Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

you do not have appropiate permissions to access


  • This topic is locked This topic is locked
61 replies to this topic

#1 Tonyjj

Tonyjj

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 27 September 2015 - 09:07 AM

trying to send FRST notepad log plus the additional one but get the message

"Error

You aren't permitted to upload this kind of file"

 

 

 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:59 PM

Posted 27 September 2015 - 09:43 AM

Hello Tonyjj and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
----------------------------------------------------------------------------------------------------------------------------
 
Please try to directly copy and paste your log

Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Tonyjj

Tonyjj
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 27 September 2015 - 10:47 AM

hello Yilmaz,

 

please note that my first language is not computer.

 

all of your points are acceptable.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015
Ran by Admin (administrator) on ADMIN-PC (27-09-2015 12:38:59)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKU\S-1-5-21-427906458-3327328302-4153345130-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-427906458-3327328302-4153345130-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{13F1786E-4057-4E6D-A94F-2F32278460A0}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{51D4030C-B229-4611-961C-49D1E6E782DC}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-427906458-3327328302-4153345130-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-427906458-3327328302-4153345130-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files\TalkTalk\Security\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-30]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-30]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-30]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-30]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-30]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-08-01]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-30]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-12]
CHR Extension: (Norton Identity Safe) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-01]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2015-08-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-30]
CHR Extension: (Norton Safe) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-30]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files/TalkTalk/Security/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
S4 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [143424 2013-04-15] (SEIKO EPSON CORPORATION)
S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 MyEpson Portal Service; C:\Program Files\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
S1 epp32; C:\EEK\bin\epp32.sys [112408 2015-09-24] (Emsisoft GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 vmx_svga; C:\Windows\System32\DRIVERS\vmx_svga.sys [63920 2009-10-20] (VMware, Inc.)
S3 fsni; \??\C:\Program Files\TalkTalk\Security\apps\CCF_Scanning\bin\fsni32.sys [X]
S3 StarOpen; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-27 12:38 - 2015-09-27 12:39 - 00008955 _____ C:\Users\Admin\Desktop\FRST.txt
2015-09-27 12:38 - 2015-09-27 12:38 - 01695744 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-09-27 11:46 - 2015-09-27 11:46 - 01695744 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2015-09-27 11:37 - 2015-09-27 11:40 - 00040637 _____ C:\Users\Admin\Downloads\FRST.txt
2015-09-27 11:37 - 2015-09-27 11:37 - 01695744 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2015-09-27 11:03 - 2015-09-27 11:03 - 00028034 _____ C:\Users\Admin\Downloads\Addition.txt
2015-09-27 11:02 - 2015-09-27 12:38 - 00000000 ____D C:\FRST
2015-09-26 16:20 - 2015-09-26 16:19 - 02304693 _____ C:\Users\Admin\Desktop\cbs.txt
2015-09-26 10:22 - 2015-09-26 10:22 - 00958104 _____ C:\Users\Admin\Downloads\Norton_Removal_Tool.exe
2015-09-26 00:33 - 2015-09-26 00:33 - 20389640 _____ (Tweaking.com) C:\Users\Admin\Downloads\tweaking.com_windows_repair_aio_setup (1).exe
2015-09-25 23:32 - 2015-09-25 23:32 - 01067640 _____ (F-Secure Corporation ) C:\Users\Admin\Desktop\fsecure UninstallationTool.exe
2015-09-25 23:29 - 2015-09-25 23:29 - 00099256 _____ C:\Users\Admin\Desktop\hklm_uninstall64.txt
2015-09-25 23:19 - 2015-09-25 23:19 - 00000472 _____ C:\Users\Admin\Desktop\Emi2.txt
2015-09-25 23:15 - 2015-09-25 23:15 - 00000472 _____ C:\Users\Admin\Desktop\emi1.txt
2015-09-25 22:48 - 2015-09-25 22:48 - 00001052 _____ C:\Users\Admin\Desktop\mwb2.txt
2015-09-25 20:48 - 2015-09-25 20:48 - 00000000 ____D C:\ProgramData\F-Secure-UninstallationTool
2015-09-25 13:08 - 2015-09-25 12:12 - 00012267 _____ C:\Users\Admin\Documents\New folder (2).zip
2015-09-25 12:12 - 2015-09-25 12:12 - 00012267 _____ C:\Users\Admin\Desktop\New folder (2).zip
2015-09-25 12:06 - 2015-09-25 12:06 - 00000000 ____D C:\Users\Admin\Desktop\New folder (2)
2015-09-25 00:50 - 2015-09-25 23:03 - 00000000 ____D C:\EEK
2015-09-25 00:50 - 2015-09-25 00:50 - 00000761 _____ C:\Users\Admin\Desktop\Start Emsisoft Emergency Kit.lnk
2015-09-25 00:48 - 2015-09-25 00:50 - 167039456 _____ C:\Users\Admin\Downloads\EmsisoftEmergencyKit.exe
2015-09-24 23:31 - 2015-09-24 23:31 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ADMIN-PC-Windows-7-Home-Premium-(32-bit).dat
2015-09-24 23:31 - 2015-09-24 23:31 - 00000000 ____D C:\RegBackup
2015-09-24 23:25 - 2015-09-24 23:25 - 00002135 _____ C:\Users\Admin\Desktop\Tweaking.com - Windows Repair.lnk
2015-09-24 23:25 - 2015-09-24 23:25 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2015-09-24 23:25 - 2015-09-24 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-09-24 23:25 - 2015-09-24 23:25 - 00000000 ____D C:\Program Files\Tweaking.com
2015-09-24 23:24 - 2015-09-24 23:24 - 20389640 _____ (Tweaking.com) C:\Users\Admin\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-09-24 23:22 - 2015-09-24 23:22 - 00032225 _____ C:\Users\Admin\Desktop\windows_repair_all_in_one.htm
2015-09-24 20:51 - 2015-09-24 20:51 - 04883166 _____ C:\Users\Admin\Desktop\Tonyjj.arn
2015-09-24 20:47 - 2015-09-24 20:51 - 00000000 ____D C:\Users\Admin\Desktop\Autoruns
2015-09-24 20:46 - 2015-09-24 20:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PeaZip
2015-09-24 20:45 - 2015-09-24 20:45 - 00000955 _____ C:\Users\Admin\Desktop\PeaZip.lnk
2015-09-24 20:45 - 2015-09-24 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
2015-09-24 20:45 - 2015-09-24 20:45 - 00000000 ____D C:\Program Files\PeaZip
2015-09-24 20:42 - 2015-09-24 20:42 - 00593693 _____ C:\Users\Admin\Desktop\Autoruns.zip
2015-09-24 20:16 - 2015-09-25 22:35 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-24 20:16 - 2015-09-24 20:16 - 00001078 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-24 20:16 - 2015-09-24 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-24 20:16 - 2015-09-24 20:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-24 20:16 - 2015-09-24 20:16 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-24 20:16 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-24 20:16 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-24 20:16 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-24 19:48 - 2015-09-24 19:48 - 01800512 _____ (Malwarebytes) C:\Users\Admin\Desktop\JRT.exe
2015-09-24 19:28 - 2015-09-25 22:25 - 00000000 ____D C:\AdwCleaner
2015-09-24 19:21 - 2015-09-24 19:21 - 01662976 _____ C:\Users\Admin\Desktop\AdwCleaner.exe
2015-09-24 18:53 - 2015-09-24 18:53 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.exe
2015-09-24 17:21 - 2015-09-24 17:21 - 00000000 ____D C:\Windows\pss
2015-09-24 16:41 - 2015-09-24 16:41 - 00891392 _____ (Farbar) C:\Users\Admin\Desktop\MiniToolBox.exe
2015-09-24 15:15 - 2015-09-24 15:15 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-21 23:10 - 2015-09-21 23:11 - 00000000 ____D C:\Users\Admin\AppData\Local\NPE
2015-09-21 12:57 - 2015-09-21 12:57 - 00000000 ____D C:\Users\Admin\Documents\Baidu
2015-09-21 12:52 - 2015-09-22 17:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-09-21 12:47 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-09-21 12:47 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-09-21 12:47 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-09-21 12:47 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-09-21 12:46 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-09-21 12:45 - 2015-09-22 17:18 - 00000000 ___RD C:\Users\Admin\OneDrive
2015-09-21 12:45 - 2015-09-22 17:18 - 00000000 ____D C:\Program Files\Microsoft OneDrive
2015-09-21 12:45 - 2015-09-21 12:45 - 00002194 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-21 12:45 - 2015-09-21 12:45 - 00002076 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-21 12:45 - 2015-09-21 12:45 - 00002076 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-21 12:45 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-09-21 12:44 - 2015-09-21 12:44 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-09-21 01:02 - 2015-09-21 01:41 - 00000000 ____D C:\Users\Admin\Desktop\4K Video Downloader
2015-09-21 01:02 - 2015-09-21 01:02 - 00000000 ____D C:\Users\Admin\AppData\Local\4kdownload.com
2015-09-21 00:56 - 2015-09-21 00:56 - 00001236 _____ C:\Users\Admin\Desktop\4K Video Downloader.lnk
2015-09-21 00:56 - 2015-09-21 00:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2015-09-21 00:56 - 2015-09-21 00:56 - 00000000 ____D C:\Program Files\4KDownload
2015-09-19 22:13 - 2015-09-19 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-09-19 22:13 - 2015-09-19 22:13 - 00000000 ____D C:\Program Files\Elaborate Bytes
2015-09-19 21:55 - 2015-09-19 18:27 - 3371624448 _____ C:\Users\Admin\Documents\Bangles - Return to Bangleonia.iso
2015-09-18 12:00 - 2015-09-18 12:00 - 00000000 ____D C:\Users\Admin\.swt
2015-09-18 11:58 - 2015-09-18 12:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Azureus
2015-09-15 00:14 - 2015-09-15 00:14 - 00001030 _____ C:\Users\Public\Desktop\BurnAware Free.lnk
2015-09-11 10:47 - 2015-09-11 10:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Opera Software
2015-09-11 10:47 - 2015-09-11 10:47 - 00000000 ____D C:\Users\Admin\AppData\Local\Opera Software
2015-09-11 10:46 - 2015-09-15 00:19 - 00000000 ____D C:\Program Files\Opera
2015-09-11 10:46 - 2015-09-15 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2015-09-11 10:45 - 2015-09-15 00:14 - 00000000 ____D C:\Program Files\BurnAware Free
2015-09-11 10:38 - 2015-09-11 10:38 - 00001534 _____ C:\ProgramData\ss.ini
2015-09-11 10:38 - 2015-09-11 10:38 - 00000000 ____D C:\ProgramData\FreeRIP MP3 Converter
2015-09-10 17:39 - 2015-09-10 17:39 - 00000000 ____D C:\Users\Admin\AppData\Local\Real
2015-09-10 17:35 - 2015-09-10 17:45 - 00000000 ____D C:\Program Files\Real
2015-09-10 17:34 - 2015-09-10 17:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Real
2015-09-10 17:33 - 2015-09-10 17:45 - 00000000 ____D C:\ProgramData\Real
2015-09-10 16:28 - 2015-09-10 16:28 - 00002131 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2015-09-10 16:28 - 2015-09-10 16:28 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-09-10 14:12 - 2015-09-10 14:12 - 00000000 ____D C:\ProgramData\Baidu
2015-09-10 14:11 - 2015-09-10 14:11 - 00000000 ____D C:\Users\Admin\AppData\Local\MiniService
2015-09-10 14:09 - 2015-09-10 14:09 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-09-10 12:30 - 2015-09-10 15:24 - 00000000 ____D C:\Program Files\NCH Software
2015-09-10 12:10 - 2015-09-10 13:43 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2015-09-10 12:06 - 2015-09-10 12:06 - 00000000 ____D C:\Program Files\VideoLAN
2015-09-09 05:54 - 2015-08-18 02:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 05:54 - 2015-08-15 07:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 05:54 - 2015-08-15 06:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 05:54 - 2015-08-15 06:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 05:54 - 2015-08-15 06:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 05:54 - 2015-08-15 06:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 05:54 - 2015-08-15 06:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 05:54 - 2015-08-15 06:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 05:54 - 2015-08-15 06:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 05:54 - 2015-08-15 06:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 05:54 - 2015-08-15 06:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 05:54 - 2015-08-15 06:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 05:54 - 2015-08-15 06:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 05:54 - 2015-08-15 06:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 05:54 - 2015-08-15 06:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 05:54 - 2015-08-15 06:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 05:54 - 2015-08-15 06:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 05:54 - 2015-08-15 06:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 05:54 - 2015-08-15 06:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 05:54 - 2015-08-15 06:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 05:54 - 2015-08-15 06:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 05:54 - 2015-08-15 06:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 05:54 - 2015-08-15 06:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 05:54 - 2015-08-15 06:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 05:54 - 2015-08-15 06:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 05:54 - 2015-08-15 06:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 05:54 - 2015-08-15 06:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 05:54 - 2015-08-15 06:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 05:54 - 2015-08-15 06:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 05:54 - 2015-08-15 05:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 05:54 - 2015-08-15 05:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 05:54 - 2015-08-15 05:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 05:52 - 2015-09-02 03:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 05:52 - 2015-09-02 03:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 05:52 - 2015-09-02 03:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 05:52 - 2015-09-02 03:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 05:52 - 2015-09-02 02:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 05:52 - 2015-09-02 02:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 05:52 - 2015-08-27 18:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 05:52 - 2015-08-27 18:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 05:52 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 05:52 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 05:52 - 2015-08-05 18:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 05:52 - 2015-08-05 18:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 05:52 - 2015-08-05 18:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 05:52 - 2015-08-04 18:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 05:52 - 2015-08-04 18:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 05:52 - 2015-08-04 18:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 05:52 - 2015-08-04 18:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 05:52 - 2015-08-04 18:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 05:52 - 2015-08-04 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 05:52 - 2015-07-22 18:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-09 05:52 - 2015-07-22 18:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 05:52 - 2015-07-22 18:57 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 05:52 - 2015-07-22 18:57 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 05:52 - 2015-07-22 18:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 05:52 - 2015-07-22 18:52 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 05:52 - 2015-07-22 18:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 05:52 - 2015-07-22 18:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 05:52 - 2015-07-22 18:52 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 05:52 - 2015-07-22 18:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 05:52 - 2015-07-22 18:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 05:52 - 2015-07-22 18:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 05:52 - 2015-07-22 18:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 05:52 - 2015-07-22 17:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 05:52 - 2015-07-22 17:34 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 05:52 - 2015-07-22 17:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 05:52 - 2015-07-22 17:33 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 05:51 - 2015-07-09 18:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 05:51 - 2015-07-09 18:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 05:51 - 2015-06-25 10:48 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 05:51 - 2015-06-25 10:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 05:51 - 2015-06-25 10:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 05:50 - 2015-08-26 18:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 05:50 - 2015-08-26 18:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 05:50 - 2015-08-26 18:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 05:50 - 2015-08-26 18:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 05:50 - 2015-07-15 03:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-07 00:00 - 2015-09-22 13:57 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2015-09-04 11:55 - 2015-09-04 11:55 - 00001240 _____ C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2015-09-04 11:55 - 2015-09-04 11:55 - 00000000 ____D C:\Program Files\VS Revo Group
2015-09-04 10:14 - 2015-09-04 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-09-02 22:58 - 2015-09-02 22:58 - 00002266 _____ C:\Users\Public\Desktop\Free Video to DVD Converter.lnk
2015-09-02 22:58 - 2015-09-02 22:58 - 00001283 _____ C:\Users\Public\Desktop\Free DVD Video Burner.lnk
2015-09-02 22:58 - 2015-09-02 22:58 - 00001217 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-09-02 22:58 - 2015-09-02 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-09-02 22:57 - 2015-09-02 22:58 - 00000000 ____D C:\Program Files\DVDVideoSoft
2015-09-02 22:57 - 2015-09-02 22:57 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2015-09-02 22:56 - 2015-09-14 23:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2015-09-02 21:14 - 2015-09-02 21:14 - 00000000 ____D C:\ProgramData\vsosdk
2015-09-02 21:11 - 2015-09-02 21:11 - 00015487 _____ C:\Users\Admin\Desktop\The Beatles - Let It Be - Entire Album - Shortcut.lnk
2015-09-02 20:33 - 2015-09-14 23:56 - 00000000 ____D C:\Program Files\VSO
2015-09-02 20:33 - 2015-09-11 06:21 - 00000055 _____ C:\Users\Admin\AppData\Roaming\pcouffin.log
2015-09-02 20:33 - 2015-09-11 06:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Vso
2015-09-02 20:33 - 2015-09-03 21:49 - 00087608 _____ C:\Users\Admin\AppData\Roaming\inst.exe
2015-09-02 20:33 - 2015-09-03 21:49 - 00047360 _____ (VSO Software) C:\Users\Admin\AppData\Roaming\pcouffin.sys
2015-09-02 20:33 - 2015-09-03 21:49 - 00007887 _____ C:\Users\Admin\AppData\Roaming\pcouffin.cat
2015-09-02 20:33 - 2015-09-02 21:44 - 00000000 ____D C:\ProgramData\VSO
2015-09-02 20:22 - 2015-09-02 20:22 - 00000000 ____D C:\Users\Admin\Documents\DreamVideoSoft
2015-09-02 20:08 - 2015-09-02 20:08 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AVS4YOU
2015-09-02 20:05 - 2015-09-02 20:19 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2015-09-02 20:05 - 2015-09-02 20:19 - 00000000 ____D C:\Program Files\AVS4YOU
2015-09-02 20:05 - 2015-09-02 20:08 - 00000000 ____D C:\ProgramData\AVS4YOU
2015-09-02 20:05 - 2010-05-11 13:17 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-09-02 20:05 - 2010-05-11 13:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll
2015-09-02 02:02 - 2015-09-10 15:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\NCH Software
2015-09-02 02:02 - 2015-09-10 15:23 - 00000000 ____D C:\ProgramData\NCH Software
2015-08-31 11:29 - 2015-09-24 19:49 - 00000000 ____D C:\ProgramData\Lavasoft
2015-08-31 11:29 - 2015-09-24 19:49 - 00000000 ____D C:\Program Files\Lavasoft
2015-08-31 11:29 - 2015-08-31 11:29 - 00345360 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-08-31 11:28 - 2015-08-31 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack
2015-08-31 00:38 - 2015-08-31 00:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4
2015-08-31 00:38 - 2015-08-31 00:38 - 00000000 ____D C:\Users\Admin\AppData\Local\pip
2015-08-31 00:37 - 2015-08-31 00:38 - 00000000 ____D C:\Python34
2015-08-30 20:03 - 2015-09-15 14:11 - 00000000 ____D C:\Users\Admin\Desktop\Loanies
2015-08-30 19:57 - 2015-09-19 07:31 - 00001247 _____ C:\Users\Admin\AppData\Roaming\burnaware.ini
2015-08-30 19:44 - 2015-09-25 09:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\qBittorrent
2015-08-30 19:44 - 2015-09-04 10:14 - 00001019 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2015-08-30 19:44 - 2015-08-31 00:38 - 00000000 ____D C:\Users\Admin\AppData\Local\qBittorrent
2015-08-30 19:43 - 2015-09-04 10:14 - 00000000 ____D C:\Program Files\qBittorrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-27 10:42 - 2009-07-14 05:39 - 00038317 _____ C:\Windows\setupact.log
2015-09-27 10:42 - 2009-07-14 05:34 - 00023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-27 10:42 - 2009-07-14 05:34 - 00023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-27 00:45 - 2010-05-24 11:14 - 01604238 _____ C:\Windows\WindowsUpdate.log
2015-09-26 10:26 - 2011-05-09 12:10 - 00150524 _____ C:\Windows\PFRO.log
2015-09-26 10:25 - 2015-08-01 12:50 - 00000000 ____D C:\ProgramData\Norton
2015-09-25 21:02 - 2015-08-11 12:00 - 00000000 ____D C:\Program Files\TalkTalk
2015-09-25 21:02 - 2015-08-11 11:59 - 00000000 ____D C:\ProgramData\F-Secure
2015-09-25 13:12 - 2011-09-20 18:12 - 00000000 ____D C:\Users\Admin\AppData\Local\Windows Live Writer
2015-09-24 20:30 - 2009-07-14 05:53 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-24 20:30 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Speech
2015-09-23 02:00 - 2015-08-05 18:37 - 00000000 ____D C:\Users\Admin\Desktop\New folder
2015-09-22 22:42 - 2015-08-13 16:09 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-22 22:39 - 2015-08-13 16:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-22 22:12 - 2015-07-31 11:12 - 00000917 _____ C:\Windows\Tasks\EPSON XP-422 423 425 Series Update {E3CC20A7-B58D-446B-B6BC-940B4A3ADFED}.job
2015-09-22 18:28 - 2015-08-13 16:09 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-22 17:39 - 2015-08-13 16:09 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-22 17:39 - 2015-08-13 16:09 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-22 17:19 - 2010-05-24 11:17 - 00000000 ____D C:\Users\Admin
2015-09-22 17:19 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-22 17:19 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\wfp
2015-09-22 17:18 - 2015-08-13 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-22 17:18 - 2015-07-30 14:57 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-22 17:18 - 2011-09-20 18:10 - 00000000 ____D C:\Program Files\Windows Live
2015-09-22 17:18 - 2010-05-24 11:32 - 00000000 ____D C:\Windows\system32\Macromed
2015-09-22 17:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2015-09-22 17:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-22 17:18 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-22 17:16 - 2011-09-20 17:43 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2015-09-21 22:45 - 2011-09-20 17:43 - 00000000 ____D C:\Users\Admin\AppData\Local\Windows Live
2015-09-21 12:51 - 2011-09-20 18:11 - 00001422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-09-16 09:34 - 2015-08-11 12:05 - 00054968 _____ C:\Windows\system32\Drivers\fsbts.sys
2015-09-15 05:48 - 2015-07-30 15:39 - 00000000 ____D C:\Windows\rescache
2015-09-15 00:00 - 2015-07-31 11:24 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-15 00:00 - 2015-07-31 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-09-15 00:00 - 2015-07-30 12:14 - 00000000 ____D C:\Program Files\Google
2015-09-15 00:00 - 2009-07-14 08:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-09-14 23:55 - 2015-07-31 11:13 - 00000000 ____D C:\Program Files\EPSON Software
2015-09-10 18:31 - 2010-05-24 11:17 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2015-09-10 16:28 - 2015-07-31 11:25 - 00000000 ____D C:\ProgramData\UDL
2015-09-10 15:48 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-09-10 15:45 - 2010-05-24 11:28 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-10 15:20 - 2010-05-24 11:46 - 00000000 ____D C:\Program Files\CDBurnerXP
2015-09-10 05:39 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-10 03:43 - 2009-07-14 05:33 - 00399272 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 03:40 - 2009-07-14 08:49 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 03:16 - 2014-12-17 16:49 - 00000000 ____D C:\Windows\system32\MRT
2015-09-02 22:29 - 2015-08-13 16:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dashlane
2015-09-02 22:29 - 2015-08-13 16:21 - 00000000 ____D C:\Program Files\Dashlane

==================== Files in the root of some directories =======

2015-08-30 19:57 - 2015-09-19 07:31 - 0001247 _____ () C:\Users\Admin\AppData\Roaming\burnaware.ini
2015-09-02 20:33 - 2015-09-03 21:49 - 0087608 _____ () C:\Users\Admin\AppData\Roaming\inst.exe
2015-09-02 20:33 - 2015-09-03 21:49 - 0007887 _____ () C:\Users\Admin\AppData\Roaming\pcouffin.cat
2015-09-02 20:33 - 2015-09-03 21:49 - 0001144 _____ () C:\Users\Admin\AppData\Roaming\pcouffin.inf
2015-09-02 20:33 - 2015-09-11 06:21 - 0000055 _____ () C:\Users\Admin\AppData\Roaming\pcouffin.log
2015-09-02 20:33 - 2015-09-03 21:49 - 0047360 _____ (VSO Software) C:\Users\Admin\AppData\Roaming\pcouffin.sys
2015-08-15 01:56 - 2015-08-15 01:56 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-05 20:49 - 2015-08-05 20:49 - 0000218 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2015-09-11 10:38 - 2015-09-11 10:38 - 0001534 _____ () C:\ProgramData\ss.ini

Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-21 05:59

==================== End of FRST.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015
Ran by Admin (administrator) on ADMIN-PC (27-09-2015 12:38:59)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKU\S-1-5-21-427906458-3327328302-4153345130-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-427906458-3327328302-4153345130-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{13F1786E-4057-4E6D-A94F-2F32278460A0}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{51D4030C-B229-4611-961C-49D1E6E782DC}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-427906458-3327328302-4153345130-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-427906458-3327328302-4153345130-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files\TalkTalk\Security\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-30]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-30]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-30]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-30]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-30]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-08-01]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-30]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-12]
CHR Extension: (Norton Identity Safe) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-01]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2015-08-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-30]
CHR Extension: (Norton Safe) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-30]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files/TalkTalk/Security/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
S4 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [143424 2013-04-15] (SEIKO EPSON CORPORATION)
S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 MyEpson Portal Service; C:\Program Files\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
S1 epp32; C:\EEK\bin\epp32.sys [112408 2015-09-24] (Emsisoft GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 vmx_svga; C:\Windows\System32\DRIVERS\vmx_svga.sys [63920 2009-10-20] (VMware, Inc.)
S3 fsni; \??\C:\Program Files\TalkTalk\Security\apps\CCF_Scanning\bin\fsni32.sys [X]
S3 StarOpen; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-27 12:38 - 2015-09-27 12:39 - 00008955 _____ C:\Users\Admin\Desktop\FRST.txt
2015-09-27 12:38 - 2015-09-27 12:38 - 01695744 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-09-27 11:46 - 2015-09-27 11:46 - 01695744 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2015-09-27 11:37 - 2015-09-27 11:40 - 00040637 _____ C:\Users\Admin\Downloads\FRST.txt
2015-09-27 11:37 - 2015-09-27 11:37 - 01695744 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2015-09-27 11:03 - 2015-09-27 11:03 - 00028034 _____ C:\Users\Admin\Downloads\Addition.txt
2015-09-27 11:02 - 2015-09-27 12:38 - 00000000 ____D C:\FRST
2015-09-26 16:20 - 2015-09-26 16:19 - 02304693 _____ C:\Users\Admin\Desktop\cbs.txt
2015-09-26 10:22 - 2015-09-26 10:22 - 00958104 _____ C:\Users\Admin\Downloads\Norton_Removal_Tool.exe
2015-09-26 00:33 - 2015-09-26 00:33 - 20389640 _____ (Tweaking.com) C:\Users\Admin\Downloads\tweaking.com_windows_repair_aio_setup (1).exe
2015-09-25 23:32 - 2015-09-25 23:32 - 01067640 _____ (F-Secure Corporation ) C:\Users\Admin\Desktop\fsecure UninstallationTool.exe
2015-09-25 23:29 - 2015-09-25 23:29 - 00099256 _____ C:\Users\Admin\Desktop\hklm_uninstall64.txt
2015-09-25 23:19 - 2015-09-25 23:19 - 00000472 _____ C:\Users\Admin\Desktop\Emi2.txt
2015-09-25 23:15 - 2015-09-25 23:15 - 00000472 _____ C:\Users\Admin\Desktop\emi1.txt
2015-09-25 22:48 - 2015-09-25 22:48 - 00001052 _____ C:\Users\Admin\Desktop\mwb2.txt
2015-09-25 20:48 - 2015-09-25 20:48 - 00000000 ____D C:\ProgramData\F-Secure-UninstallationTool
2015-09-25 13:08 - 2015-09-25 12:12 - 00012267 _____ C:\Users\Admin\Documents\New folder (2).zip
2015-09-25 12:12 - 2015-09-25 12:12 - 00012267 _____ C:\Users\Admin\Desktop\New folder (2).zip
2015-09-25 12:06 - 2015-09-25 12:06 - 00000000 ____D C:\Users\Admin\Desktop\New folder (2)
2015-09-25 00:50 - 2015-09-25 23:03 - 00000000 ____D C:\EEK
2015-09-25 00:50 - 2015-09-25 00:50 - 00000761 _____ C:\Users\Admin\Desktop\Start Emsisoft Emergency Kit.lnk
2015-09-25 00:48 - 2015-09-25 00:50 - 167039456 _____ C:\Users\Admin\Downloads\EmsisoftEmergencyKit.exe
2015-09-24 23:31 - 2015-09-24 23:31 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ADMIN-PC-Windows-7-Home-Premium-(32-bit).dat
2015-09-24 23:31 - 2015-09-24 23:31 - 00000000 ____D C:\RegBackup
2015-09-24 23:25 - 2015-09-24 23:25 - 00002135 _____ C:\Users\Admin\Desktop\Tweaking.com - Windows Repair.lnk
2015-09-24 23:25 - 2015-09-24 23:25 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2015-09-24 23:25 - 2015-09-24 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-09-24 23:25 - 2015-09-24 23:25 - 00000000 ____D C:\Program Files\Tweaking.com
2015-09-24 23:24 - 2015-09-24 23:24 - 20389640 _____ (Tweaking.com) C:\Users\Admin\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-09-24 23:22 - 2015-09-24 23:22 - 00032225 _____ C:\Users\Admin\Desktop\windows_repair_all_in_one.htm
2015-09-24 20:51 - 2015-09-24 20:51 - 04883166 _____ C:\Users\Admin\Desktop\Tonyjj.arn
2015-09-24 20:47 - 2015-09-24 20:51 - 00000000 ____D C:\Users\Admin\Desktop\Autoruns
2015-09-24 20:46 - 2015-09-24 20:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PeaZip
2015-09-24 20:45 - 2015-09-24 20:45 - 00000955 _____ C:\Users\Admin\Desktop\PeaZip.lnk
2015-09-24 20:45 - 2015-09-24 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
2015-09-24 20:45 - 2015-09-24 20:45 - 00000000 ____D C:\Program Files\PeaZip
2015-09-24 20:42 - 2015-09-24 20:42 - 00593693 _____ C:\Users\Admin\Desktop\Autoruns.zip
2015-09-24 20:16 - 2015-09-25 22:35 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-24 20:16 - 2015-09-24 20:16 - 00001078 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-24 20:16 - 2015-09-24 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-24 20:16 - 2015-09-24 20:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-24 20:16 - 2015-09-24 20:16 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-24 20:16 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-24 20:16 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-24 20:16 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-24 19:48 - 2015-09-24 19:48 - 01800512 _____ (Malwarebytes) C:\Users\Admin\Desktop\JRT.exe
2015-09-24 19:28 - 2015-09-25 22:25 - 00000000 ____D C:\AdwCleaner
2015-09-24 19:21 - 2015-09-24 19:21 - 01662976 _____ C:\Users\Admin\Desktop\AdwCleaner.exe
2015-09-24 18:53 - 2015-09-24 18:53 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.exe
2015-09-24 17:21 - 2015-09-24 17:21 - 00000000 ____D C:\Windows\pss
2015-09-24 16:41 - 2015-09-24 16:41 - 00891392 _____ (Farbar) C:\Users\Admin\Desktop\MiniToolBox.exe
2015-09-24 15:15 - 2015-09-24 15:15 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-21 23:10 - 2015-09-21 23:11 - 00000000 ____D C:\Users\Admin\AppData\Local\NPE
2015-09-21 12:57 - 2015-09-21 12:57 - 00000000 ____D C:\Users\Admin\Documents\Baidu
2015-09-21 12:52 - 2015-09-22 17:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-09-21 12:47 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-09-21 12:47 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-09-21 12:47 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-09-21 12:47 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-09-21 12:46 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-09-21 12:45 - 2015-09-22 17:18 - 00000000 ___RD C:\Users\Admin\OneDrive
2015-09-21 12:45 - 2015-09-22 17:18 - 00000000 ____D C:\Program Files\Microsoft OneDrive
2015-09-21 12:45 - 2015-09-21 12:45 - 00002194 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-21 12:45 - 2015-09-21 12:45 - 00002076 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-21 12:45 - 2015-09-21 12:45 - 00002076 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-21 12:45 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-09-21 12:44 - 2015-09-21 12:44 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-09-21 01:02 - 2015-09-21 01:41 - 00000000 ____D C:\Users\Admin\Desktop\4K Video Downloader
2015-09-21 01:02 - 2015-09-21 01:02 - 00000000 ____D C:\Users\Admin\AppData\Local\4kdownload.com
2015-09-21 00:56 - 2015-09-21 00:56 - 00001236 _____ C:\Users\Admin\Desktop\4K Video Downloader.lnk
2015-09-21 00:56 - 2015-09-21 00:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2015-09-21 00:56 - 2015-09-21 00:56 - 00000000 ____D C:\Program Files\4KDownload
2015-09-19 22:13 - 2015-09-19 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-09-19 22:13 - 2015-09-19 22:13 - 00000000 ____D C:\Program Files\Elaborate Bytes
2015-09-19 21:55 - 2015-09-19 18:27 - 3371624448 _____ C:\Users\Admin\Documents\Bangles - Return to Bangleonia.iso
2015-09-18 12:00 - 2015-09-18 12:00 - 00000000 ____D C:\Users\Admin\.swt
2015-09-18 11:58 - 2015-09-18 12:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Azureus
2015-09-15 00:14 - 2015-09-15 00:14 - 00001030 _____ C:\Users\Public\Desktop\BurnAware Free.lnk
2015-09-11 10:47 - 2015-09-11 10:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Opera Software
2015-09-11 10:47 - 2015-09-11 10:47 - 00000000 ____D C:\Users\Admin\AppData\Local\Opera Software
2015-09-11 10:46 - 2015-09-15 00:19 - 00000000 ____D C:\Program Files\Opera
2015-09-11 10:46 - 2015-09-15 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2015-09-11 10:45 - 2015-09-15 00:14 - 00000000 ____D C:\Program Files\BurnAware Free
2015-09-11 10:38 - 2015-09-11 10:38 - 00001534 _____ C:\ProgramData\ss.ini
2015-09-11 10:38 - 2015-09-11 10:38 - 00000000 ____D C:\ProgramData\FreeRIP MP3 Converter
2015-09-10 17:39 - 2015-09-10 17:39 - 00000000 ____D C:\Users\Admin\AppData\Local\Real
2015-09-10 17:35 - 2015-09-10 17:45 - 00000000 ____D C:\Program Files\Real
2015-09-10 17:34 - 2015-09-10 17:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Real
2015-09-10 17:33 - 2015-09-10 17:45 - 00000000 ____D C:\ProgramData\Real
2015-09-10 16:28 - 2015-09-10 16:28 - 00002131 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2015-09-10 16:28 - 2015-09-10 16:28 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-09-10 14:12 - 2015-09-10 14:12 - 00000000 ____D C:\ProgramData\Baidu
2015-09-10 14:11 - 2015-09-10 14:11 - 00000000 ____D C:\Users\Admin\AppData\Local\MiniService
2015-09-10 14:09 - 2015-09-10 14:09 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-09-10 12:30 - 2015-09-10 15:24 - 00000000 ____D C:\Program Files\NCH Software
2015-09-10 12:10 - 2015-09-10 13:43 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2015-09-10 12:06 - 2015-09-10 12:06 - 00000000 ____D C:\Program Files\VideoLAN
2015-09-09 05:54 - 2015-08-18 02:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 05:54 - 2015-08-15 07:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 05:54 - 2015-08-15 06:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 05:54 - 2015-08-15 06:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 05:54 - 2015-08-15 06:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 05:54 - 2015-08-15 06:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 05:54 - 2015-08-15 06:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 05:54 - 2015-08-15 06:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 05:54 - 2015-08-15 06:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 05:54 - 2015-08-15 06:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 05:54 - 2015-08-15 06:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 05:54 - 2015-08-15 06:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 05:54 - 2015-08-15 06:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 05:54 - 2015-08-15 06:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 05:54 - 2015-08-15 06:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 05:54 - 2015-08-15 06:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 05:54 - 2015-08-15 06:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 05:54 - 2015-08-15 06:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 05:54 - 2015-08-15 06:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 05:54 - 2015-08-15 06:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 05:54 - 2015-08-15 06:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 05:54 - 2015-08-15 06:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 05:54 - 2015-08-15 06:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 05:54 - 2015-08-15 06:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 05:54 - 2015-08-15 06:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 05:54 - 2015-08-15 06:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 05:54 - 2015-08-15 06:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 05:54 - 2015-08-15 06:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 05:54 - 2015-08-15 06:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 05:54 - 2015-08-15 05:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 05:54 - 2015-08-15 05:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 05:54 - 2015-08-15 05:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 05:52 - 2015-09-02 03:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 05:52 - 2015-09-02 03:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 05:52 - 2015-09-02 03:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 05:52 - 2015-09-02 03:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 05:52 - 2015-09-02 02:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 05:52 - 2015-09-02 02:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 05:52 - 2015-08-27 18:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 05:52 - 2015-08-27 18:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 05:52 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 05:52 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 05:52 - 2015-08-05 18:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 05:52 - 2015-08-05 18:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 05:52 - 2015-08-05 18:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 05:52 - 2015-08-04 18:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 05:52 - 2015-08-04 18:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 05:52 - 2015-08-04 18:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 05:52 - 2015-08-04 18:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 05:52 - 2015-08-04 18:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 05:52 - 2015-08-04 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 05:52 - 2015-07-22 18:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-09 05:52 - 2015-07-22 18:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 05:52 - 2015-07-22 18:57 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 05:52 - 2015-07-22 18:57 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 05:52 - 2015-07-22 18:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 05:52 - 2015-07-22 18:52 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 05:52 - 2015-07-22 18:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 05:52 - 2015-07-22 18:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 05:52 - 2015-07-22 18:52 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 05:52 - 2015-07-22 18:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 05:52 - 2015-07-22 18:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 05:52 - 2015-07-22 18:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 05:52 - 2015-07-22 18:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 05:52 - 2015-07-22 17:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 05:52 - 2015-07-22 17:34 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 05:52 - 2015-07-22 17:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 05:52 - 2015-07-22 17:33 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 05:51 - 2015-07-09 18:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 05:51 - 2015-07-09 18:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 05:51 - 2015-06-25 10:48 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 05:51 - 2015-06-25 10:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 05:51 - 2015-06-25 10:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 05:50 - 2015-08-26 18:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 05:50 - 2015-08-26 18:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 05:50 - 2015-08-26 18:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 05:50 - 2015-08-26 18:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 05:50 - 2015-07-15 03:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-07 00:00 - 2015-09-22 13:57 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2015-09-04 11:55 - 2015-09-04 11:55 - 00001240 _____ C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2015-09-04 11:55 - 2015-09-04 11:55 - 00000000 ____D C:\Program Files\VS Revo Group
2015-09-04 10:14 - 2015-09-04 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-09-02 22:58 - 2015-09-02 22:58 - 00002266 _____ C:\Users\Public\Desktop\Free Video to DVD Converter.lnk
2015-09-02 22:58 - 2015-09-02 22:58 - 00001283 _____ C:\Users\Public\Desktop\Free DVD Video Burner.lnk
2015-09-02 22:58 - 2015-09-02 22:58 - 00001217 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-09-02 22:58 - 2015-09-02 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-09-02 22:57 - 2015-09-02 22:58 - 00000000 ____D C:\Program Files\DVDVideoSoft
2015-09-02 22:57 - 2015-09-02 22:57 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2015-09-02 22:56 - 2015-09-14 23:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2015-09-02 21:14 - 2015-09-02 21:14 - 00000000 ____D C:\ProgramData\vsosdk
2015-09-02 21:11 - 2015-09-02 21:11 - 00015487 _____ C:\Users\Admin\Desktop\The Beatles - Let It Be - Entire Album - Shortcut.lnk
2015-09-02 20:33 - 2015-09-14 23:56 - 00000000 ____D C:\Program Files\VSO
2015-09-02 20:33 - 2015-09-11 06:21 - 00000055 _____ C:\Users\Admin\AppData\Roaming\pcouffin.log
2015-09-02 20:33 - 2015-09-11 06:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Vso
2015-09-02 20:33 - 2015-09-03 21:49 - 00087608 _____ C:\Users\Admin\AppData\Roaming\inst.exe
2015-09-02 20:33 - 2015-09-03 21:49 - 00047360 _____ (VSO Software) C:\Users\Admin\AppData\Roaming\pcouffin.sys
2015-09-02 20:33 - 2015-09-03 21:49 - 00007887 _____ C:\Users\Admin\AppData\Roaming\pcouffin.cat
2015-09-02 20:33 - 2015-09-02 21:44 - 00000000 ____D C:\ProgramData\VSO
2015-09-02 20:22 - 2015-09-02 20:22 - 00000000 ____D C:\Users\Admin\Documents\DreamVideoSoft
2015-09-02 20:08 - 2015-09-02 20:08 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AVS4YOU
2015-09-02 20:05 - 2015-09-02 20:19 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2015-09-02 20:05 - 2015-09-02 20:19 - 00000000 ____D C:\Program Files\AVS4YOU
2015-09-02 20:05 - 2015-09-02 20:08 - 00000000 ____D C:\ProgramData\AVS4YOU
2015-09-02 20:05 - 2010-05-11 13:17 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-09-02 20:05 - 2010-05-11 13:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll
2015-09-02 02:02 - 2015-09-10 15:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\NCH Software
2015-09-02 02:02 - 2015-09-10 15:23 - 00000000 ____D C:\ProgramData\NCH Software
2015-08-31 11:29 - 2015-09-24 19:49 - 00000000 ____D C:\ProgramData\Lavasoft
2015-08-31 11:29 - 2015-09-24 19:49 - 00000000 ____D C:\Program Files\Lavasoft
2015-08-31 11:29 - 2015-08-31 11:29 - 00345360 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-08-31 11:28 - 2015-08-31 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack
2015-08-31 00:38 - 2015-08-31 00:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4
2015-08-31 00:38 - 2015-08-31 00:38 - 00000000 ____D C:\Users\Admin\AppData\Local\pip
2015-08-31 00:37 - 2015-08-31 00:38 - 00000000 ____D C:\Python34
2015-08-30 20:03 - 2015-09-15 14:11 - 00000000 ____D C:\Users\Admin\Desktop\Loanies
2015-08-30 19:57 - 2015-09-19 07:31 - 00001247 _____ C:\Users\Admin\AppData\Roaming\burnaware.ini
2015-08-30 19:44 - 2015-09-25 09:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\qBittorrent
2015-08-30 19:44 - 2015-09-04 10:14 - 00001019 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2015-08-30 19:44 - 2015-08-31 00:38 - 00000000 ____D C:\Users\Admin\AppData\Local\qBittorrent
2015-08-30 19:43 - 2015-09-04 10:14 - 00000000 ____D C:\Program Files\qBittorrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-27 10:42 - 2009-07-14 05:39 - 00038317 _____ C:\Windows\setupact.log
2015-09-27 10:42 - 2009-07-14 05:34 - 00023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-27 10:42 - 2009-07-14 05:34 - 00023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-27 00:45 - 2010-05-24 11:14 - 01604238 _____ C:\Windows\WindowsUpdate.log
2015-09-26 10:26 - 2011-05-09 12:10 - 00150524 _____ C:\Windows\PFRO.log
2015-09-26 10:25 - 2015-08-01 12:50 - 00000000 ____D C:\ProgramData\Norton
2015-09-25 21:02 - 2015-08-11 12:00 - 00000000 ____D C:\Program Files\TalkTalk
2015-09-25 21:02 - 2015-08-11 11:59 - 00000000 ____D C:\ProgramData\F-Secure
2015-09-25 13:12 - 2011-09-20 18:12 - 00000000 ____D C:\Users\Admin\AppData\Local\Windows Live Writer
2015-09-24 20:30 - 2009-07-14 05:53 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-24 20:30 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Speech
2015-09-23 02:00 - 2015-08-05 18:37 - 00000000 ____D C:\Users\Admin\Desktop\New folder
2015-09-22 22:42 - 2015-08-13 16:09 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-22 22:39 - 2015-08-13 16:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-22 22:12 - 2015-07-31 11:12 - 00000917 _____ C:\Windows\Tasks\EPSON XP-422 423 425 Series Update {E3CC20A7-B58D-446B-B6BC-940B4A3ADFED}.job
2015-09-22 18:28 - 2015-08-13 16:09 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-22 17:39 - 2015-08-13 16:09 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-22 17:39 - 2015-08-13 16:09 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-22 17:19 - 2010-05-24 11:17 - 00000000 ____D C:\Users\Admin
2015-09-22 17:19 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-22 17:19 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\wfp
2015-09-22 17:18 - 2015-08-13 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-22 17:18 - 2015-07-30 14:57 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-22 17:18 - 2011-09-20 18:10 - 00000000 ____D C:\Program Files\Windows Live
2015-09-22 17:18 - 2010-05-24 11:32 - 00000000 ____D C:\Windows\system32\Macromed
2015-09-22 17:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2015-09-22 17:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-22 17:18 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-22 17:16 - 2011-09-20 17:43 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2015-09-21 22:45 - 2011-09-20 17:43 - 00000000 ____D C:\Users\Admin\AppData\Local\Windows Live
2015-09-21 12:51 - 2011-09-20 18:11 - 00001422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-09-16 09:34 - 2015-08-11 12:05 - 00054968 _____ C:\Windows\system32\Drivers\fsbts.sys
2015-09-15 05:48 - 2015-07-30 15:39 - 00000000 ____D C:\Windows\rescache
2015-09-15 00:00 - 2015-07-31 11:24 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-15 00:00 - 2015-07-31 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-09-15 00:00 - 2015-07-30 12:14 - 00000000 ____D C:\Program Files\Google
2015-09-15 00:00 - 2009-07-14 08:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-09-14 23:55 - 2015-07-31 11:13 - 00000000 ____D C:\Program Files\EPSON Software
2015-09-10 18:31 - 2010-05-24 11:17 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2015-09-10 16:28 - 2015-07-31 11:25 - 00000000 ____D C:\ProgramData\UDL
2015-09-10 15:48 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-09-10 15:45 - 2010-05-24 11:28 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-10 15:20 - 2010-05-24 11:46 - 00000000 ____D C:\Program Files\CDBurnerXP
2015-09-10 05:39 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-10 03:43 - 2009-07-14 05:33 - 00399272 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 03:40 - 2009-07-14 08:49 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 03:16 - 2014-12-17 16:49 - 00000000 ____D C:\Windows\system32\MRT
2015-09-02 22:29 - 2015-08-13 16:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dashlane
2015-09-02 22:29 - 2015-08-13 16:21 - 00000000 ____D C:\Program Files\Dashlane

==================== Files in the root of some directories =======

2015-08-30 19:57 - 2015-09-19 07:31 - 0001247 _____ () C:\Users\Admin\AppData\Roaming\burnaware.ini
2015-09-02 20:33 - 2015-09-03 21:49 - 0087608 _____ () C:\Users\Admin\AppData\Roaming\inst.exe
2015-09-02 20:33 - 2015-09-03 21:49 - 0007887 _____ () C:\Users\Admin\AppData\Roaming\pcouffin.cat
2015-09-02 20:33 - 2015-09-03 21:49 - 0001144 _____ () C:\Users\Admin\AppData\Roaming\pcouffin.inf
2015-09-02 20:33 - 2015-09-11 06:21 - 0000055 _____ () C:\Users\Admin\AppData\Roaming\pcouffin.log
2015-09-02 20:33 - 2015-09-03 21:49 - 0047360 _____ (VSO Software) C:\Users\Admin\AppData\Roaming\pcouffin.sys
2015-08-15 01:56 - 2015-08-15 01:56 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-05 20:49 - 2015-08-05 20:49 - 0000218 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2015-09-11 10:38 - 2015-09-11 10:38 - 0001534 _____ () C:\ProgramData\ss.ini

Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-21 05:59

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-09-2015
Ran by Admin (2015-09-27 12:39:21)
Running from C:\Users\Admin\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2010-05-24 10:17:29)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Admin (S-1-5-21-427906458-3327328302-4153345130-1002 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-427906458-3327328302-4153345130-500 - Administrator - Disabled)
Guest (S-1-5-21-427906458-3327328302-4153345130-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-427906458-3327328302-4153345130-1001 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 3.6 (HKLM\...\4K Video Downloader_is1) (Version: 3.6.1.1770 - Open Media LLC)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
BurnAware Free 8.4 (HKLM\...\BurnAware Free_is1) (Version:  - Burnaware)
Canon Utilities Digital Photo Professional (HKLM\...\Digital Photo Professional) (Version: 3.14.0.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM\...\EOS Utility 2) (Version: 2.14.0.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.14.0.0 - Canon Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Easy Photo Scan (HKLM\...\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}) (Version: 1.00.0006 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{5662F323-3D9C-4100-B60C-BC71B47DD0A1}) (Version: 3.10.0041 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON Manuals (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.40.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-422 423 425 Series Printer Uninstall (HKLM\...\EPSON XP-422 423 425 Series) (Version:  - SEIKO EPSON Corporation)
Free Video to DVD Converter version 5.0.61.805 (HKLM\...\Free Video to DVD Converter_is1) (Version: 5.0.61.805 - DVDVideoSoft Ltd.)
F-Secure CCF Reputation (Version: 2.0.1337.0 - F-Secure) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-427906458-3327328302-4153345130-1002\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MyEpson Portal (HKLM\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
ObjectDock Free (HKLM\...\ObjectDock Free) (Version: 2.0 - Stardock Corporation)
ObjectDock Free (Version: 2.0 - Stardock Corporation) Hidden
OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
PeaZip 5.7.2 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
Python 3.4.3 (HKLM\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
qBittorrent 3.2.3 (HKLM\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Software Updater (HKLM\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.5.1 - Tweaking.com)
Windows 7 Codec Pack 4.1.0 (HKLM\...\Windows 7 - Codec Pack) (Version: 4.1.0 - Windows 7 Codec Pack)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

21-09-2015 22:33:45 Windows Live Essentials
21-09-2015 22:39:21 Windows Live Essentials
22-09-2015 17:14:22 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00BBC166-873A-49FD-A2F2-B30FD104FCC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-13] (Google Inc.)
Task: {2BA8691E-A0ED-4B4E-A33E-ACDCCBB37EDA} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\22.5.2.15\SymErr.exe
Task: {30A1F5A6-F326-4BE9-84B2-A1B9A3F16725} - System32\Tasks\{C291D548-D965-4073-92E2-BB9101092FBC} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
Task: {32793897-F636-4F0F-9346-9CBB45F90884} - \ToolsUpdatePlatform_ScheduledTask -> No File <==== ATTENTION
Task: {363B1B43-B0C7-40C3-8096-CBF6DD50510D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {460238B5-3AB6-4CF3-A9EB-030AAAB28640} - System32\Tasks\NCH Software\SwitchSevenDays => C:\Program Files\NCH Software\Switch\Switch.exe
Task: {4690AEFB-CC17-45CF-8A55-48FF67C77A21} - System32\Tasks\{27673142-AB3D-4EDD-8227-ADEF6CF53AD4} => pcalua.exe -a "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONPSNBX6\pictureviz.exe" -d C:\Users\Admin\Desktop
Task: {4B34D8BB-0028-4603-AA5E-6830A69030B8} - System32\Tasks\{C1467EE2-E78C-4EEC-9607-A5A2DBB5487F} => C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe [2013-07-03] (VS Revo Group)
Task: {4FF3F39B-4400-42C1-810F-6D2F6A53C1DD} - System32\Tasks\{D6BC805E-6001-4741-9FFE-6878B00EC0CA} => pcalua.exe -a "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SWX2H03\dungeon.exe" -d C:\Users\Admin\Desktop
Task: {5D768C5E-862D-4D30-B58C-8BA4AC931FFB} - System32\Tasks\{D6724645-7ECA-4DBD-8AE0-E149C89C3E62} => pcalua.exe -a "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D9SC1RK\trilogyiii.exe" -d C:\Users\Admin\Desktop
Task: {64DE8A2F-0A5B-47F1-9684-5DCC7BB7BB4F} - System32\Tasks\NCH Software\PrismSevenDays => C:\Program Files\NCH Software\Prism\Prism.exe
Task: {6ADC693C-55D6-4BDB-9FFC-CD664F30BB3D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\22.5.2.15\SymErr.exe
Task: {6E2CBC0A-676E-4865-849C-FB7A5C3A1971} - System32\Tasks\{9718B1EE-F069-49E9-A675-9C60F979DF61} => pcalua.exe -a "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONPSNBX6\SoftyVisII.exe" -d C:\Users\Admin\Desktop
Task: {96CA124C-0B8E-46B1-8CEE-6A8F9C4BD6BF} - System32\Tasks\{7A18A29F-3B1B-45AD-8E5B-DFDE815ED8D1} => pcalua.exe -a "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONPSNBX6\trilogyii.exe" -d C:\Users\Admin\Desktop
Task: {AEC9AC25-BADF-4E85-8B42-79AD0244BEB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-13] (Google Inc.)
Task: {CEBF1D06-FCDD-4EFC-A50A-85F716AC0918} - System32\Tasks\EPSON XP-422 423 425 Series Update {E3CC20A7-B58D-446B-B6BC-940B4A3ADFED} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSNDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {DA0F7C5E-3973-40F9-8229-CB565397D344} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {E51D6BEC-4B25-48D7-97EF-2C4CA5018C90} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\22.5.2.15\WSCStub.exe
Task: {EE41CF0F-E251-444B-B139-8C5AE7D02EAB} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {F1D68D5D-77E5-4EA3-9A7B-CBDCC2F89DA8} - System32\Tasks\{03BB63E3-D3FC-477F-B308-E6E4F07BE118} => C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe [2013-07-03] (VS Revo Group)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-422 423 425 Series Update {E3CC20A7-B58D-446B-B6BC-940B4A3ADFED}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSNDE.EXE:/EXE:{E3CC20A7-B58D-446B-B6BC-940B4A3ADFED} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-427906458-3327328302-4153345130-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: EPSON_PM_RPCV4_06 => 2
MSCONFIG\Services: fshoster => 2
MSCONFIG\Services: FSMA => 3
MSCONFIG\Services: FSORSPClient => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MyEpson Portal Service => 2
MSCONFIG\Services: TheDesktopWeatherService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk => C:\Windows\pss\EOS Utility.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk => C:\Windows\pss\Stardock ObjectDock.lnk.Startup
MSCONFIG\startupreg: BitTorrent => %APPDATA%\BitTorrent\BitTorrent.exe
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: F-Secure Hoster (44515) => "C:\Program Files\TalkTalk\Security\fshoster32.exe" -app -hosterid:1
MSCONFIG\startupreg: F-Secure Manager => "C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE" /splash
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: MalwareProtectionLive => C:\Users\Admin\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: uTorrent => "C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.4.3_40760.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{494BD283-A17E-4414-BB1D-E82672D40276}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{3DD2A8BE-8DBF-421B-9DC5-1781645850B6}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{A4357B87-D7FE-475C-9042-ED5A5A9824D1}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{B8EEC458-5A66-4DFB-B8D3-37FCC0AF4778}] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{B755D51C-3726-4C20-B7BA-21BA0B6DB04F}] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{51512C4F-AAA1-48E0-B0A2-A4DFB86A093C}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F7F71E48-E732-48D1-87BC-990FA7B151C6}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4DE8C088-586D-4D76-8B20-76D6E5F66485}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5CD9A116-A07B-46B1-A474-76745F3E7E10}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E7BD7640-9A7E-4374-B2FF-B076207F5C61}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BF6AF9BD-F265-48F1-A311-9BD0EA08B063}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{87CD1A04-924D-421B-BF61-C8387F84F6B4}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{8F44C43C-CB73-4E04-A1CC-4A3F0EF096E1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{1EC36BB2-0634-4912-85A4-9F5A782FA8DD}] => (Allow) C:\Program Files\baidu\Baidu Browser\Spark.exe
FirewallRules: [{32DC9DF0-0D84-4A36-972F-1E307E14F947}] => (Allow) C:\Program Files\baidu\Baidu Browser\Spark.exe
FirewallRules: [{22524091-6147-4F9B-B815-CABB283CD552}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{35967AA7-458E-400B-B028-5A768E3CC099}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{EFA67964-AB10-41F3-B576-FF6078C1D969}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{5EE26A39-C134-4BE8-9FFA-BECDF30E00CC}] => (Allow) C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{9E8127B0-3E7F-419E-A051-6B041BF53F98}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6BBB9F01-364D-4675-974D-496B41DE25A0}] => (Allow) LPort=2869
FirewallRules: [{522D19EF-DDD3-4D88-ADDD-9A08B5CC45D8}] => (Allow) LPort=1900
FirewallRules: [{95E9E03C-662C-4661-A588-D0F96750AF39}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS5FB6.tmp\SymNRT.exe
FirewallRules: [{41C365CC-7F13-40AF-9E07-4AC4E78BDCB8}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS5FB6.tmp\SymNRT.exe

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2015 10:42:37 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070005, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (09/27/2015 10:42:32 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070005, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (09/27/2015 10:42:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.26.9, time stamp: 0x54c04d6c
Faulting module name: ntdll.dll, version: 6.1.7601.18939, time stamp: 0x55afd7a8
Exception code: 0xc0000374
Fault offset: 0x000c3f83
Faulting process id: 0x134
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (09/27/2015 12:12:06 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070005, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (09/27/2015 12:10:47 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070005, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (09/27/2015 12:10:44 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070005, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (09/27/2015 12:10:40 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070005, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (09/27/2015 12:10:14 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070005, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (09/27/2015 12:10:09 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070005, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (09/27/2015 12:10:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.26.9, time stamp: 0x54c04d6c
Faulting module name: ntdll.dll, version: 6.1.7601.18939, time stamp: 0x55afd7a8
Exception code: 0xc0000374
Fault offset: 0x000c3f83
Faulting process id: 0x1f8
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

System errors:
=============
Error: (09/27/2015 12:38:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/27/2015 12:38:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/27/2015 12:38:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/27/2015 12:38:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/27/2015 12:38:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/27/2015 12:38:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/27/2015 11:40:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/27/2015 11:40:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/27/2015 11:40:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/27/2015 11:40:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

==================== Memory info ===========================

Processor: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 21%
Total physical RAM: 3061.61 MB
Available physical RAM: 2390.36 MB
Total Virtual: 3059.93 MB
Available Virtual: 2418.06 MB

==================== Drives ================================

Drive c: (Win 7 Home Premium) (Fixed) (Total:149.01 GB) (Free:84.68 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: FD741B60)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:59 PM

Posted 27 September 2015 - 04:08 PM

Hi Tonyjj,
 
Please uninstall:
 
Tweaking.com
F-Secure
Lavasoft
Norton
 
And PC restart.
-------------------------------------------------------------
 
Please open  Chrome browser.
 
Click the wrench or stack of plates (Top righthand corner), In the box that opens:-
 
Go to Settings > Show advanced settings........ (at the bottom)
 
Under "Privacy" open "Clear browsing data" put check mark in the following :-

  • Clear browsing history
  • Clear download history
  • Empty the cache
  • Delete Cookies and other site plug-in data
  • Set the delete time to maximum by using the dropdown in "Obliterate the following items from:"
  • Then Click "Clear Browsing Data"

Next:
 
Click the wrench or stack of plates (Top righthand corner), In the box that opens Click on "About Google Chrome"
 
If an update is available it will be downloaded and installed....
 
Let me know if that helps with Chrome,

 

Next >>>

 

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====
Restart the computer normally.
 
----------------------------------------------------------------
 
Step 1:
FRST Script:
Please download this attached txt.gif  Fixlist.txt   4.45KB 0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 

Step2:

 

Please be sure to run our tools with administrator rights.

 

ComboFix run:

 

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.

Attached Files


Edited by olgun52, 27 September 2015 - 04:10 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Tonyjj

Tonyjj
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 27 September 2015 - 06:59 PM

Hi,

 

a)-  Went into programs to uninstall  Tweaking.com and was blocked with the message  "You do not have sufficient access to uninstall Tweaking.com. Please contact your system administrator".

 

B)-  F- Secure is not in the programs list, only an icon on the desktop.

 

c)-  Lavasoft is neither in the programs list or on the desktop. 

 

d)-  Norton has already been removed with the Norton removal tool a few days ago, as was instructed by our mutual friend in Quebec.

 

All above attempts were carried out in "safe mode with networking"



#6 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:59 PM

Posted 27 September 2015 - 07:21 PM

Be sure to right click the file,  select "Run as administrator" to uninstall  Tweaking.com. Then, have you completed the other steps


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 Tonyjj

Tonyjj
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 28 September 2015 - 07:04 AM

tried your run as administrator no good, all I have done is remove icon from desk top. went to try to uninstall from programs and the same message about sufficient access. not attempted any of the next steps as I cannot get past the first one.



#8 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:59 PM

Posted 28 September 2015 - 01:23 PM

Please, the browser process and make other steps.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 Tonyjj

Tonyjj
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 28 September 2015 - 04:50 PM

this appeared whilst trying to do the chrome bit
 
 
An error occurred while checking for updates: Update check failed to start (error code 3: 0x80070005 -- system level).
Version 45.0.2454.99 m
 

 

this happens when trying to start FRST

 

windows cannot access the specified device, path, or file. you may not have the appropriate permissions to access the item.



#10 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:59 PM

Posted 28 September 2015 - 05:01 PM

this happens when trying to start FRST

windows cannot access the specified device, path, or file. you may not have the appropriate permissions to access the item.

Try running in safe mode with networking support.

 

Safe Mode with Networking :

  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
  • In some systems, this may be the F5 key.
  • Instead of Windows loading as normal, a menu should appear.
  • Use the up arrow key to highlight Safe Mode with Networking and press 'Enter'.
  • Login on your usual account.

Edited by olgun52, 28 September 2015 - 05:01 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 Tonyjj

Tonyjj
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 28 September 2015 - 05:10 PM


ok been doing a lot of that over the last week. at the end of your last message it said to "start computer normally". doing that I thought we were one step closer to the big fix. start afresh tomorrow.

#12 Tonyjj

Tonyjj
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 29 September 2015 - 03:37 PM

ComboFix 15-09-25.01 - Admin 29/09/2015  21:05:23.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3062.2656 [GMT 1:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2015-08-28 to 2015-09-29  )))))))))))))))))))))))))))))))
.
.
2015-09-29 20:10 . 2015-09-29 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-27 10:02 . 2015-09-29 19:54 -------- d-----w- C:\FRST
2015-09-24 23:50 . 2015-09-25 22:03 -------- d-----w- C:\EEK
2015-09-24 22:31 . 2015-09-24 22:31 -------- d-----w- C:\RegBackup
2015-09-24 22:25 . 2015-09-24 22:25 -------- d-----w- c:\program files\Tweaking.com
2015-09-24 19:46 . 2015-09-24 19:46 -------- d-----w- c:\users\Admin\AppData\Roaming\PeaZip
2015-09-24 19:45 . 2015-09-24 19:45 -------- d-----w- c:\program files\PeaZip
2015-09-24 19:16 . 2015-09-25 21:35 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-24 19:16 . 2015-09-24 19:16 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-09-24 19:16 . 2015-09-24 19:16 -------- d-----w- c:\programdata\Malwarebytes
2015-09-24 19:16 . 2015-06-18 07:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-09-24 19:16 . 2015-06-18 07:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-24 19:16 . 2015-06-18 07:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-24 18:28 . 2015-09-25 21:25 -------- d-----w- C:\AdwCleaner
2015-09-21 22:10 . 2015-09-21 22:11 -------- d-----w- c:\users\Admin\AppData\Local\NPE
2015-09-21 11:52 . 2015-09-21 21:38 -------- dc----w- c:\windows\system32\DRVSTORE
2015-09-21 11:49 . 2015-09-21 11:49 24288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-09-21 11:47 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2015-09-21 11:47 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2015-09-21 11:47 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2015-09-21 11:47 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2015-09-21 11:46 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2015-09-21 11:45 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2015-09-21 11:45 . 2015-09-22 16:18 -------- d-----w- c:\program files\Microsoft OneDrive
2015-09-21 11:45 . 2015-09-21 11:43 6081224 ----a-w- c:\program files\Common Files\Windows Live\.cache\c6a8a3c21d0f46205\onedrivesetup.exe
2015-09-21 11:45 . 2015-09-22 16:18 -------- d-----r- c:\users\Admin\OneDrive
2015-09-21 11:44 . 2015-09-21 11:44 -------- d-----w- c:\programdata\Microsoft OneDrive
2015-09-21 00:02 . 2015-09-21 00:02 -------- d-----w- c:\users\Admin\AppData\Local\4kdownload.com
2015-09-20 23:56 . 2015-09-20 23:56 -------- d-----w- c:\program files\4KDownload
2015-09-19 21:13 . 2015-09-19 21:13 -------- d-----w- c:\program files\Elaborate Bytes
2015-09-18 11:00 . 2015-09-18 11:00 -------- d-----w- c:\users\Admin\.swt
2015-09-11 09:47 . 2015-09-11 09:47 -------- d-----w- c:\users\Admin\AppData\Local\Opera Software
2015-09-11 09:47 . 2015-09-11 09:47 -------- d-----w- c:\users\Admin\AppData\Roaming\Opera Software
2015-09-11 09:46 . 2015-09-14 23:19 -------- d-----w- c:\program files\Opera
2015-09-11 09:45 . 2015-09-14 23:14 -------- d-----w- c:\program files\BurnAware Free
2015-09-11 09:38 . 2015-09-11 09:38 -------- d-----w- c:\programdata\FreeRIP MP3 Converter
2015-09-10 17:07 . 2015-09-27 10:27 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
2015-09-10 16:39 . 2015-09-10 16:39 -------- d-----w- c:\users\Admin\AppData\Local\Real
2015-09-10 16:35 . 2015-09-10 16:45 -------- d-----w- c:\program files\Real
2015-09-10 15:28 . 2015-09-10 15:28 -------- d-----w- c:\programdata\Sony Corporation
2015-09-10 13:12 . 2015-09-10 13:12 -------- d-----w- c:\programdata\Baidu
2015-09-10 13:11 . 2015-09-10 13:11 -------- d-----w- c:\users\Admin\AppData\Local\MiniService
2015-09-10 11:30 . 2015-09-10 14:24 -------- d-----w- c:\program files\NCH Software
2015-09-10 11:06 . 2015-09-10 11:06 -------- d-----w- c:\program files\VideoLAN
2015-09-09 04:52 . 2015-08-05 17:40 1225216 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-09-09 04:51 . 2015-07-09 17:42 67584 ----a-w- c:\windows\system32\dwmapi.dll
2015-09-09 04:51 . 2015-07-09 17:42 1372160 ----a-w- c:\windows\system32\dwmcore.dll
2015-09-09 04:51 . 2015-06-25 09:48 105408 ----a-w- c:\windows\system32\consent.exe
2015-09-09 04:51 . 2015-06-25 09:44 1805824 ----a-w- c:\windows\system32\authui.dll
2015-09-09 04:51 . 2015-06-25 09:44 47104 ----a-w- c:\windows\system32\appinfo.dll
2015-09-09 04:50 . 2015-08-26 17:56 2953728 ----a-w- c:\windows\system32\wucltux.dll
2015-09-09 04:50 . 2015-08-26 17:56 93184 ----a-w- c:\windows\system32\wudriver.dll
2015-09-09 04:50 . 2015-08-26 17:56 35840 ----a-w- c:\windows\system32\wups2.dll
2015-09-09 04:50 . 2015-08-26 17:56 30208 ----a-w- c:\windows\system32\wups.dll
2015-09-09 04:50 . 2015-08-26 17:56 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-09-09 04:50 . 2015-08-26 17:56 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-09-09 04:50 . 2015-08-26 17:56 2061824 ----a-w- c:\windows\system32\wuaueng.dll
2015-09-09 04:50 . 2015-08-26 17:55 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-09-09 04:50 . 2015-08-26 17:55 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-09-09 04:50 . 2015-08-26 17:55 34816 ----a-w- c:\windows\system32\wuapp.exe
2015-09-09 04:50 . 2015-08-26 17:55 135680 ----a-w- c:\windows\system32\wuauclt.exe
2015-09-09 04:50 . 2015-07-15 02:54 2048 ----a-w- c:\windows\system32\tzres.dll
2015-09-06 23:00 . 2015-09-22 12:57 -------- d-----w- c:\users\Admin\AppData\Local\CrashDumps
2015-09-04 10:55 . 2015-09-04 10:55 -------- d-----w- c:\program files\VS Revo Group
2015-09-02 21:57 . 2015-09-02 21:58 -------- d-----w- c:\program files\DVDVideoSoft
2015-09-02 21:57 . 2015-09-02 21:57 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2015-09-02 21:56 . 2015-09-14 22:59 -------- d-----w- c:\users\Admin\AppData\Roaming\DVDVideoSoft
2015-09-02 20:14 . 2015-09-02 20:14 -------- d-----w- c:\programdata\vsosdk
2015-09-02 19:33 . 2015-09-14 22:56 -------- d-----w- c:\program files\VSO
2015-09-02 19:33 . 2015-09-02 20:44 -------- d-----w- c:\programdata\VSO
2015-09-02 19:05 . 2015-09-02 19:19 -------- d-----w- c:\program files\Common Files\AVSMedia
2015-09-02 19:05 . 2010-05-11 12:17 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2015-09-02 19:05 . 2015-09-02 19:19 -------- d-----w- c:\program files\AVS4YOU
2015-09-02 19:05 . 2015-09-02 19:08 -------- d-----w- c:\programdata\AVS4YOU
2015-09-02 19:05 . 2010-05-11 12:17 24576 ----a-w- c:\windows\system32\msxml3a.dll
2015-09-02 01:02 . 2015-09-10 14:23 -------- d-----w- c:\programdata\NCH Software
2015-08-30 23:38 . 2015-08-30 23:38 98304 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}\python_icon.exe
2015-08-30 23:38 . 2015-08-30 23:38 -------- d-----w- c:\users\Admin\AppData\Local\pip
2015-08-30 23:37 . 2015-08-30 23:38 -------- d-----w- C:\Python34
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-22 16:39 . 2015-08-13 15:09 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-09-22 16:39 . 2015-08-13 15:09 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-16 08:34 . 2015-08-11 11:05 54968 ----a-w- c:\windows\system32\drivers\fsbts.sys
2015-08-19 11:19 . 2015-08-19 11:19 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-08-19 11:18 . 2015-08-19 11:18 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-08-19 11:18 . 2015-08-19 11:18 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-08-15 00:52 . 2015-08-15 00:52 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-08-15 00:52 . 2015-08-15 00:52 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-08-15 00:52 . 2015-08-15 00:52 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-07-30 17:57 . 2015-08-11 23:19 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 17:57 . 2015-08-11 23:19 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 17:57 . 2015-08-11 23:19 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 13:13 . 2015-08-11 23:54 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-28 20:04 . 2015-08-11 23:20 15808 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:00 . 2015-08-11 23:20 635904 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 20:00 . 2015-08-11 23:20 598528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 20:00 . 2015-08-11 23:20 346112 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 20:00 . 2015-08-11 23:20 952832 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 20:00 . 2015-08-11 23:20 60416 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 20:00 . 2015-08-11 23:20 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-07-28 19:54 . 2015-08-11 23:20 934400 ----a-w- c:\windows\system32\aeinv.dll
2015-07-19 16:55 . 2015-07-19 16:55 134040 ----a-w- c:\windows\system32\ElbyVCD.dll
2015-07-16 19:12 . 2015-08-11 23:19 856064 ----a-w- c:\windows\system32\rdvidcrl.dll
2015-07-16 19:12 . 2015-08-11 23:19 53248 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-16 19:12 . 2015-08-11 23:19 6131200 ----a-w- c:\windows\system32\mstscax.dll
2015-07-16 15:14 . 2015-08-11 23:19 355840 ----a-w- c:\windows\system32\wksprt.exe
2015-07-15 17:59 . 2015-08-11 23:20 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 17:55 . 2015-08-11 23:20 1159168 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 17:54 . 2015-08-11 23:20 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 17:43 . 2015-08-11 23:20 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui
2015-07-15 02:55 . 2015-08-11 23:19 44032 ----a-w- c:\windows\system32\basesrv.dll
2015-07-11 01:06 . 2015-08-01 11:50 1286896 ----a-r- c:\windows\system32\drivers\NIS\1605020.00F\SymEFASI.sys
2015-07-09 17:42 . 2015-08-11 23:20 179712 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 17:42 . 2015-08-11 23:20 179712 ----a-w- c:\windows\notepad.exe
2015-07-05 10:11 . 2010-05-24 10:42 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-07-04 17:48 . 2015-07-30 12:17 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-07-01 20:30 . 2015-08-11 23:20 206848 ----a-w- c:\windows\system32\WebClnt.dll
2015-07-01 20:30 . 2015-08-11 23:20 82432 ----a-w- c:\windows\system32\davclnt.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-09-21 11:44 223432 ----a-w- c:\users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-09-21 11:44 223432 ----a-w- c:\users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-09-21 11:44 223432 ----a-w- c:\users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2015-06-18 54072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
backup=c:\windows\pss\CodecPackUpdateChecker.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
backup=c:\windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk
backup=c:\windows\pss\EOS Utility.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2014-06-10 19:27 1065024 ----a-w- c:\program files\EPSON Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget\P0000000000000000]
2013-12-16 00:00 262208 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_TATINDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 18:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 18:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 18:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES]
2009-07-14 01:14 354304 ----a-w- c:\windows\System32\StikyNot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
R1 epp32;epp32;c:\eek\bin\epp32.sys [2015-09-23 112408]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-08-15 102912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2009-10-20 54960]
R3 vmx_svga;vmx_svga;c:\windows\system32\DRIVERS\vmx_svga.sys [2009-10-20 63920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
R4 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [2013-04-14 143424]
R4 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2012-05-16 126128]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R4 MyEpson Portal Service;MyEpson Portal Service;c:\program files\EPSON\MyEpson Portal\mepService.exe [2014-09-22 703984]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ    DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-22 16:22 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.99\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13 16:39]
.
2015-09-22 c:\windows\Tasks\EPSON XP-422 423 425 Series Update {E3CC20A7-B58D-446B-B6BC-940B4A3ADFED}.job
- c:\windows\system32\spool\DRIVERS\W32X86\3\E_TTSNDE.EXE [2015-07-31 16:30]
.
2015-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-13 15:09]
.
2015-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-13 15:09]
.
2015-09-24 c:\windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
- c:\program files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11 23:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-AppXSvc
SafeBoot-ClipSvc
SafeBoot-WSService
MSConfigStartUp-BitTorrent - c:\users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
MSConfigStartUp-F-Secure Hoster (44515) - c:\program files\TalkTalk\Security\fshoster32.exe
MSConfigStartUp-F-Secure Manager - c:\program files\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE
MSConfigStartUp-MalwareProtectionLive - c:\users\Admin\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe
MSConfigStartUp-uTorrent - c:\users\Admin\AppData\Roaming\uTorrent\updates\3.4.3_40760.exe
AddRemove-ObjectDock Free - c:\programdata\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}\ObjectDock_free.exe
AddRemove-Windows 7 - Codec Pack - c:\windows\system32\C2MP\Uninst.exe
AddRemove-{2C13F8C1-570B-42A9-87B4-8C7903ECD602} - c:\programdata\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}\ObjectDock_free.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-427906458-3327328302-4153345130-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-427906458-3327328302-4153345130-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-09-29  21:12:14
ComboFix-quarantined-files.txt  2015-09-29 20:12
.
Pre-Run: 92,326,170,624 bytes free
Post-Run: 91,971,923,968 bytes free
.
- - End Of File - - 165C58F5A8C34990A5A2E23D8C1376E3
A36C5E4F47E84449FF07ED3517B43A31ComboFix 15-09-25.01 - Admin 29/09/2015  21:05:23.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3062.2656 [GMT 1:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2015-08-28 to 2015-09-29  )))))))))))))))))))))))))))))))
.
.
2015-09-29 20:10 . 2015-09-29 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-27 10:02 . 2015-09-29 19:54 -------- d-----w- C:\FRST
2015-09-24 23:50 . 2015-09-25 22:03 -------- d-----w- C:\EEK
2015-09-24 22:31 . 2015-09-24 22:31 -------- d-----w- C:\RegBackup
2015-09-24 22:25 . 2015-09-24 22:25 -------- d-----w- c:\program files\Tweaking.com
2015-09-24 19:46 . 2015-09-24 19:46 -------- d-----w- c:\users\Admin\AppData\Roaming\PeaZip
2015-09-24 19:45 . 2015-09-24 19:45 -------- d-----w- c:\program files\PeaZip
2015-09-24 19:16 . 2015-09-25 21:35 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-24 19:16 . 2015-09-24 19:16 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-09-24 19:16 . 2015-09-24 19:16 -------- d-----w- c:\programdata\Malwarebytes
2015-09-24 19:16 . 2015-06-18 07:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-09-24 19:16 . 2015-06-18 07:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-24 19:16 . 2015-06-18 07:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-24 18:28 . 2015-09-25 21:25 -------- d-----w- C:\AdwCleaner
2015-09-21 22:10 . 2015-09-21 22:11 -------- d-----w- c:\users\Admin\AppData\Local\NPE
2015-09-21 11:52 . 2015-09-21 21:38 -------- dc----w- c:\windows\system32\DRVSTORE
2015-09-21 11:49 . 2015-09-21 11:49 24288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-09-21 11:47 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2015-09-21 11:47 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2015-09-21 11:47 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2015-09-21 11:47 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2015-09-21 11:46 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2015-09-21 11:45 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2015-09-21 11:45 . 2015-09-22 16:18 -------- d-----w- c:\program files\Microsoft OneDrive
2015-09-21 11:45 . 2015-09-21 11:43 6081224 ----a-w- c:\program files\Common Files\Windows Live\.cache\c6a8a3c21d0f46205\onedrivesetup.exe
2015-09-21 11:45 . 2015-09-22 16:18 -------- d-----r- c:\users\Admin\OneDrive
2015-09-21 11:44 . 2015-09-21 11:44 -------- d-----w- c:\programdata\Microsoft OneDrive
2015-09-21 00:02 . 2015-09-21 00:02 -------- d-----w- c:\users\Admin\AppData\Local\4kdownload.com
2015-09-20 23:56 . 2015-09-20 23:56 -------- d-----w- c:\program files\4KDownload
2015-09-19 21:13 . 2015-09-19 21:13 -------- d-----w- c:\program files\Elaborate Bytes
2015-09-18 11:00 . 2015-09-18 11:00 -------- d-----w- c:\users\Admin\.swt
2015-09-11 09:47 . 2015-09-11 09:47 -------- d-----w- c:\users\Admin\AppData\Local\Opera Software
2015-09-11 09:47 . 2015-09-11 09:47 -------- d-----w- c:\users\Admin\AppData\Roaming\Opera Software
2015-09-11 09:46 . 2015-09-14 23:19 -------- d-----w- c:\program files\Opera
2015-09-11 09:45 . 2015-09-14 23:14 -------- d-----w- c:\program files\BurnAware Free
2015-09-11 09:38 . 2015-09-11 09:38 -------- d-----w- c:\programdata\FreeRIP MP3 Converter
2015-09-10 17:07 . 2015-09-27 10:27 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
2015-09-10 16:39 . 2015-09-10 16:39 -------- d-----w- c:\users\Admin\AppData\Local\Real
2015-09-10 16:35 . 2015-09-10 16:45 -------- d-----w- c:\program files\Real
2015-09-10 15:28 . 2015-09-10 15:28 -------- d-----w- c:\programdata\Sony Corporation
2015-09-10 13:12 . 2015-09-10 13:12 -------- d-----w- c:\programdata\Baidu
2015-09-10 13:11 . 2015-09-10 13:11 -------- d-----w- c:\users\Admin\AppData\Local\MiniService
2015-09-10 11:30 . 2015-09-10 14:24 -------- d-----w- c:\program files\NCH Software
2015-09-10 11:06 . 2015-09-10 11:06 -------- d-----w- c:\program files\VideoLAN
2015-09-09 04:52 . 2015-08-05 17:40 1225216 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-09-09 04:51 . 2015-07-09 17:42 67584 ----a-w- c:\windows\system32\dwmapi.dll
2015-09-09 04:51 . 2015-07-09 17:42 1372160 ----a-w- c:\windows\system32\dwmcore.dll
2015-09-09 04:51 . 2015-06-25 09:48 105408 ----a-w- c:\windows\system32\consent.exe
2015-09-09 04:51 . 2015-06-25 09:44 1805824 ----a-w- c:\windows\system32\authui.dll
2015-09-09 04:51 . 2015-06-25 09:44 47104 ----a-w- c:\windows\system32\appinfo.dll
2015-09-09 04:50 . 2015-08-26 17:56 2953728 ----a-w- c:\windows\system32\wucltux.dll
2015-09-09 04:50 . 2015-08-26 17:56 93184 ----a-w- c:\windows\system32\wudriver.dll
2015-09-09 04:50 . 2015-08-26 17:56 35840 ----a-w- c:\windows\system32\wups2.dll
2015-09-09 04:50 . 2015-08-26 17:56 30208 ----a-w- c:\windows\system32\wups.dll
2015-09-09 04:50 . 2015-08-26 17:56 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-09-09 04:50 . 2015-08-26 17:56 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-09-09 04:50 . 2015-08-26 17:56 2061824 ----a-w- c:\windows\system32\wuaueng.dll
2015-09-09 04:50 . 2015-08-26 17:55 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-09-09 04:50 . 2015-08-26 17:55 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-09-09 04:50 . 2015-08-26 17:55 34816 ----a-w- c:\windows\system32\wuapp.exe
2015-09-09 04:50 . 2015-08-26 17:55 135680 ----a-w- c:\windows\system32\wuauclt.exe
2015-09-09 04:50 . 2015-07-15 02:54 2048 ----a-w- c:\windows\system32\tzres.dll
2015-09-06 23:00 . 2015-09-22 12:57 -------- d-----w- c:\users\Admin\AppData\Local\CrashDumps
2015-09-04 10:55 . 2015-09-04 10:55 -------- d-----w- c:\program files\VS Revo Group
2015-09-02 21:57 . 2015-09-02 21:58 -------- d-----w- c:\program files\DVDVideoSoft
2015-09-02 21:57 . 2015-09-02 21:57 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2015-09-02 21:56 . 2015-09-14 22:59 -------- d-----w- c:\users\Admin\AppData\Roaming\DVDVideoSoft
2015-09-02 20:14 . 2015-09-02 20:14 -------- d-----w- c:\programdata\vsosdk
2015-09-02 19:33 . 2015-09-14 22:56 -------- d-----w- c:\program files\VSO
2015-09-02 19:33 . 2015-09-02 20:44 -------- d-----w- c:\programdata\VSO
2015-09-02 19:05 . 2015-09-02 19:19 -------- d-----w- c:\program files\Common Files\AVSMedia
2015-09-02 19:05 . 2010-05-11 12:17 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2015-09-02 19:05 . 2015-09-02 19:19 -------- d-----w- c:\program files\AVS4YOU
2015-09-02 19:05 . 2015-09-02 19:08 -------- d-----w- c:\programdata\AVS4YOU
2015-09-02 19:05 . 2010-05-11 12:17 24576 ----a-w- c:\windows\system32\msxml3a.dll
2015-09-02 01:02 . 2015-09-10 14:23 -------- d-----w- c:\programdata\NCH Software
2015-08-30 23:38 . 2015-08-30 23:38 98304 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}\python_icon.exe
2015-08-30 23:38 . 2015-08-30 23:38 -------- d-----w- c:\users\Admin\AppData\Local\pip
2015-08-30 23:37 . 2015-08-30 23:38 -------- d-----w- C:\Python34
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-22 16:39 . 2015-08-13 15:09 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-09-22 16:39 . 2015-08-13 15:09 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-16 08:34 . 2015-08-11 11:05 54968 ----a-w- c:\windows\system32\drivers\fsbts.sys
2015-08-19 11:19 . 2015-08-19 11:19 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-08-19 11:18 . 2015-08-19 11:18 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-08-19 11:18 . 2015-08-19 11:18 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-08-15 00:52 . 2015-08-15 00:52 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-08-15 00:52 . 2015-08-15 00:52 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-08-15 00:52 . 2015-08-15 00:52 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-07-30 17:57 . 2015-08-11 23:19 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 17:57 . 2015-08-11 23:19 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 17:57 . 2015-08-11 23:19 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 13:13 . 2015-08-11 23:54 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-28 20:04 . 2015-08-11 23:20 15808 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:00 . 2015-08-11 23:20 635904 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 20:00 . 2015-08-11 23:20 598528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 20:00 . 2015-08-11 23:20 346112 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 20:00 . 2015-08-11 23:20 952832 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 20:00 . 2015-08-11 23:20 60416 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 20:00 . 2015-08-11 23:20 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-07-28 19:54 . 2015-08-11 23:20 934400 ----a-w- c:\windows\system32\aeinv.dll
2015-07-19 16:55 . 2015-07-19 16:55 134040 ----a-w- c:\windows\system32\ElbyVCD.dll
2015-07-16 19:12 . 2015-08-11 23:19 856064 ----a-w- c:\windows\system32\rdvidcrl.dll
2015-07-16 19:12 . 2015-08-11 23:19 53248 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-16 19:12 . 2015-08-11 23:19 6131200 ----a-w- c:\windows\system32\mstscax.dll
2015-07-16 15:14 . 2015-08-11 23:19 355840 ----a-w- c:\windows\system32\wksprt.exe
2015-07-15 17:59 . 2015-08-11 23:20 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 17:55 . 2015-08-11 23:20 1159168 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 17:54 . 2015-08-11 23:20 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 17:43 . 2015-08-11 23:20 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui
2015-07-15 02:55 . 2015-08-11 23:19 44032 ----a-w- c:\windows\system32\basesrv.dll
2015-07-11 01:06 . 2015-08-01 11:50 1286896 ----a-r- c:\windows\system32\drivers\NIS\1605020.00F\SymEFASI.sys
2015-07-09 17:42 . 2015-08-11 23:20 179712 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 17:42 . 2015-08-11 23:20 179712 ----a-w- c:\windows\notepad.exe
2015-07-05 10:11 . 2010-05-24 10:42 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-07-04 17:48 . 2015-07-30 12:17 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-07-01 20:30 . 2015-08-11 23:20 206848 ----a-w- c:\windows\system32\WebClnt.dll
2015-07-01 20:30 . 2015-08-11 23:20 82432 ----a-w- c:\windows\system32\davclnt.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-09-21 11:44 223432 ----a-w- c:\users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-09-21 11:44 223432 ----a-w- c:\users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-09-21 11:44 223432 ----a-w- c:\users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2015-06-18 54072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
backup=c:\windows\pss\CodecPackUpdateChecker.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
backup=c:\windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk
backup=c:\windows\pss\EOS Utility.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2014-06-10 19:27 1065024 ----a-w- c:\program files\EPSON Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget\P0000000000000000]
2013-12-16 00:00 262208 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_TATINDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 18:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 18:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 18:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES]
2009-07-14 01:14 354304 ----a-w- c:\windows\System32\StikyNot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
R1 epp32;epp32;c:\eek\bin\epp32.sys [2015-09-23 112408]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-08-15 102912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2009-10-20 54960]
R3 vmx_svga;vmx_svga;c:\windows\system32\DRIVERS\vmx_svga.sys [2009-10-20 63920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
R4 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [2013-04-14 143424]
R4 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2012-05-16 126128]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R4 MyEpson Portal Service;MyEpson Portal Service;c:\program files\EPSON\MyEpson Portal\mepService.exe [2014-09-22 703984]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ    DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-22 16:22 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.99\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13 16:39]
.
2015-09-22 c:\windows\Tasks\EPSON XP-422 423 425 Series Update {E3CC20A7-B58D-446B-B6BC-940B4A3ADFED}.job
- c:\windows\system32\spool\DRIVERS\W32X86\3\E_TTSNDE.EXE [2015-07-31 16:30]
.
2015-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-13 15:09]
.
2015-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-13 15:09]
.
2015-09-24 c:\windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
- c:\program files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11 23:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-AppXSvc
SafeBoot-ClipSvc
SafeBoot-WSService
MSConfigStartUp-BitTorrent - c:\users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
MSConfigStartUp-F-Secure Hoster (44515) - c:\program files\TalkTalk\Security\fshoster32.exe
MSConfigStartUp-F-Secure Manager - c:\program files\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE
MSConfigStartUp-MalwareProtectionLive - c:\users\Admin\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe
MSConfigStartUp-uTorrent - c:\users\Admin\AppData\Roaming\uTorrent\updates\3.4.3_40760.exe
AddRemove-ObjectDock Free - c:\programdata\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}\ObjectDock_free.exe
AddRemove-Windows 7 - Codec Pack - c:\windows\system32\C2MP\Uninst.exe
AddRemove-{2C13F8C1-570B-42A9-87B4-8C7903ECD602} - c:\programdata\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}\ObjectDock_free.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-427906458-3327328302-4153345130-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-427906458-3327328302-4153345130-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-09-29  21:12:14
ComboFix-quarantined-files.txt  2015-09-29 20:12
.
Pre-Run: 92,326,170,624 bytes free
Post-Run: 91,971,923,968 bytes free
.
- - End Of File - - 165C58F5A8C34990A5A2E23D8C1376E3
A36C5E4F47E84449FF07ED3517B43A31

 



#13 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:59 PM

Posted 29 September 2015 - 04:36 PM

How is your PC running. Please try run FRST


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 Tonyjj

Tonyjj
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 29 September 2015 - 05:26 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01
Ran by Admin (administrator) on ADMIN-PC (29-09-2015 23:21:06)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKU\S-1-5-21-427906458-3327328302-4153345130-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-427906458-3327328302-4153345130-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{13F1786E-4057-4E6D-A94F-2F32278460A0}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{51D4030C-B229-4611-961C-49D1E6E782DC}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-427906458-3327328302-4153345130-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-427906458-3327328302-4153345130-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-427906458-3327328302-4153345130-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-30]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-30]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-30]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-30]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-30]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-30]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
S4 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [143424 2013-04-15] (SEIKO EPSON CORPORATION)
S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 MyEpson Portal Service; C:\Program Files\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
S1 epp32; C:\EEK\bin\epp32.sys [112408 2015-09-24] (Emsisoft GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 vmx_svga; C:\Windows\System32\DRIVERS\vmx_svga.sys [63920 2009-10-20] (VMware, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
U3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-29 23:21 - 2015-09-29 23:21 - 00006143 _____ C:\Users\Admin\Desktop\FRST.txt
2015-09-29 21:12 - 2015-09-29 21:12 - 00020789 _____ C:\ComboFix.txt
2015-09-29 21:03 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-29 21:03 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-29 21:03 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-29 21:03 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-29 21:03 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-29 21:03 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-29 21:03 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-29 21:03 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-29 21:02 - 2015-09-29 21:12 - 00000000 ____D C:\Qoobox
2015-09-29 21:02 - 2015-09-29 21:11 - 00000000 ____D C:\Windows\erdnt
2015-09-29 20:59 - 2015-09-29 20:59 - 05636489 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2015-09-29 20:59 - 2015-09-29 20:59 - 05636489 _____ (Swearware) C:\Users\Admin\Downloads\ComboFix.exe
2015-09-29 20:48 - 2015-09-29 20:48 - 00004560 _____ C:\Users\Admin\Downloads\Fixlist (3).txt
2015-09-29 20:47 - 2015-09-29 20:49 - 01696256 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-09-29 20:45 - 2015-09-29 20:45 - 01696256 _____ (Farbar) C:\Users\Admin\Downloads\FRST (2).exe
2015-09-29 20:37 - 2015-09-29 20:37 - 00004560 _____ C:\Users\Admin\Downloads\Fixlist (2).txt
2015-09-29 20:29 - 2015-09-29 20:45 - 00004560 _____ C:\Users\Admin\Downloads\Fixlist (1).txt
2015-09-28 22:28 - 2015-09-28 22:28 - 00004560 _____ C:\Users\Admin\Downloads\Fixlist.txt
2015-09-28 22:28 - 2015-09-28 22:28 - 00001099 _____ C:\Users\Admin\Desktop\Fixlist - Shortcut.lnk
2015-09-27 12:39 - 2015-09-27 12:39 - 00028005 _____ C:\Users\Admin\Desktop\Addition.txt
2015-09-27 11:46 - 2015-09-27 11:46 - 01695744 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2015-09-27 11:37 - 2015-09-27 11:40 - 00040637 _____ C:\Users\Admin\Downloads\FRST.txt
2015-09-27 11:37 - 2015-09-27 11:37 - 01695744 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2015-09-27 11:03 - 2015-09-27 11:03 - 00028034 _____ C:\Users\Admin\Downloads\Addition.txt
2015-09-27 11:02 - 2015-09-29 23:21 - 00000000 ____D C:\FRST
2015-09-26 16:20 - 2015-09-26 16:19 - 02304693 _____ C:\Users\Admin\Desktop\cbs.txt
2015-09-25 23:29 - 2015-09-25 23:29 - 00099256 _____ C:\Users\Admin\Desktop\hklm_uninstall64.txt
2015-09-25 23:19 - 2015-09-25 23:19 - 00000472 _____ C:\Users\Admin\Desktop\Emi2.txt
2015-09-25 23:15 - 2015-09-25 23:15 - 00000472 _____ C:\Users\Admin\Desktop\emi1.txt
2015-09-25 22:48 - 2015-09-25 22:48 - 00001052 _____ C:\Users\Admin\Desktop\mwb2.txt
2015-09-25 13:08 - 2015-09-25 12:12 - 00012267 _____ C:\Users\Admin\Documents\New folder (2).zip
2015-09-25 12:12 - 2015-09-25 12:12 - 00012267 _____ C:\Users\Admin\Desktop\New folder (2).zip
2015-09-25 12:06 - 2015-09-25 12:06 - 00000000 ____D C:\Users\Admin\Desktop\New folder (2)
2015-09-25 00:50 - 2015-09-25 23:03 - 00000000 ____D C:\EEK
2015-09-25 00:50 - 2015-09-25 00:50 - 00000761 _____ C:\Users\Admin\Desktop\Start Emsisoft Emergency Kit.lnk
2015-09-25 00:48 - 2015-09-25 00:50 - 167039456 _____ C:\Users\Admin\Downloads\EmsisoftEmergencyKit.exe
2015-09-24 23:31 - 2015-09-24 23:31 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ADMIN-PC-Windows-7-Home-Premium-(32-bit).dat
2015-09-24 23:31 - 2015-09-24 23:31 - 00000000 ____D C:\RegBackup
2015-09-24 23:25 - 2015-09-24 23:25 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2015-09-24 23:25 - 2015-09-24 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-09-24 23:25 - 2015-09-24 23:25 - 00000000 ____D C:\Program Files\Tweaking.com
2015-09-24 23:24 - 2015-09-24 23:24 - 20389640 _____ (Tweaking.com) C:\Users\Admin\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-09-24 23:22 - 2015-09-24 23:22 - 00032225 _____ C:\Users\Admin\Desktop\windows_repair_all_in_one.htm
2015-09-24 20:46 - 2015-09-24 20:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PeaZip
2015-09-24 20:45 - 2015-09-24 20:45 - 00000955 _____ C:\Users\Admin\Desktop\PeaZip.lnk
2015-09-24 20:45 - 2015-09-24 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
2015-09-24 20:45 - 2015-09-24 20:45 - 00000000 ____D C:\Program Files\PeaZip
2015-09-24 20:16 - 2015-09-25 22:35 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-24 20:16 - 2015-09-24 20:16 - 00001078 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-24 20:16 - 2015-09-24 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-24 20:16 - 2015-09-24 20:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-24 20:16 - 2015-09-24 20:16 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-24 20:16 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-24 20:16 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-24 20:16 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-24 19:48 - 2015-09-24 19:48 - 01800512 _____ (Malwarebytes) C:\Users\Admin\Desktop\JRT.exe
2015-09-24 19:28 - 2015-09-25 22:25 - 00000000 ____D C:\AdwCleaner
2015-09-24 19:21 - 2015-09-24 19:21 - 01662976 _____ C:\Users\Admin\Desktop\AdwCleaner.exe
2015-09-24 18:53 - 2015-09-24 18:53 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.exe
2015-09-24 17:21 - 2015-09-24 17:21 - 00000000 ____D C:\Windows\pss
2015-09-24 16:41 - 2015-09-24 16:41 - 00891392 _____ (Farbar) C:\Users\Admin\Desktop\MiniToolBox.exe
2015-09-24 15:15 - 2015-09-24 15:15 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-21 23:10 - 2015-09-21 23:11 - 00000000 ____D C:\Users\Admin\AppData\Local\NPE
2015-09-21 12:52 - 2015-09-22 17:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-09-21 12:47 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-09-21 12:47 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-09-21 12:47 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-09-21 12:47 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-09-21 12:46 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-09-21 12:45 - 2015-09-22 17:18 - 00000000 ___RD C:\Users\Admin\OneDrive
2015-09-21 12:45 - 2015-09-22 17:18 - 00000000 ____D C:\Program Files\Microsoft OneDrive
2015-09-21 12:45 - 2015-09-21 12:45 - 00002194 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-21 12:45 - 2015-09-21 12:45 - 00002076 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-21 12:45 - 2015-09-21 12:45 - 00002076 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-21 12:45 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-09-21 12:44 - 2015-09-21 12:44 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-09-21 01:02 - 2015-09-21 01:41 - 00000000 ____D C:\Users\Admin\Desktop\4K Video Downloader
2015-09-21 01:02 - 2015-09-21 01:02 - 00000000 ____D C:\Users\Admin\AppData\Local\4kdownload.com
2015-09-21 00:56 - 2015-09-21 00:56 - 00001236 _____ C:\Users\Admin\Desktop\4K Video Downloader.lnk
2015-09-21 00:56 - 2015-09-21 00:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2015-09-21 00:56 - 2015-09-21 00:56 - 00000000 ____D C:\Program Files\4KDownload
2015-09-19 22:13 - 2015-09-19 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-09-19 22:13 - 2015-09-19 22:13 - 00000000 ____D C:\Program Files\Elaborate Bytes
2015-09-19 21:55 - 2015-09-19 18:27 - 3371624448 _____ C:\Users\Admin\Documents\Bangles - Return to Bangleonia.iso
2015-09-18 12:00 - 2015-09-18 12:00 - 00000000 ____D C:\Users\Admin\.swt
2015-09-15 00:14 - 2015-09-15 00:14 - 00001030 _____ C:\Users\Public\Desktop\BurnAware Free.lnk
2015-09-11 10:47 - 2015-09-11 10:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Opera Software
2015-09-11 10:47 - 2015-09-11 10:47 - 00000000 ____D C:\Users\Admin\AppData\Local\Opera Software
2015-09-11 10:46 - 2015-09-15 00:19 - 00000000 ____D C:\Program Files\Opera
2015-09-11 10:46 - 2015-09-15 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2015-09-11 10:45 - 2015-09-15 00:14 - 00000000 ____D C:\Program Files\BurnAware Free
2015-09-11 10:38 - 2015-09-11 10:38 - 00001534 _____ C:\ProgramData\ss.ini
2015-09-11 10:38 - 2015-09-11 10:38 - 00000000 ____D C:\ProgramData\FreeRIP MP3 Converter
2015-09-10 17:39 - 2015-09-10 17:39 - 00000000 ____D C:\Users\Admin\AppData\Local\Real
2015-09-10 17:35 - 2015-09-10 17:45 - 00000000 ____D C:\Program Files\Real
2015-09-10 17:34 - 2015-09-10 17:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Real
2015-09-10 17:33 - 2015-09-10 17:45 - 00000000 ____D C:\ProgramData\Real
2015-09-10 16:28 - 2015-09-10 16:28 - 00002131 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2015-09-10 16:28 - 2015-09-10 16:28 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-09-10 14:12 - 2015-09-10 14:12 - 00000000 ____D C:\ProgramData\Baidu
2015-09-10 14:11 - 2015-09-10 14:11 - 00000000 ____D C:\Users\Admin\AppData\Local\MiniService
2015-09-10 12:30 - 2015-09-10 15:24 - 00000000 ____D C:\Program Files\NCH Software
2015-09-10 12:06 - 2015-09-10 12:06 - 00000000 ____D C:\Program Files\VideoLAN
2015-09-09 05:54 - 2015-08-18 02:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 05:54 - 2015-08-15 07:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 05:54 - 2015-08-15 06:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 05:54 - 2015-08-15 06:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 05:54 - 2015-08-15 06:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 05:54 - 2015-08-15 06:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 05:54 - 2015-08-15 06:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 05:54 - 2015-08-15 06:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 05:54 - 2015-08-15 06:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 05:54 - 2015-08-15 06:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 05:54 - 2015-08-15 06:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 05:54 - 2015-08-15 06:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 05:54 - 2015-08-15 06:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 05:54 - 2015-08-15 06:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 05:54 - 2015-08-15 06:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 05:54 - 2015-08-15 06:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 05:54 - 2015-08-15 06:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 05:54 - 2015-08-15 06:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 05:54 - 2015-08-15 06:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 05:54 - 2015-08-15 06:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 05:54 - 2015-08-15 06:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 05:54 - 2015-08-15 06:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 05:54 - 2015-08-15 06:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 05:54 - 2015-08-15 06:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 05:54 - 2015-08-15 06:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 05:54 - 2015-08-15 06:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 05:54 - 2015-08-15 06:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 05:54 - 2015-08-15 06:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 05:54 - 2015-08-15 06:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 05:54 - 2015-08-15 05:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 05:54 - 2015-08-15 05:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 05:54 - 2015-08-15 05:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 05:52 - 2015-09-02 03:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 05:52 - 2015-09-02 03:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 05:52 - 2015-09-02 03:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 05:52 - 2015-09-02 03:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 05:52 - 2015-09-02 02:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 05:52 - 2015-09-02 02:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 05:52 - 2015-08-27 18:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 05:52 - 2015-08-27 18:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 05:52 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 05:52 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 05:52 - 2015-08-05 18:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 05:52 - 2015-08-05 18:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 05:52 - 2015-08-05 18:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 05:52 - 2015-08-04 18:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 05:52 - 2015-08-04 18:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 05:52 - 2015-08-04 18:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 05:52 - 2015-08-04 18:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 05:52 - 2015-08-04 18:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 05:52 - 2015-08-04 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 05:52 - 2015-07-22 18:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-09 05:52 - 2015-07-22 18:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 05:52 - 2015-07-22 18:57 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 05:52 - 2015-07-22 18:57 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 05:52 - 2015-07-22 18:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 05:52 - 2015-07-22 18:53 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 05:52 - 2015-07-22 18:52 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 05:52 - 2015-07-22 18:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 05:52 - 2015-07-22 18:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 05:52 - 2015-07-22 18:52 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 05:52 - 2015-07-22 18:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 05:52 - 2015-07-22 18:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 05:52 - 2015-07-22 18:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 05:52 - 2015-07-22 18:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 05:52 - 2015-07-22 17:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 05:52 - 2015-07-22 17:34 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 05:52 - 2015-07-22 17:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 05:52 - 2015-07-22 17:33 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 05:51 - 2015-07-09 18:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 05:51 - 2015-07-09 18:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 05:51 - 2015-06-25 10:48 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 05:51 - 2015-06-25 10:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 05:51 - 2015-06-25 10:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 05:50 - 2015-08-26 18:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 05:50 - 2015-08-26 18:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 05:50 - 2015-08-26 18:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 05:50 - 2015-08-26 18:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 05:50 - 2015-08-26 18:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 05:50 - 2015-07-15 03:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-07 00:00 - 2015-09-22 13:57 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2015-09-04 11:55 - 2015-09-04 11:55 - 00001240 _____ C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2015-09-04 11:55 - 2015-09-04 11:55 - 00000000 ____D C:\Program Files\VS Revo Group
2015-09-04 10:14 - 2015-09-04 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-09-02 22:58 - 2015-09-02 22:58 - 00002266 _____ C:\Users\Public\Desktop\Free Video to DVD Converter.lnk
2015-09-02 22:58 - 2015-09-02 22:58 - 00001283 _____ C:\Users\Public\Desktop\Free DVD Video Burner.lnk
2015-09-02 22:58 - 2015-09-02 22:58 - 00001217 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-09-02 22:58 - 2015-09-02 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-09-02 22:57 - 2015-09-02 22:58 - 00000000 ____D C:\Program Files\DVDVideoSoft
2015-09-02 22:57 - 2015-09-02 22:57 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2015-09-02 22:56 - 2015-09-14 23:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2015-09-02 21:14 - 2015-09-02 21:14 - 00000000 ____D C:\ProgramData\vsosdk
2015-09-02 21:11 - 2015-09-02 21:11 - 00015487 _____ C:\Users\Admin\Desktop\The Beatles - Let It Be - Entire Album - Shortcut.lnk
2015-09-02 20:33 - 2015-09-14 23:56 - 00000000 ____D C:\Program Files\VSO
2015-09-02 20:33 - 2015-09-02 21:44 - 00000000 ____D C:\ProgramData\VSO
2015-09-02 20:22 - 2015-09-02 20:22 - 00000000 ____D C:\Users\Admin\Documents\DreamVideoSoft
2015-09-02 20:05 - 2015-09-02 20:19 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2015-09-02 20:05 - 2015-09-02 20:19 - 00000000 ____D C:\Program Files\AVS4YOU
2015-09-02 20:05 - 2015-09-02 20:08 - 00000000 ____D C:\ProgramData\AVS4YOU
2015-09-02 20:05 - 2010-05-11 13:17 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-09-02 20:05 - 2010-05-11 13:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll
2015-09-02 02:02 - 2015-09-10 15:23 - 00000000 ____D C:\ProgramData\NCH Software
2015-08-31 11:28 - 2015-08-31 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack
2015-08-31 00:38 - 2015-08-31 00:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4
2015-08-31 00:38 - 2015-08-31 00:38 - 00000000 ____D C:\Users\Admin\AppData\Local\pip
2015-08-31 00:37 - 2015-08-31 00:38 - 00000000 ____D C:\Python34
2015-08-30 20:03 - 2015-09-15 14:11 - 00000000 ____D C:\Users\Admin\Desktop\Loanies
2015-08-30 19:44 - 2015-09-04 10:14 - 00001019 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2015-08-30 19:44 - 2015-08-31 00:38 - 00000000 ____D C:\Users\Admin\AppData\Local\qBittorrent
2015-08-30 19:43 - 2015-09-04 10:14 - 00000000 ____D C:\Program Files\qBittorrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-29 21:12 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2015-09-29 21:10 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2015-09-29 20:54 - 2009-07-14 05:34 - 00023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-29 20:54 - 2009-07-14 05:34 - 00023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-29 20:53 - 2009-07-14 05:39 - 00038485 _____ C:\Windows\setupact.log
2015-09-29 13:14 - 2010-05-24 11:14 - 01632804 _____ C:\Windows\WindowsUpdate.log
2015-09-26 10:26 - 2011-05-09 12:10 - 00150524 _____ C:\Windows\PFRO.log
2015-09-25 21:02 - 2015-08-11 12:00 - 00000000 ____D C:\Program Files\TalkTalk
2015-09-25 13:12 - 2011-09-20 18:12 - 00000000 ____D C:\Users\Admin\AppData\Local\Windows Live Writer
2015-09-24 20:30 - 2009-07-14 05:53 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-24 20:30 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Speech
2015-09-23 02:00 - 2015-08-05 18:37 - 00000000 ____D C:\Users\Admin\Desktop\New folder
2015-09-22 22:42 - 2015-08-13 16:09 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-22 22:39 - 2015-08-13 16:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-22 22:12 - 2015-07-31 11:12 - 00000917 _____ C:\Windows\Tasks\EPSON XP-422 423 425 Series Update {E3CC20A7-B58D-446B-B6BC-940B4A3ADFED}.job
2015-09-22 18:28 - 2015-08-13 16:09 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-22 17:39 - 2015-08-13 16:09 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-22 17:39 - 2015-08-13 16:09 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-22 17:19 - 2010-05-24 11:17 - 00000000 ____D C:\Users\Admin
2015-09-22 17:19 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-22 17:19 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\wfp
2015-09-22 17:18 - 2015-08-13 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-22 17:18 - 2015-07-30 14:57 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-22 17:18 - 2011-09-20 18:10 - 00000000 ____D C:\Program Files\Windows Live
2015-09-22 17:18 - 2010-05-24 11:32 - 00000000 ____D C:\Windows\system32\Macromed
2015-09-22 17:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2015-09-22 17:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-22 17:18 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-22 17:16 - 2011-09-20 17:43 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2015-09-21 22:45 - 2011-09-20 17:43 - 00000000 ____D C:\Users\Admin\AppData\Local\Windows Live
2015-09-21 12:51 - 2011-09-20 18:11 - 00001422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-09-16 09:34 - 2015-08-11 12:05 - 00054968 _____ C:\Windows\system32\Drivers\fsbts.sys
2015-09-15 05:48 - 2015-07-30 15:39 - 00000000 ____D C:\Windows\rescache
2015-09-15 00:00 - 2015-07-31 11:24 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-15 00:00 - 2015-07-31 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-09-15 00:00 - 2015-07-30 12:14 - 00000000 ____D C:\Program Files\Google
2015-09-15 00:00 - 2009-07-14 08:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-09-14 23:55 - 2015-07-31 11:13 - 00000000 ____D C:\Program Files\EPSON Software
2015-09-10 18:31 - 2010-05-24 11:17 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2015-09-10 16:28 - 2015-07-31 11:25 - 00000000 ____D C:\ProgramData\UDL
2015-09-10 15:48 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-09-10 15:45 - 2010-05-24 11:28 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-10 15:20 - 2010-05-24 11:46 - 00000000 ____D C:\Program Files\CDBurnerXP
2015-09-10 05:39 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-10 03:43 - 2009-07-14 05:33 - 00399272 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 03:40 - 2009-07-14 08:49 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 03:16 - 2014-12-17 16:49 - 00000000 ____D C:\Windows\system32\MRT
2015-09-02 22:29 - 2015-08-13 16:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dashlane
2015-09-02 22:29 - 2015-08-13 16:21 - 00000000 ____D C:\Program Files\Dashlane

==================== Files in the root of some directories =======

2015-09-02 20:33 - 2015-09-03 21:49 - 0001144 _____ () C:\Users\Admin\AppData\Roaming\pcouffin.inf
2015-08-15 01:56 - 2015-08-15 01:56 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-05 20:49 - 2015-08-05 20:49 - 0000218 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2015-09-11 10:38 - 2015-09-11 10:38 - 0001534 _____ () C:\ProgramData\ss.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-21 05:59

==================== End of FRST.txt ============================



#15 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:59 PM

Posted 30 September 2015 - 03:28 PM

Hello Tonyjj,

 

I see not FRST Additional log. Please, can you send the Log.

 

Addition.txt is created by default from the first run of FRST, can you check inside this folder: C:\FRST\Logs I need to see that log before we progress. If no Addition log inside the Logs folder run FRST scan one more time, ensure "Addition" is checked in the optional scan box...

Attached Images

 

Ashampoo_Snap_20140927_13h17m38s_001_Far


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users