 16:19][2009-07-13 18:39] 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682\spoolsv.exe
[2012-10-12 03:08][2012-02-10 23:20] 0559616 ____A (Microsoft Corporation) B9D7A4858CF32A6A15D2763F1DE47E0E [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_3433cdb2d8563d50\spoolsv.exe
[2012-10-12 03:08][2012-02-10 23:36] 0559104 ____A (Microsoft Corporation) 85DAA09A98C9286D4EA2BA8D0E644377 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[2010-11-20 20:24][2010-11-20 20:24] 0559104 ____A (Microsoft Corporation) B96C17B5DC1424D56EEA3A99E97428CD [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22983_none_04ad6c288cc21d97\lsass.exe
[2015-03-10 15:32][2015-03-05 22:32] 0031232 ____A (Microsoft Corporation) 395CAE11172BEBB0253895E8B5F82BFA [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22948_none_04ddad4a8c9d2c86\lsass.exe
[2015-03-10 15:33][2015-02-02 20:50] 0031232 ____A (Microsoft Corporation) CBB80CC43E683F929F8D5E50330F7BA6 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22943_none_04d8abd88ca1add3\lsass.exe
[2015-03-10 15:33][2015-01-26 20:56] 0031232 ____A (Microsoft Corporation) 5B63917A1BE4728D8111850CDEF252F1 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_04f04c448c8fa89f\lsass.exe
[2014-05-13 13:04][2014-04-11 19:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1\lsass.exe
[2014-05-13 13:04][2014-04-11 19:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22920_none_04eb4ad28c9429ec\lsass.exe
[2015-02-11 03:27][2015-01-10 00:09] 0031232 ____A (Microsoft Corporation) 55C62F66528A7BF58EA964B70BCB3D96 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[2014-05-13 13:04][2014-04-11 19:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[2014-11-12 00:26][2014-09-19 02:47] 0031232 ____A (Microsoft Corporation) B84317193B6A29F5F5DCF538C34FDCED [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[2014-05-13 13:04][2014-04-11 19:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[2014-05-13 13:04][2014-04-11 19:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[2014-07-06 20:54][2012-08-24 10:43] 0031232 ____A (Microsoft Corporation) 77119F1F9B492B260030C34F9BE327FA [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2012-04-25 08:36][2011-11-16 23:20] 0031232 ____A (Microsoft Corporation) 0A10B74FBB437FF9A23F1D5DE4446A83 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18779_none_04349f1f7396fcbf\lsass.exe
[2015-03-10 15:32][2015-03-05 22:41] 0031232 ____A (Microsoft Corporation) B6C7729936AAF8E0697F0A7DCA82CED8 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18741_none_044d0c937385de34\lsass.exe
[2015-03-10 15:33][2015-02-02 20:30] 0031232 ____A (Microsoft Corporation) 7554A1B82B4A222FD4CC292ABD38A558 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18738_none_045ede85737773a4\lsass.exe
[2015-03-10 15:33][2015-01-28 20:18] 0031232 ____A (Microsoft Corporation) 43FE6F74D2D43443CF2279613FA0A516 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_04757ea773665519\lsass.exe
[2015-02-11 03:24][2015-01-15 01:09] 0031232 ____A (Microsoft Corporation) E0105F3B5B1C4B0F5B3D788A13504EC6 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[2015-02-11 03:24][2015-01-13 23:04] 0031232 ____A (Microsoft Corporation) 1E31700D9C9E0FB79999D02A8437482C [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18714_none_04707d35736ad666\lsass.exe
[2015-02-11 03:27][2015-01-09 23:47] 0031232 ____A (Microsoft Corporation) C8152B86C0F12E61B0AD5C95751547D3 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[2014-05-13 13:04][2014-04-11 19:19] 0031232 ____A (Microsoft Corporation) 204F3F58212B3E422C90BD9691A2DF28 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[2014-11-12 00:26][2014-09-19 02:42] 0031232 ____A (Microsoft Corporation) 341655B216721D89CADE9DEA2F33872F [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[2014-05-13 13:04][2014-04-11 19:19] 0031232 ____A (Microsoft Corporation) 204F3F58212B3E422C90BD9691A2DF28 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[2014-05-13 13:04][2014-04-11 19:19] 0031232 ____A (Microsoft Corporation) 204F3F58212B3E422C90BD9691A2DF28 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe
[2012-04-25 08:36][2011-11-16 23:33] 0031232 ____A (Microsoft Corporation) C118A82CD78818C29AB228366EBF81C3 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2012-04-25 08:36][2011-11-16 23:33] 0031232 ____A (Microsoft Corporation) C118A82CD78818C29AB228366EBF81C3 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2009-07-13 16:20][2009-07-13 18:39] 0031232 ____A (Microsoft Corporation) 0793F40B9B8A1BDD266296409DBD91EA [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7601.17514_none_ebc99983d3d18578\dwm.exe
[2009-07-13 16:37][2009-07-13 18:39] 0120320 ____A (Microsoft Corporation) F162D5F5E845B9DC352DD1BAD8CEF1BC [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.22004_none_fbcbe08624f8cec3\WUDFHost.exe
[2012-11-14 04:00][2012-07-25 20:08] 0229888 ____A (Microsoft Corporation) 8ABFE00F213F2571498F1B8FD7939A98 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17803_none_fb416b4f0bdbe260\WUDFHost.exe
[2012-11-14 04:00][2012-07-25 20:08] 0229888 ____A (Microsoft Corporation) 8ABFE00F213F2571498F1B8FD7939A98 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17514_none_fb3795fb0be32033\WUDFHost.exe
[2010-11-20 20:23][2010-11-20 20:23] 0226816 ____A (Microsoft Corporation) D0FF1CA89D013B94768A289023958F6B [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[2009-07-13 16:19][2009-07-13 18:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22653_none_d2df12c931f85fcc\conhost.exe
[2014-05-13 13:04][2014-04-11 19:31] 0338432 ____A (Microsoft Corporation) E1936D112524BDC9BD05CE3EB9184088 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22616_none_d30d535731d53c0d\conhost.exe
[2014-04-09 05:28][2014-03-04 04:07] 0338432 ____A (Microsoft Corporation) ABEA1C74F6E876BE8B98BB3C541BC882 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22436_none_d2f7afb331e579a1\conhost.exe
[2013-10-09 06:33][2013-08-28 18:14] 0338432 ____A (Microsoft Corporation) D62757257B2DCBD15B1BA9EA3B385C1A [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22411_none_d3084e1931d9c30c\conhost.exe
[2013-09-11 03:37][2013-08-01 22:17] 0338432 ____A (Microsoft Corporation) F6018BE264B73EECEDA885FA250C5962 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22177_none_d2cd6a9b32050b47\conhost.exe
[2013-01-09 15:20][2012-11-29 22:49] 0338432 ____A (Microsoft Corporation) B19B30E594EE374C69F71DAD26198400 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18229_none_d27be1cc18bd0cc4\conhost.exe
[2013-09-11 03:37][2013-08-01 18:09] 0338432 ____A (Microsoft Corporation) BF95EA5809E3BBF55370F7CB309FEBD0 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18015_none_d282acc418b89129\conhost.exe
[2013-01-09 15:20][2012-11-29 20:23] 0338432 ____A (Microsoft Corporation) 1BCDB508143B517F21BBDAC10F5777BF [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17514_none_d281ccc018b94ff4\conhost.exe
[2010-11-20 20:23][2010-11-20 20:23] 0337920 ____A (Microsoft Corporation) BD51024FB014064BC9FE8C715C18392F [File is signed]

C:\Windows\winsxs\amd64_atiilhag.inf_31bf3856ad364e35_6.1.7601.17514_none_03c46b205be81dfd\atiumdag.dll
[2009-07-13 14:59][2009-07-13 18:40] 4030976 ____A (ATI Technologies Inc. ) 26A9FC0A341229B8D3E883B4F4908B91 [File is signed]

C:\Windows\winsxs\amd64_atiilhag.inf_31bf3856ad364e35_6.1.7601.17514_none_03c46b205be81dfd\atiumdva.dll
[2009-07-13 14:59][2009-07-13 18:40] 4772352 ____A (ATI Technologies Inc. ) 99EA8876679C8BCA016835C97BE2BBF0 [File is signed]

C:\Windows\SysWOW64\aticfx32.dll
[2014-11-20 19:44][2014-11-20 19:44] 1127496 ____A (Advanced Micro Devices, Inc. ) 8FAE6FCA9C20303C0A5FE651BEFBA440 [File is signed]

C:\Windows\SysWOW64\atieclxx.exe
[2013-10-28 02:47][2013-10-28 02:47] 0000000 ____A ()

C:\Windows\SysWOW64\atiesrxx.exe
[2013-10-28 02:47][2013-10-28 02:47] 0000000 ____A ()

C:\Windows\SysWOW64\atiu9pag.dll
[2014-11-20 19:44][2014-11-20 19:44] 0100032 ____A (Advanced Micro Devices, Inc. ) 4C37911FC7EBE0746FE906BE48E5728A [File is signed]

C:\Windows\SysWOW64\atiumdag.dll
[2014-11-20 19:43][2014-11-20 19:43] 7077776 ____A (Advanced Micro Devices, Inc. ) 9E5556E97C9AB6C07CF622F3B1F951F3 [File is signed]

C:\Windows\SysWOW64\atiumdva.dll
[2014-11-20 19:43][2014-11-20 19:43] 7558816 ____A (Advanced Micro Devices, Inc. ) 2F138AFD3963CF5352D2BED316CF4035 [File is signed]

C:\Windows\SysWOW64\conhost.exe
[2013-10-28 02:47][2013-10-28 02:47] 0000000 ____A ()

C:\Windows\SysWOW64\csrss.exe
[2013-10-28 02:47][2013-10-28 02:47] 0000000 ____A ()

C:\Windows\SysWOW64\dwm.exe
[2013-10-28 02:47][2013-10-28 02:47] 0000000 ____A ()

C:\Windows\SysWOW64\lsass.exe
[2013-10-28 02:47][2013-10-28 02:47] 0000000 ____A ()

C:\Windows\SysWOW64\lsm.exe
[2013-10-28 02:47][2013-10-28 02:47] 0000000 ____A ()

C:\Windows\SysWOW64\services.exe
[2013-10-28 02:47][2013-10-28 02:47] 0000000 ____A ()

C:\Windows\SysWOW64\smss.exe
[2013-10-28 02:47][2013-10-28 02:47] 0000000 ____A ()

C:\Windows\SysWOW64\spoolsv.exe
[2013-10-28 02:47][2013-10-28 02:47] 0000000 ____A ()

C:\Windows\SysWOW64\sppsvc.exe
[2013-10-28 02:47][2013-10-28 02:47] 0000000 ____A ()

C:\Windows\SysWOW64\taskhost.exe
[2013-10-28 02:47][2013-10-28 02:47] 0000000 ____A ()

C:\Windows\SysWOW64\winlogon.exe
[2013-10-28 02:47][2013-10-28 02:47] 0000000 ____A ()

C:\Windows\SysWOW64\WUDFHost.exe
[2014-02-28 10:37][2014-02-28 10:37] 0000000 ____A ()

C:\Windows\System32\aticfx32.dll
[2013-07-21 15:29][2013-07-21 15:29] 0000000 ____A ()

C:\Windows\System32\atieclxx.exe
[2014-11-20 19:12][2014-11-20 19:12] 0774656 ____A (AMD) CAC9C36B2E28F3AE76FF62EA7523D71F [File is signed]

C:\Windows\System32\atiesrxx.exe
[2014-11-20 19:12][2014-11-20 19:12] 0244736 ____A (AMD) 2998362D1E550F0C990D77E34415BEB6 [File is signed]

C:\Windows\System32\atiu9pag.dll
[2013-07-21 15:29][2013-07-21 15:29] 0000000 ____A ()

C:\Windows\System32\atiumdag.dll
[2013-07-21 15:29][2013-07-21 15:29] 0000000 ____A ()

C:\Windows\System32\atiumdva.dll
[2013-07-21 15:29][2013-07-21 15:29] 0000000 ____A ()

C:\Windows\System32\conhost.exe
[2013-09-11 03:37][2013-08-01 18:09] 0338432 ____A (Microsoft Corporation) BF95EA5809E3BBF55370F7CB309FEBD0 [File is signed]

C:\Windows\System32\csrss.exe
[2009-07-13 16:19][2009-07-13 18:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72 [File is signed]

C:\Windows\System32\dwm.exe
[2009-07-13 16:37][2009-07-13 18:39] 0120320 ____A (Microsoft Corporation) F162D5F5E845B9DC352DD1BAD8CEF1BC [File is signed]

C:\Windows\System32\lsass.exe
[2015-03-10 15:32][2015-03-05 22:41] 0031232 ____A (Microsoft Corporation) B6C7729936AAF8E0697F0A7DCA82CED8 [File is signed]

C:\Windows\System32\lsm.exe
[2010-11-20 20:23][2010-11-20 20:23] 0343040 ____A (Microsoft Corporation) 9662EE182644511439F1C53745DC1C88 [File is signed]

C:\Windows\System32\services.exe
[2009-07-13 16:19][2009-07-13 18:39] 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB [File is signed]

C:\Windows\System32\smss.exe
[2015-03-10 15:33][2015-02-02 20:30] 0112640 ____A (Microsoft Corporation) 63D3C30B497347495B8EA78A38188969 [File is signed]

C:\Windows\System32\spoolsv.exe
[2012-10-12 03:08][2012-02-10 23:36] 0559104 ____A (Microsoft Corporation) 85DAA09A98C9286D4EA2BA8D0E644377 [File is signed]

C:\Windows\System32\sppsvc.exe
[2010-11-20 20:23][2010-11-20 20:23] 3524608 ____A (Microsoft Corporation) E17E0188BB90FAE42D83E98707EFA59C [File is signed]

C:\Windows\System32\taskhost.exe
[2013-01-09 15:19][2012-11-22 20:13] 0068608 ____A (Microsoft Corporation) 639774C9ACD063F028F6084ABF5593AD [File is signed]

C:\Windows\System32\winlogon.exe
[2014-10-15 01:35][2014-07-16 19:07] 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA [File is signed]

C:\Windows\System32\WUDFHost.exe
[2012-11-14 04:00][2012-07-25 20:08] 0229888 ____A (Microsoft Corporation) 8ABFE00F213F2571498F1B8FD7939A98 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\aticfx32.dll
[2014-11-20 19:44][2014-11-20 19:44] 1127496 ____A (Advanced Micro Devices, Inc. ) 8FAE6FCA9C20303C0A5FE651BEFBA440 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atieclxx.exe
[2014-11-20 19:12][2014-11-20 19:12] 0774656 ____A (AMD) CAC9C36B2E28F3AE76FF62EA7523D71F [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiesrxx.exe
[2014-11-20 19:12][2014-11-20 19:12] 0244736 ____A (AMD) 2998362D1E550F0C990D77E34415BEB6 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiu9pag.dll
[2014-11-20 19:44][2014-11-20 19:44] 0100032 ____A (Advanced Micro Devices, Inc. ) 4C37911FC7EBE0746FE906BE48E5728A [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiumdag.dll
[2014-11-20 19:43][2014-11-20 19:43] 7077776 ____A (Advanced Micro Devices, Inc. ) 9E5556E97C9AB6C07CF622F3B1F951F3 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiumdva.dll
[2014-11-20 19:43][2014-11-20 19:43] 7558816 ____A (Advanced Micro Devices, Inc. ) 2F138AFD3963CF5352D2BED316CF4035 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7176154.inf_amd64_neutral_afcbbee6bcca9a1b\B176041\aticfx32.dll
[2014-09-15 15:31][2014-09-15 15:31] 1113576 ____A (Advanced Micro Devices, Inc. ) 15C9EAED649EE615E3DE117582CAF12A [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7176154.inf_amd64_neutral_afcbbee6bcca9a1b\B176041\atieclxx.exe
[2014-09-15 15:03][2014-09-15 15:03] 0619008 ____A (AMD) C2E89DF8C68BF676AA2690FEFE3C2043 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7176154.inf_amd64_neutral_afcbbee6bcca9a1b\B176041\atiesrxx.exe
[2014-09-15 15:03][2014-09-15 15:03] 0239616 ____A (AMD) F17B1902DFCED1C24DB57492A7896FF8 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7176154.inf_amd64_neutral_afcbbee6bcca9a1b\B176041\atiu9pag.dll
[2014-09-15 15:31][2014-09-15 15:31] 0100032 ____A (Advanced Micro Devices, Inc. ) 8DFB13E6647047028AFBBE192E0BCA44 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7176154.inf_amd64_neutral_afcbbee6bcca9a1b\B176041\atiumdag.dll
[2014-09-15 15:31][2014-09-15 15:31] 7028336 ____A (Advanced Micro Devices, Inc. ) 89B070DB2796ACEECFF9E8FAC626159E [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7176154.inf_amd64_neutral_afcbbee6bcca9a1b\B176041\atiumdva.dll
[2014-09-15 15:31][2014-09-15 15:31] 7207592 ____A (Advanced Micro Devices, Inc. ) B7DE5249B33E5376FCCDC91574FE2075 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7175109.inf_amd64_neutral_c6683e0f83016fcd\B174238\aticfx32.dll
[2014-08-12 09:48][2014-08-12 09:48] 1110992 ____A (Advanced Micro Devices, Inc. ) 2372471F882364F5BF419C513ACF104A [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7175109.inf_amd64_neutral_c6683e0f83016fcd\B174238\atieclxx.exe
[2014-08-12 06:59][2014-08-12 06:59] 0588800 ____A (AMD) EFFA42A4D3122DDFA40EEF4B9E29AF2B [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7175109.inf_amd64_neutral_c6683e0f83016fcd\B174238\atiesrxx.exe
[2014-08-12 06:59][2014-08-12 06:59] 0239616 ____A (AMD) 689760C1BDE6C663CAF996F6BFE093BD [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7175109.inf_amd64_neutral_c6683e0f83016fcd\B174238\atiu9pag.dll
[2014-08-12 09:48][2014-08-12 09:48] 0099520 ____A (Advanced Micro Devices, Inc. ) F6FB3DF071B442C2C47FA77705D14D78 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7175109.inf_amd64_neutral_c6683e0f83016fcd\B174238\atiumdag.dll
[2014-08-12 09:47][2014-08-12 09:47] 6879016 ____A (Advanced Micro Devices, Inc. ) F61A710613E67235BAA9DD612E3D56CF [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7175109.inf_amd64_neutral_c6683e0f83016fcd\B174238\atiumdva.dll
[2014-08-12 09:47][2014-08-12 09:47] 7102496 ____A (Advanced Micro Devices, Inc. ) 131CBEC6D75A8BE99F0E7F33F72B864C [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7174673.inf_amd64_neutral_8e1f2e2d90fa17a8\B174702\aticfx32.dll
[2014-08-11 20:32][2014-08-11 20:32] 1110992 ____A (Advanced Micro Devices, Inc. ) 26429878A6554C666B2BCA186DCD7053 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7174673.inf_amd64_neutral_8e1f2e2d90fa17a8\B174702\atieclxx.exe
[2014-08-11 19:01][2014-08-11 19:01] 0588800 ____A (AMD) 63316A8E10D243D087038FAEC2D80065 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7174673.inf_amd64_neutral_8e1f2e2d90fa17a8\B174702\atiesrxx.exe
[2014-08-11 19:00][2014-08-11 19:00] 0239616 ____A (AMD) E9269C2B132B1DF1EAFC0DD57B6F8A7D [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7174673.inf_amd64_neutral_8e1f2e2d90fa17a8\B174702\atiu9pag.dll
[2014-08-11 20:32][2014-08-11 20:32] 0099520 ____A (Advanced Micro Devices, Inc. ) DBE010D776E1C7339E67572A7F3FE74A [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7174673.inf_amd64_neutral_8e1f2e2d90fa17a8\B174702\atiumdag.dll
[2014-08-11 20:32][2014-08-11 20:32] 6879016 ____A (Advanced Micro Devices, Inc. ) B108D265E104BBA168EE011188DAF181 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7174673.inf_amd64_neutral_8e1f2e2d90fa17a8\B174702\atiumdva.dll
[2014-08-11 20:32][2014-08-11 20:32] 7102496 ____A (Advanced Micro Devices, Inc. ) 18F75FA2A7132C2E521C69EA81E5715D [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7171099.inf_amd64_neutral_4e1498617e0336e7\B171094\aticfx32.dll
[2014-04-17 19:42][2014-04-17 19:42] 1117184 ____A (Advanced Micro Devices, Inc. ) 94E9690B6BFD83659A832A78C23FF706 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7171099.inf_amd64_neutral_4e1498617e0336e7\B171094\atieclxx.exe
[2014-04-17 18:29][2014-04-17 18:29] 0586240 ____A (AMD) 5504CB5B6EA51D983D22CDC802BB0E60 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7171099.inf_amd64_neutral_4e1498617e0336e7\B171094\atiesrxx.exe
[2014-04-17 18:29][2014-04-17 18:29] 0239616 ____A (AMD) E7BDC2E7D885A65031C6B93D5A80B019 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7171099.inf_amd64_neutral_4e1498617e0336e7\B171094\atiu9pag.dll
[2014-04-17 19:42][2014-04-17 19:42] 0099520 ____A (Advanced Micro Devices, Inc. ) D2CA40C54A2A30AEECEFBD371493A80F [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7171099.inf_amd64_neutral_4e1498617e0336e7\B171094\atiumdag.dll
[2014-04-17 19:42][2014-04-17 19:42] 6799688 ____A (Advanced Micro Devices, Inc. ) 57857941FC59EE23B70B99A04E0886C6 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7171099.inf_amd64_neutral_4e1498617e0336e7\B171094\atiumdva.dll
[2014-04-17 19:42][2014-04-17 19:42] 6796592 ____A (Advanced Micro Devices, Inc. ) 9FBA0F47AB5C3375D7A735E4E997BA40 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7169198.inf_amd64_neutral_56f6ec72e948b516\B169191\aticfx32.dll
[2014-03-12 09:10][2014-03-12 09:10] 1106872 ____A (Advanced Micro Devices, Inc. ) 94A6DB24A56793E2D99E6AD1BDC05F35 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7169198.inf_amd64_neutral_56f6ec72e948b516\B169191\atieclxx.exe
[2014-03-12 08:03][2014-03-12 08:03] 0586240 ____A (AMD) C1968C2C0B2B745B219A20892ED5027E [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7169198.inf_amd64_neutral_56f6ec72e948b516\B169191\atiesrxx.exe
[2014-03-12 08:02][2014-03-12 08:02] 0240128 ____A (AMD) 17A662B5C8A3BABDA39510E1F8E7883A [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7169198.inf_amd64_neutral_56f6ec72e948b516\B169191\atiu9pag.dll
[2014-03-12 09:10][2014-03-12 09:10] 0098496 ____A (Advanced Micro Devices, Inc. ) 36C29BCE8D81B7984F12EA1C7076FDD4 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7169198.inf_amd64_neutral_56f6ec72e948b516\B169191\atiumdag.dll
[2014-03-12 09:10][2014-03-12 09:10] 6716264 ____A (Advanced Micro Devices, Inc. ) 373FDD1555E754C0C9032342431E1996 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7169198.inf_amd64_neutral_56f6ec72e948b516\B169191\atiumdva.dll
[2014-03-12 09:10][2014-03-12 09:10] 10145128 ____A (Advanced Micro Devices, Inc. ) 1C688B619BAC60E9FAAEA0AE93E1E910 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7163824.inf_amd64_neutral_f6f99e748a53df3a\B163506\aticfx32.dll
[2013-10-08 07:01][2013-10-08 07:01] 1030128 ____A (Advanced Micro Devices, Inc. ) EB3BCBEC859615F6D9A90CF31420A09D [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7163824.inf_amd64_neutral_f6f99e748a53df3a\B163506\atieclxx.exe
[2013-10-08 05:53][2013-10-08 05:53] 0576512 ____A (AMD) 3D59457A85B965B8DF887EEC26E098A8 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7163824.inf_amd64_neutral_f6f99e748a53df3a\B163506\atiesrxx.exe
[2013-10-08 05:52][2013-10-08 05:52] 0239616 ____A (AMD) 68B2C801CDB2B3838E9C27C3C6F66C73 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7163824.inf_amd64_neutral_f6f99e748a53df3a\B163506\atiu9pag.dll
[2013-10-08 07:01][2013-10-08 07:01] 0097984 ____A (Advanced Micro Devices, Inc. ) 9AEB111802754663D31EC960362BDF65 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7163824.inf_amd64_neutral_f6f99e748a53df3a\B163506\atiumdag.dll
[2013-10-08 07:00][2013-10-08 07:00] 6189416 ____A (Advanced Micro Devices, Inc. ) 7C3B367AFEECC64C21D103F7B000B6FE [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7163824.inf_amd64_neutral_f6f99e748a53df3a\B163506\atiumdva.dll
[2013-10-08 07:00][2013-10-08 07:00] 6176008 ____A (Advanced Micro Devices, Inc. ) 417BF04E628492AF649F8285D51117E3 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7157485.inf_amd64_neutral_7614812e51931d7e\B155215\aticfx32.dll
[2013-03-28 19:37][2013-03-28 19:37] 0970912 ____A (Advanced Micro Devices, Inc. ) 17B25D3FA237F15EE599AFF815F42DF2 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7157485.inf_amd64_neutral_7614812e51931d7e\B155215\atieclxx.exe
[2013-03-28 18:35][2013-03-28 18:35] 0562688 ____A (AMD) B8FFCE08932042E0D108F92FED9CF59E [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7157485.inf_amd64_neutral_7614812e51931d7e\B155215\atiesrxx.exe
[2013-03-28 18:34][2013-03-28 18:34] 0241152 ____A (AMD) 310F86335B0505DDC6D2DD48E66EF06B [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7157485.inf_amd64_neutral_7614812e51931d7e\B155215\atiu9pag.dll
[2013-03-28 19:37][2013-03-28 19:37] 0092304 ____A (Advanced Micro Devices, Inc. ) 74E7920F4D114A21BE182A5581E0C3E1 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7157485.inf_amd64_neutral_7614812e51931d7e\B155215\atiumdag.dll
[2013-03-28 19:36][2013-03-28 19:36] 5944264 ____A (Advanced Micro Devices, Inc. ) 70031F05DDF91A1D35D6898B619FA378 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7157485.inf_amd64_neutral_7614812e51931d7e\B155215\atiumdva.dll
[2013-03-28 19:36][2013-03-28 19:36] 4450264 ____A (Advanced Micro Devices, Inc. ) 406E0F28E5788D396C4B8F86E893D61D [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7152192.inf_amd64_neutral_421b59ee0f45032b\B151068\aticfx32.dll
[2012-12-19 13:09][2012-12-19 13:09] 0960512 ____A (Advanced Micro Devices, Inc. ) AA0AC5B8C45AF41D1215B156272FC869 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7152192.inf_amd64_neutral_421b59ee0f45032b\B151068\atieclxx.exe
[2012-12-19 12:56][2012-12-19 12:56] 0550912 ____A (AMD) 0620FE89F70FC0895DC312EEBAA62B06 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7152192.inf_amd64_neutral_421b59ee0f45032b\B151068\atiesrxx.exe
[2012-12-19 12:56][2012-12-19 12:56] 0240640 ____A (AMD) 4EAAAAB8759644D572522FBCDD196A13 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7152192.inf_amd64_neutral_421b59ee0f45032b\B151068\atiu9pag.dll
[2012-12-19 12:30][2012-12-19 12:30] 0083968 ____A (Advanced Micro Devices, Inc. ) 5D09A0DCE86829EB91A82EA13691CAC6 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7152192.inf_amd64_neutral_421b59ee0f45032b\B151068\atiumdag.dll
[2012-12-19 13:50][2012-12-19 13:50] 5630200 ____A (Advanced Micro Devices, Inc. ) EB9F220E8DC22310B199AE6A49B7E168 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7152192.inf_amd64_neutral_421b59ee0f45032b\B151068\atiumdva.dll
[2012-12-19 12:44][2012-12-19 12:44] 4162048 ____A (Advanced Micro Devices, Inc. ) 2402608897A8BCBAC7469A7DB1C874DA [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7124082.inf_amd64_neutral_2aacdba824535354\B123996\aticfx32.dll
[2011-09-04 20:40][2011-08-10 01:50] 0732672 ____A (Advanced Micro Devices, Inc. ) 5D4B8D9927A3D02D1435366DFBCA563C [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7124082.inf_amd64_neutral_2aacdba824535354\B123996\atieclxx.exe
[2011-09-04 20:40][2011-08-10 01:46] 0486912 ____A (AMD) 06A5100548A970284498B9C8119FBB02 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7124082.inf_amd64_neutral_2aacdba824535354\B123996\atiesrxx.exe
[2011-09-04 20:40][2011-08-10 01:45] 0204288 ____A (AMD) 03EF6DE693096A19C677FD262B7F3155 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7124082.inf_amd64_neutral_2aacdba824535354\B123996\atiu9pag.dll
[2011-09-04 20:40][2011-08-10 01:06] 0029184 ____A (Advanced Micro Devices, Inc. ) D500B5DC3F0359AB2CFF593A1DC79A9C [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7124082.inf_amd64_neutral_2aacdba824535354\B123996\atiumdag.dll
[2011-09-04 20:40][2011-08-10 01:20] 4289024 ____A (Advanced Micro Devices, Inc. ) C13DB4E63D3CD322B3DBEE7E81858730 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7124082.inf_amd64_neutral_2aacdba824535354\B123996\atiumdva.dll
[2011-09-04 20:40][2011-08-10 01:15] 4064768 ____A (Advanced Micro Devices, Inc. ) 51B4F4C1D5ADEE2AC11F15FB0551467F [File is signed]

C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\atiumdag.dll
[2009-07-13 14:59][2009-07-13 18:40] 4030976 ____A (ATI Technologies Inc. ) 26A9FC0A341229B8D3E883B4F4908B91 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\atiumdva.dll
[2009-07-13 14:59][2009-07-13 18:40] 4772352 ____A (ATI Technologies Inc. ) 99EA8876679C8BCA016835C97BE2BBF0 [File is signed]

C:\Windows\SoftwareDistribution\Download\680abf31f54d1d44537ad659fbd3fdef\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[2015-02-11 03:24][2015-01-13 23:04] 0031232 ____A (Microsoft Corporation) 1E31700D9C9E0FB79999D02A8437482C [File is signed]

C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2015-02-25 20:47][2015-03-17 06:13] 0878392 ____A (MalwareBytes) F831DDAE2842929B9B40C571C5EB723A [File is signed]

====== End Of Search ======

#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:42 PM

Posted 03 April 2015 - 08:58 AM

Run the System Update Readiness Tool (SURT)
  • Download the System Update Readiness Tool from Microsoft --> here <-- Please save the tool to a convenient location as it may be necessary to run it again.
  • After the download has completed, double-click the file and wait while it initializes.
  • Click Yes to begin installation. Please note it may take some time to complete and may appear to stall whilst installing. Don't worry, this is perfectly normal behaviour. Also note, whilst I say "installing", it's actually running the tool and can therefore be "installed" (run) repeatedly.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:42 PM

Posted 07 April 2015 - 01:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users