Solved Ads by Strong Signal

sean · 2015/02/08

[Solved] Ads by Strong Signal

Hi and thanks in advance.

I think this malware came bundled with something my Son loaded (Guitar Pro)?

I have uninstalled it using Revo uninstaller and removed it from the extensions.... The bloody thing keeps coming back!

Scans as instructed:-

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 08/02/2015
Scan Time: 11:42:52
Logfile: MBYTES-SCAN.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.08.04
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: shaun_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 569508
Time Elapsed: 37 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 8
PUP.Optional.StrongSignal.A, C:\Users\caitl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk, Quarantined, [c44e13073e4c5bdbcc82c1c557acd62a],
PUP.Optional.StrongSignal.A, C:\Users\caitl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0, Quarantined, [c44e13073e4c5bdbcc82c1c557acd62a],
PUP.Optional.StrongSignal.A, C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk, Quarantined, [61b17e9c28625ed88fbf285ebe45b050],
PUP.Optional.StrongSignal.A, C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0, Quarantined, [61b17e9c28625ed88fbf285ebe45b050],
PUP.Optional.StrongSignal.A, C:\Users\liamw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk, Quarantined, [3cd62cee6129df579eb0e89ec63d6c94],
PUP.Optional.StrongSignal.A, C:\Users\liamw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0, Quarantined, [3cd62cee6129df579eb0e89ec63d6c94],
PUP.Optional.StrongSignal.A, C:\Program Files (x86)\Strong Signal, Quarantined, [a86a908ab2d8c6703718b3d3d231dc24],
PUP.Optional.StrongSignal.A, C:\Program Files (x86)\Strong Signal\Extensions, Quarantined, [a86a908ab2d8c6703718b3d3d231dc24],

Files: 13
PUP.Optional.StrongSignal.A, C:\Users\caitl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\background.js, Quarantined, [c44e13073e4c5bdbcc82c1c557acd62a],
PUP.Optional.StrongSignal.A, C:\Users\caitl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\content.js, Quarantined, [c44e13073e4c5bdbcc82c1c557acd62a],
PUP.Optional.StrongSignal.A, C:\Users\caitl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\icon.png, Quarantined, [c44e13073e4c5bdbcc82c1c557acd62a],
PUP.Optional.StrongSignal.A, C:\Users\caitl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\manifest.json, Quarantined, [c44e13073e4c5bdbcc82c1c557acd62a],
PUP.Optional.StrongSignal.A, C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\background.js, Quarantined, [61b17e9c28625ed88fbf285ebe45b050],
PUP.Optional.StrongSignal.A, C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\content.js, Quarantined, [61b17e9c28625ed88fbf285ebe45b050],
PUP.Optional.StrongSignal.A, C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\icon.png, Quarantined, [61b17e9c28625ed88fbf285ebe45b050],
PUP.Optional.StrongSignal.A, C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\manifest.json, Quarantined, [61b17e9c28625ed88fbf285ebe45b050],
PUP.Optional.StrongSignal.A, C:\Users\liamw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\background.js, Quarantined, [3cd62cee6129df579eb0e89ec63d6c94],
PUP.Optional.StrongSignal.A, C:\Users\liamw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\content.js, Quarantined, [3cd62cee6129df579eb0e89ec63d6c94],
PUP.Optional.StrongSignal.A, C:\Users\liamw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\icon.png, Quarantined, [3cd62cee6129df579eb0e89ec63d6c94],
PUP.Optional.StrongSignal.A, C:\Users\liamw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\manifest.json, Quarantined, [3cd62cee6129df579eb0e89ec63d6c94],
PUP.Optional.StrongSignal.A, C:\Program Files (x86)\Strong Signal\Extensions\fepampipjplnigjhkaijlbeppicakggl.crx, Quarantined, [a86a908ab2d8c6703718b3d3d231dc24],

Physical Sectors: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 08/02/2015
Scan Time: 11:42:52
Logfile: MBYTES-SCAN.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.08.04
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: shaun_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 569508
Time Elapsed: 37 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 8
PUP.Optional.StrongSignal.A, C:\Users\caitl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk, Quarantined, [c44e13073e4c5bdbcc82c1c557acd62a],
PUP.Optional.StrongSignal.A, C:\Users\caitl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0, Quarantined, [c44e13073e4c5bdbcc82c1c557acd62a],
PUP.Optional.StrongSignal.A, C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk, Quarantined, [61b17e9c28625ed88fbf285ebe45b050],
PUP.Optional.StrongSignal.A, C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0, Quarantined, [61b17e9c28625ed88fbf285ebe45b050],
PUP.Optional.StrongSignal.A, C:\Users\liamw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk, Quarantined, [3cd62cee6129df579eb0e89ec63d6c94],
PUP.Optional.StrongSignal.A, C:\Users\liamw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0, Quarantined, [3cd62cee6129df579eb0e89ec63d6c94],
PUP.Optional.StrongSignal.A, C:\Program Files (x86)\Strong Signal, Quarantined, [a86a908ab2d8c6703718b3d3d231dc24],
PUP.Optional.StrongSignal.A, C:\Program Files (x86)\Strong Signal\Extensions, Quarantined, [a86a908ab2d8c6703718b3d3d231dc24],

Files: 13
PUP.Optional.StrongSignal.A, C:\Users\caitl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\background.js, Quarantined, [c44e13073e4c5bdbcc82c1c557acd62a],
PUP.Optional.StrongSignal.A, C:\Users\caitl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\content.js, Quarantined, [c44e13073e4c5bdbcc82c1c557acd62a],
PUP.Optional.StrongSignal.A, C:\Users\caitl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\icon.png, Quarantined, [c44e13073e4c5bdbcc82c1c557acd62a],
PUP.Optional.StrongSignal.A, C:\Users\caitl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\manifest.json, Quarantined, [c44e13073e4c5bdbcc82c1c557acd62a],
PUP.Optional.StrongSignal.A, C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\background.js, Quarantined, [61b17e9c28625ed88fbf285ebe45b050],
PUP.Optional.StrongSignal.A, C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\content.js, Quarantined, [61b17e9c28625ed88fbf285ebe45b050],
PUP.Optional.StrongSignal.A, C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\icon.png, Quarantined, [61b17e9c28625ed88fbf285ebe45b050],
PUP.Optional.StrongSignal.A, C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\manifest.json, Quarantined, [61b17e9c28625ed88fbf285ebe45b050],
PUP.Optional.StrongSignal.A, C:\Users\liamw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\background.js, Quarantined, [3cd62cee6129df579eb0e89ec63d6c94],
PUP.Optional.StrongSignal.A, C:\Users\liamw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\content.js, Quarantined, [3cd62cee6129df579eb0e89ec63d6c94],
PUP.Optional.StrongSignal.A, C:\Users\liamw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\icon.png, Quarantined, [3cd62cee6129df579eb0e89ec63d6c94],
PUP.Optional.StrongSignal.A, C:\Users\liamw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\manifest.json, Quarantined, [3cd62cee6129df579eb0e89ec63d6c94],
PUP.Optional.StrongSignal.A, C:\Program Files (x86)\Strong Signal\Extensions\fepampipjplnigjhkaijlbeppicakggl.crx, Quarantined, [a86a908ab2d8c6703718b3d3d231dc24],

Physical Sectors: 0
(No malicious items detected)

(end)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 24/01/2015 17:36:46
System Uptime: 08/02/2015 12:23:19 (0 hours ago)
.
Motherboard: Advent | | DT2410
Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz | SOCKET 0 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1856 GiB total, 1298.656 GiB free.
D: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 29/01/2015 12:50:36 - Installing COMODO Antivirus
RP4: 01/02/2015 17:12:01 - Removed GeekBuddy.
RP5: 04/02/2015 23:49:34 - Installed Microsoft Visual C++ 2005 Redistributable
RP6: 07/02/2015 13:47:19 - Revo Uninstaller's restore point - Strong Signal
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
COMODO Antivirus
Comodo Dragon
Company of Heroes
Google Chrome
Google Update Helper
Guitar Pro 5.0
Hellgate: London
Intel(R) Management Engine Components
Intel® Trusted Connect Service Client
iTunes
KNOWHOW APP CENTRE
Last.fm Scrobbler 2.1.36
Led Indicator Keyboard Driver
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft Office
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
ProtectDisc Helper Driver 10
Radioplayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Skypeâ„¢ 5.8
Spartans Vs Zombies Defense
Spotify
Spybot - Search & Destroy
Steam
Team Fortress 2
TimeShift
Unity Web Player
Unturned
WinRAR 5.20 (32-bit)
WWII Tank Commander
.
==== Event Viewer Messages From Past Week ========
.
08/02/2015 08:35:42, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
05/02/2015 19:49:12, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05/02/2015 15:37:57, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
04/02/2015 12:19:31, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
03/02/2015 18:57:21, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
03/02/2015 05:21:03, Error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
01/02/2015 22:06:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
01/02/2015 22:06:04, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

broni · 2015/02/08

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================

I still need DDS.txt log from DDS.

sean · 2015/02/08

Hi Broni and cheers.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16384
Run by shaun_000 at 12:30:11 on 2015-02-08
Microsoft Windows 8 6.2.9200.0.1252.44.1033.18.8148.6653 [GMT 0:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus *Enabled/Updated* {F0BC89B2-8937-0933-021B-B17D981F2A71}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Comodo Defense+ *Enabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\4\plugin.exe
C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\5\plugin.exe
C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\3\plugin.exe
C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\2\plugin.exe
C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\3\plugin.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\splwow64.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/
mStart Page = www.google.com
mSearch Page = www.google.com
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
uRun: [LedIndicatorKeyboardDriver] "C:\Program Files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe" showhide
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [KNOWHOW APP CENTRE] "C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{5501DBE1-77D3-4F06-AE0E-EF582C45AB90} : DHCPNameServer = 192.168.1.1 0.0.0.0
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = www.google.com
x64-mSearch Page = www.google.com
x64-mDefault_Page_URL = www.google.com
x64-mDefault_Search_URL = www.google.com
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\Drivers\cmderd.sys [2014-12-9 20184]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\Drivers\cmdguard.sys [2014-12-9 807568]
R1 cmdhlp;COMODO Internet Security Helper Driver;C:\Windows\System32\Drivers\cmdhlp.sys [2014-12-9 35080]
R2 acedrv10;acedrv10;C:\Windows\System32\Drivers\acedrv10.sys [2015-1-25 276480]
R2 acehlp10;acehlp10;C:\Windows\System32\Drivers\acehlp10.sys [2015-1-25 246360]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-11-27 2370240]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-23 165760]
R2 Service Mgr StrongSignal;Service Mgr StrongSignal;C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe [2015-2-4 577272]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-23 364416]
R2 Update Mgr StrongSignal;Update Mgr StrongSignal;C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe [2015-2-4 384760]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2015-2-5 129752]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-8-23 683664]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-12-9 2265304]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2014-8-15 54784]
.
=============== Created Last 30 ================
.
2015-02-08 12:26:09 -------- d-----w- C:\Program Files (x86)\Strong Signal
2015-02-07 13:46:46 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2015-02-05 15:48:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-02-05 15:48:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2015-02-05 10:19:57 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-05 10:19:48 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-02-05 10:19:47 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-02-05 10:19:47 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-02-05 10:19:47 -------- d-----w- C:\ProgramData\Malwarebytes
2015-02-05 10:19:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 23:59:15 -------- d-----w- C:\Program Files (x86)\Guitar Pro 5
2015-02-04 23:58:04 -------- d-----w- C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce
2015-02-04 23:58:03 -------- d-----w- C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce
2015-02-04 23:52:24 -------- d-----w- C:\ProgramData\Guitar Pro 6
2015-02-04 23:48:58 -------- d-----w- C:\Program Files (x86)\Guitar Pro 6
2015-02-02 17:48:49 -------- d-----w- C:\Users\shaun_000\AppData\Roaming\Unity
2015-02-01 22:01:55 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2015-02-01 22:01:53 -------- d-----w- C:\Program Files (x86)\Steam
2015-01-30 00:20:46 -------- d-----w- C:\Program Files (x86)\Anvsoft
2015-01-29 12:51:38 -------- d-----w- C:\ProgramData\Shared Space
2015-01-29 12:50:13 -------- d-----w- C:\Program Files\COMODO
2015-01-29 12:50:04 -------- d-----w- C:\Users\shaun_000\AppData\Local\Comodo
2015-01-29 12:50:02 57096 ----a-w- C:\Windows\System32\certsentry.dll
2015-01-29 12:50:02 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
2015-01-29 12:49:55 -------- d-----w- C:\Program Files (x86)\Comodo
2015-01-29 12:49:51 -------- d-----w- C:\ProgramData\Comodo Downloader
2015-01-29 12:49:26 -------- d-----w- C:\ProgramData\Comodo
2015-01-29 07:25:04 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2B8DB8C7-275A-46AD-9838-1FD33FB73B27}\mpengine.dll
2015-01-27 06:02:08 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAR.DLL
2015-01-27 06:02:08 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAR.DLL
2015-01-27 06:02:03 385024 ----a-w- C:\Windows\System32\CNMLMAR.DLL
2015-01-27 06:01:56 323584 ----a-w- C:\Windows\SysWow64\CNC_ARL.dll
2015-01-27 06:01:56 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2015-01-27 06:01:56 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2015-01-27 06:01:56 114688 ----a-w- C:\Windows\SysWow64\CNC_ARU.dll
2015-01-27 06:01:56 112128 ----a-w- C:\Windows\System32\CNC_ARI.dll
2015-01-26 17:39:04 -------- d-----w- C:\Program Files (x86)\THQ
2015-01-25 21:31:17 -------- d-----w- C:\ProgramData\Last.fm
2015-01-25 20:20:37 -------- d-----w- C:\Program Files (x86)\Last.fm
2015-01-25 20:16:04 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2015-01-25 20:15:28 -------- d-----w- C:\Program Files\iPod
2015-01-25 20:15:26 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-25 20:15:26 -------- d-----w- C:\Program Files\iTunes
2015-01-25 20:15:26 -------- d-----w- C:\Program Files (x86)\iTunes
2015-01-25 20:14:34 -------- d-----w- C:\Program Files\Bonjour
2015-01-25 20:14:34 -------- d-----w- C:\Program Files (x86)\Bonjour
2015-01-25 16:26:00 506728 ----a-w- C:\Windows\System32\d3dx10_34.dll
2015-01-25 16:26:00 443752 ----a-w- C:\Windows\SysWow64\d3dx10_34.dll
2015-01-25 16:26:00 1401200 ----a-w- C:\Windows\System32\D3DCompiler_34.dll
2015-01-25 16:26:00 1124720 ----a-w- C:\Windows\SysWow64\D3DCompiler_34.dll
2015-01-25 16:25:59 4496232 ----a-w- C:\Windows\System32\d3dx9_34.dll
2015-01-25 16:25:59 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll
2015-01-25 16:25:51 -------- d-----w- C:\ProgramData\Media Center Programs
2015-01-25 16:14:21 -------- d-----w- C:\Program Files\Flagship Studios
2015-01-25 13:10:10 -------- d-----w- C:\Program Files (x86)\Merscom
2015-01-25 13:09:56 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2015-01-25 13:09:56 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2015-01-25 13:09:56 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2015-01-25 13:09:56 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2015-01-25 13:09:56 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2015-01-25 13:09:51 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2015-01-25 13:09:51 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2015-01-25 01:27:18 -------- d-----w- C:\Windows.old
2015-01-25 01:07:29 -------- d--h--w- C:\$SysReset
2015-01-24 19:32:55 -------- d-----w- C:\Users\shaun_000\AppData\Local\Unity
2015-01-24 17:53:43 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
2015-01-24 17:52:28 -------- d-----w- C:\Windows\PCHEALTH
2015-01-24 17:39:16 -------- d-----w- C:\Users\shaun_000\AppData\Local\VirtualStore
2015-01-24 17:37:57 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2015-01-24 17:29:41 6000640 ----a-w- C:\Program Files (x86)\GUTB189.tmp
2015-01-24 17:29:41 -------- d-----w- C:\Program Files (x86)\GUMB0EC.tmp
.
==================== Find3M ====================
.
2015-01-30 12:27:59 807568 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2015-01-30 12:27:59 35080 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2015-01-30 12:27:59 20184 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2015-01-30 12:27:46 40736 ----a-w- C:\Windows\System32\cmdcsr.dll
2015-01-30 12:27:45 481576 ----a-w- C:\Windows\System32\guard64.dll
2015-01-30 12:27:45 386768 ----a-w- C:\Windows\SysWow64\guard32.dll
2015-01-30 12:27:41 354520 ----a-w- C:\Windows\System32\cmdvrt64.dll
2015-01-30 12:27:39 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
2015-01-30 12:27:35 286424 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2015-01-30 12:27:34 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2015-01-25 19:11:44 276480 ----a-w- C:\Windows\System32\drivers\acedrv10.sys
2015-01-25 19:11:44 246360 ----a-w- C:\Windows\System32\drivers\acehlp10.sys
.
============= FINISH: 12:30:56.11 ===============

broni · 2015/02/08

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.

Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.

Double click on downloaded file. OK self extracting prompt.

MBAR will start. Click "Next" to continue.

Click in the following screen "Update" to obtain the latest malware definitions.

Once the update is complete select "Next" and click "Scan ".

When the scan is finished and no malware has been found select "Exit ".

If malware was detected, make sure to check all the items and click "Cleanup ". Reboot your computer.

Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:

"mbar-log-{date} (xx-xx-xx).txt "

"system-log.txt "

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

sean · 2015/02/09

Hi

RK:

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : shaun_000 [Administrator]
Mode : Delete -- Date : 02/09/2015 07:59:42

¤¤¤ Processes : 6 ¤¤¤
[Suspicious.Path] plugincontainer.exe(1284) -- C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe[7] -> Killed [TermProc]
[Suspicious.Path] Plugin.exe(4524) -- C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\4\plugin.exe[7] -> Killed [TermThr]
[Suspicious.Path] Plugin.exe(4512) -- C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\3\plugin.exe[7] -> Killed [TermThr]
[Suspicious.Path] Plugin.exe(2756) -- C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\2\plugin.exe[7] -> Killed [TermThr]
[Suspicious.Path] Plugin.exe(88) -- C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\5\plugin.exe[7] -> Killed [TermThr]
[Suspicious.Path] Plugin.exe(3784) -- C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\3\plugin.exe[7] -> Killed [TermThr]

¤¤¤ Registry : 21 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service Mgr StrongSignal ( "C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe ") -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service Mgr StrongSignal ( "C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe ") -> Not selected
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5501DBE1-77D3-4F06-AE0E-EF582C45AB90} | DhcpNameServer : 192.168.1.1 0.0.0.0 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5501DBE1-77D3-4F06-AE0E-EF582C45AB90} | DhcpNameServer : 192.168.1.1 0.0.0.0 [(Private Address) (XX)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-255547870-3018188362-2244270488-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-255547870-3018188362-2244270488-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-255547870-3018188362-2244270488-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-255547870-3018188362-2244270488-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD20EARX-00PASB0 +++++
--- User ---
[MBR] 06b441246ff8516eaa1d7bc3c76fa1c1
[BSP] 82abe087f8458146116ccbe76c1b606e : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_02092015_074818.log

MB-Rootkit:

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
main: v2015.02.09.03
rootkit: v2015.02.03.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16384
shaun_000 :: WADE-PC [administrator]

09/02/2015 08:28:25
mbar-log-2015-02-09 (08-28-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 570170
Time elapsed: 37 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

________________________

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16384

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 8543719424, free: 7118716928

Downloaded database version: v2015.02.09.03
Downloaded database version: v2015.02.03.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
02/09/2015 08:28:14
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\cmdhlp.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\parport.sys
\??\C:\Windows\system32\drivers\acehlp10.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\netr28ux.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\acedrv10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.02.09.03
rootkit: v2015.02.03.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007d7d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007d7db10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007d7d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800732b980, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800732d260, DeviceName: \Device\00000035\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 33885AB4

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 1529338773
GPT Header CurrentLba = 1 BackupLba 3907029167
GPT Header FirstUsableLba 34 LastUsableLba 3907029134
GPT Header Guid 4003152-7391-4e4f-8c5c-b241ec352738
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 1529338773
Backup GPT header CurrentLba = 3907029167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 3907029134
Backup GPT header Guid 4003152-7391-4e4f-8c5c-b241ec352738
Backup GPT header Contains 128 partition entries starting at LBA 3907029135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 94122e44-47da-4eb2-8ce8-b83544e426bf
FirstLBA 2048 Last LBA 616447
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 6362ff04-73de-42dd-b576-f1eb902ce4d0
FirstLBA 616448 Last LBA 821247
Attributes 0
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 541a0693-9c30-43f1-b3eb-8fd35c8a4fd7
FirstLBA 821248 Last LBA 1083391
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 67ffbd38-c382-44e1-8df4-4c8e22e0448b
FirstLBA 1083392 Last LBA 3893923839
Attributes 0
Partition Name Basic data partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 5ff7fe70-210c-4a5f-8868-c685ec52fd6f
FirstLBA 3893923840 Last LBA 3907028991
Attributes 1
Partition Name Basic data partition

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800a700060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a6dbb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a700060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800a6c7b00, DeviceName: \Device\00000044\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8007329060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a6d5b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007329060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800a6deb00, DeviceName: \Device\00000045\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800a6fe060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a6d7b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a6fe060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800a6dcb00, DeviceName: \Device\00000046\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800a6fd060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a6d6b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a6fd060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800a6ddb00, DeviceName: \Device\00000047\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

sean · 2015/02/09

Just got some pop ups while I was posting?... Pop ups filling the screen. Also the extension keep loading itself?

Thanks

broni · 2015/02/09

We'll get there....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

sean · 2015/02/12

Hi Broni

Managed the Combo Fix Scan, but I don't know how to get in to safe mode, the the only way i know...tapping F8/F12, no joy mate?

Cheers

broni · 2015/02/12

Why exactly do you want to go to safe mode?
Did you get a log from Combofix scan?
If so post it.

sean · 2015/02/14

It says it in your instructions, so, do i run it in normal boot?

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

sean · 2015/02/14

ComboFix 15-02-09.01 - shaun_000 12/02/2015 16:30:36.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.44.1033.18.8148.6070 [GMT 0:00]
Running from: c:\users\shaun_000\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {F0BC89B2-8937-0933-021B-B17D981F2A71}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Comodo Defense+ *Enabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\3\c97d7223-1ea5-4f97-a8f8-c51417fdcb54.dll
c:\programdata\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\3bak\c97d7223-1ea5-4f97-a8f8-c51417fdcb54.dll
c:\programdata\ntuser.pol
.
.
((((((((((((((((((((((((( Files Created from 2015-01-12 to 2015-02-12 )))))))))))))))))))))))))))))))
.
.
2015-02-12 16:53 . 2015-02-12 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-12 16:53 . 2015-02-12 16:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-02-09 08:28 . 2015-02-09 11:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-09 07:44 . 2015-02-09 07:44 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-09 07:44 . 2015-02-09 07:44 -------- d-----w- c:\programdata\RogueKiller
2015-02-08 15:58 . 2015-02-08 15:59 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2015-02-08 15:58 . 2015-02-08 15:59 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2015-02-08 12:26 . 2015-02-08 12:26 -------- d-----w- c:\program files (x86)\Strong Signal
2015-02-07 13:46 . 2015-02-08 08:32 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-02-05 15:48 . 2015-02-05 16:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-02-05 15:48 . 2015-02-05 15:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2015-02-05 10:19 . 2015-02-09 08:28 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-05 10:19 . 2015-02-09 08:27 97496 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-05 10:19 . 2015-02-05 10:19 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-05 10:19 . 2015-02-05 10:19 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-05 10:19 . 2015-02-05 10:19 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-05 10:19 . 2015-02-05 10:19 -------- d-----w- c:\programdata\Malwarebytes
2015-02-04 23:59 . 2015-02-04 23:59 -------- d-----w- c:\program files (x86)\Guitar Pro 5
2015-02-04 23:58 . 2015-02-12 10:04 -------- d-----w- c:\program files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce
2015-02-04 23:58 . 2015-02-12 10:04 -------- d-----w- c:\programdata\0780f478-67ce-4ec3-98db-39a65f4618ce
2015-02-04 23:52 . 2015-02-04 23:52 -------- d-----w- c:\programdata\Guitar Pro 6
2015-02-04 23:48 . 2015-02-04 23:55 -------- d-----w- c:\program files (x86)\Guitar Pro 6
2015-02-01 22:01 . 2015-02-02 22:22 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-02-01 22:01 . 2015-02-11 22:35 -------- d-----w- c:\program files (x86)\Steam
2015-01-30 00:20 . 2015-01-30 00:20 -------- d-----w- c:\program files (x86)\Anvsoft
2015-01-29 12:51 . 2015-01-29 12:51 -------- d-----w- c:\programdata\Shared Space
2015-01-29 12:50 . 2015-01-29 12:51 -------- d-----w- c:\program files\COMODO
2015-01-29 12:50 . 2015-01-29 12:50 57096 ----a-w- c:\windows\system32\certsentry.dll
2015-01-29 12:50 . 2015-01-29 12:50 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
2015-01-29 12:49 . 2015-01-29 12:49 -------- d-----w- c:\program files (x86)\Comodo
2015-01-29 12:49 . 2015-01-29 12:49 -------- d-----w- c:\programdata\Comodo Downloader
2015-01-29 12:49 . 2015-01-29 12:51 -------- d-----w- c:\programdata\Comodo
2015-01-29 07:25 . 2012-06-23 23:24 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B8DB8C7-275A-46AD-9838-1FD33FB73B27}\mpengine.dll
2015-01-27 06:02 . 2015-01-27 06:02 -------- d--h--w- c:\programdata\CanonBJ
2015-01-27 06:02 . 2012-03-14 05:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAR.DLL
2015-01-27 06:02 . 2012-03-14 05:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAR.DLL
2015-01-27 06:02 . 2012-03-14 05:00 385024 ----a-w- c:\windows\system32\CNMLMAR.DLL
2015-01-27 06:01 . 2011-04-27 11:00 323584 ----a-w- c:\windows\SysWow64\CNC_ARL.dll
2015-01-27 06:01 . 2011-03-31 10:07 114688 ----a-w- c:\windows\SysWow64\CNC_ARU.dll
2015-01-27 06:01 . 2011-03-31 10:06 112128 ----a-w- c:\windows\system32\CNC_ARI.dll
2015-01-27 06:01 . 2008-08-25 18:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2015-01-27 06:01 . 2008-08-25 18:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2015-01-26 17:39 . 2015-01-26 17:39 -------- d-----w- c:\program files (x86)\THQ
2015-01-25 21:31 . 2015-01-25 21:31 -------- d-----w- c:\programdata\Last.fm
2015-01-25 20:20 . 2015-01-25 20:20 -------- d-----w- c:\program files (x86)\Last.fm
2015-01-25 20:16 . 2015-01-25 20:16 -------- dc----w- c:\windows\system32\DRVSTORE
2015-01-25 20:16 . 2012-10-03 16:14 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2015-01-25 20:15 . 2015-01-25 20:15 -------- d-----w- c:\program files\iPod
2015-01-25 20:15 . 2015-01-25 21:31 -------- d-----w- c:\program files (x86)\iTunes
2015-01-25 20:15 . 2015-01-25 20:16 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-25 20:15 . 2015-01-25 20:16 -------- d-----w- c:\program files\iTunes
2015-01-25 20:15 . 2015-01-25 20:15 -------- d-----w- c:\programdata\Apple Computer
2015-01-25 20:15 . 2015-01-25 20:15 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-01-25 20:14 . 2015-01-25 20:15 -------- d-----w- c:\program files\Common Files\Apple
2015-01-25 20:14 . 2015-01-25 20:14 -------- d-----w- c:\program files\Bonjour
2015-01-25 20:14 . 2015-01-25 20:14 -------- d-----w- c:\program files (x86)\Bonjour
2015-01-25 20:14 . 2015-01-25 20:15 -------- d-----w- c:\program files (x86)\Common Files\Apple
2015-01-25 20:14 . 2015-01-25 20:15 -------- d-----w- c:\programdata\Apple
2015-01-25 19:11 . 2015-01-25 19:11 276480 ----a-w- c:\windows\system32\drivers\acedrv10.sys
2015-01-25 16:26 . 2007-05-16 16:45 506728 ----a-w- c:\windows\system32\d3dx10_34.dll
2015-01-25 16:26 . 2007-05-16 16:45 443752 ----a-w- c:\windows\SysWow64\d3dx10_34.dll
2015-01-25 16:26 . 2007-05-16 16:45 1401200 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2015-01-25 16:26 . 2007-05-16 16:45 1124720 ----a-w- c:\windows\SysWow64\D3DCompiler_34.dll
2015-01-25 16:25 . 2007-05-16 16:45 4496232 ----a-w- c:\windows\system32\d3dx9_34.dll
2015-01-25 16:25 . 2007-05-16 16:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2015-01-25 16:25 . 2015-01-25 16:25 -------- d-----w- c:\programdata\Media Center Programs
2015-01-25 16:14 . 2015-01-25 16:14 -------- d-----w- c:\program files\Flagship Studios
2015-01-25 13:10 . 2015-01-25 13:10 -------- d-----w- c:\program files (x86)\Merscom
2015-01-25 13:09 . 2002-12-05 14:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2015-01-25 13:09 . 2002-12-05 14:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2015-01-25 13:09 . 2002-12-02 15:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2015-01-25 13:09 . 2002-12-02 13:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2015-01-25 13:09 . 2002-12-02 13:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2015-01-25 13:09 . 2015-01-25 13:09 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2015-01-25 13:09 . 2015-01-25 13:09 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2015-01-25 01:27 . 2015-01-25 14:42 -------- d-----w- C:\Windows.old
2015-01-25 01:07 . 2015-01-25 10:22 -------- d-----w- C:\$SysReset
2015-01-24 17:53 . 2015-01-24 17:53 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync
2015-01-24 17:52 . 2015-01-24 17:52 -------- d-----w- c:\windows\PCHEALTH
2015-01-24 17:37 . 2015-01-24 17:37 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2015-01-24 17:33 . 2015-01-26 17:39 -------- d-----w- c:\users\keyra_000
2015-01-24 17:33 . 2015-01-26 17:39 -------- d-----w- c:\users\liamw_000
2015-01-24 17:33 . 2015-01-26 12:09 -------- d-----w- c:\users\caitl_000
2015-01-24 17:32 . 2015-01-24 18:33 -------- d-----w- c:\users\shaun_000
2015-01-24 17:32 . 2015-01-26 14:46 -------- d-----w- c:\users\asw19_000
2015-01-24 17:30 . 2012-08-23 10:06 -------- d-----w- c:\users\Default\AppData\Local\Google
2015-01-24 17:30 . 2012-08-23 10:04 -------- d-----w- c:\users\Default\AppData\Local\Adobe
2015-01-24 17:30 . 2012-08-23 09:51 -------- d-----w- c:\users\Default\AppData\Roaming\ATI
2015-01-24 17:30 . 2012-08-23 09:51 -------- d-----w- c:\users\Default\AppData\Local\ATI
2015-01-24 17:30 . 2012-08-01 08:01 -------- d-----w- c:\users\Default\AppData\Local\Packages
2015-01-24 17:29 . 2015-01-24 17:29 -------- d-----w- c:\program files (x86)\GUMB0EC.tmp
2015-01-24 17:29 . 2015-01-24 17:29 6000640 ----a-w- c:\program files (x86)\GUTB189.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-30 12:27 . 2014-12-09 00:20 807568 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2015-01-30 12:27 . 2014-12-09 00:20 35080 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2015-01-30 12:27 . 2014-12-09 00:20 20184 ----a-w- c:\windows\system32\drivers\cmderd.sys
2015-01-30 12:27 . 2014-12-09 00:20 126208 ----a-w- c:\windows\system32\drivers\inspect.sys
2015-01-30 12:27 . 2014-12-09 00:20 40736 ----a-w- c:\windows\system32\cmdcsr.dll
2015-01-30 12:27 . 2014-12-09 00:20 481576 ----a-w- c:\windows\system32\guard64.dll
2015-01-30 12:27 . 2014-12-09 00:20 386768 ----a-w- c:\windows\SysWow64\guard32.dll
2015-01-30 12:27 . 2014-12-09 00:20 354520 ----a-w- c:\windows\system32\cmdvrt64.dll
2015-01-30 12:27 . 2014-12-09 00:20 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
2015-01-30 12:27 . 2014-12-09 00:20 286424 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2015-01-30 12:27 . 2014-12-09 00:20 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2015-01-24 17:39 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2015-02-08 15:58 294456 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LedIndicatorKeyboardDriver "= "c:\program files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe" [2011-09-05 3284480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC "= "c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"KNOWHOW APP CENTRE "= "c:\program files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\ismagent.exe" [2012-08-03 155488]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"EnableUIADesktopToggle "= 0 (0x0)
"EnableCursorSuppression "= 1 (0x1)
"ConsentPromptBehaviorUser "= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs "=1 (0x1)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdhlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys;c:\windows\SYSNATIVE\drivers\acedrv10.sys [x]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys;c:\windows\SYSNATIVE\drivers\acehlp10.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Service Mgr StrongSignal;Service Mgr StrongSignal;c:\programdata\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe;c:\programdata\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Update Mgr StrongSignal;Update Mgr StrongSignal;c:\program files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe;c:\program files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-06 05:24 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 10:04]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 08:11]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d037fb6c5a68b1.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 08:11]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 08:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2015-02-08 15:58 357432 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL "= "c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue "=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue "=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdAgent\Mode\Data]
"SymbolicLinkValue "=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdAgent\Mode\Options]
"SymbolicLinkValue "=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue "=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue "=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2015-02-12 16:56:58
ComboFix-quarantined-files.txt 2015-02-12 16:56
.
Pre-Run: 1,375,573,127,168 bytes free
Post-Run: 1,375,384,145,920 bytes free
.
- - End Of File - - 03592695F33472DCB48229FA74330A63
5FB38429D5D77768867C76DCBDB35194

broni · 2015/02/14

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

sean · 2015/02/15

# AdwCleaner v3.010 - Report created 21/10/2013 at 18:49:02
# Updated 20/10/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : shaun_000 - WADE-PC
# Running from : C:\Users\shaun_000\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\keyra_000\AppData\Roaming\OpenCandy
File Deleted : C:\END

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\Software\TENCENT

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\shaun_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\asw19_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

[ File : C:\Users\caitl_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5474 octets] - [12/10/2013 19:08:23]
AdwCleaner[R1].txt - [868 octets] - [12/10/2013 19:55:30]
AdwCleaner[R2].txt - [1555 octets] - [21/10/2013 18:47:17]
AdwCleaner[S0].txt - [5453 octets] - [12/10/2013 19:10:14]
AdwCleaner[S1].txt - [1474 octets] - [21/10/2013 18:49:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1534 octets] ##########
# AdwCleaner v4.110 - Logfile created 15/02/2015 at 12:56:00
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8 (x64)
# Username : shaun_000 - WADE-PC
# Running from : C:\Users\shaun_000\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : Service Mgr StrongSignal
Service Deleted : Update Mgr StrongSignal

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Strong Signal
Folder Deleted : C:\Users\shaun_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
File Deleted : C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : LaunchSignup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\SupDp

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.16384

-\\ Google Chrome v40.0.2214.111

[C:\Users\asw19_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1423094270&from=cor&uid=WDCXWD20EARX-00PASB0_WD-WCAZAF82888028880&q={searchTerms}
[C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1423094270&from=cor&uid=WDCXWD20EARX-00PASB0_WD-WCAZAF82888028880&q={searchTerms}
[C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1423094270&from=cor&uid=WDCXWD20EARX-00PASB0_WD-WCAZAF82888028880&q={searchTerms}
[C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1423094270&from=cor&uid=WDCXWD20EARX-00PASB0_WD-WCAZAF82888028880&q={searchTerms}

-\\ Comodo Dragon v36.1.1.21

[C:\Users\asw19_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1423094270&from=cor&uid=WDCXWD20EARX-00PASB0_WD-WCAZAF82888028880&q={searchTerms}
[C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1423094270&from=cor&uid=WDCXWD20EARX-00PASB0_WD-WCAZAF82888028880&q={searchTerms}
[C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1423094270&from=cor&uid=WDCXWD20EARX-00PASB0_WD-WCAZAF82888028880&q={searchTerms}
[C:\Users\keyra_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1423094270&from=cor&uid=WDCXWD20EARX-00PASB0_WD-WCAZAF82888028880&q={searchTerms}

*************************

AdwCleaner[R0].txt - [8889 bytes] - [12/10/2013 18:08:23]
AdwCleaner[R10].txt - [7685 bytes] - [09/11/2014 11:38:40]
AdwCleaner[R11].txt - [5285 bytes] - [24/12/2014 15:45:25]
AdwCleaner[R12].txt - [3279 bytes] - [22/01/2015 18:16:13]
AdwCleaner[R1].txt - [5854 bytes] - [12/10/2013 18:55:30]
AdwCleaner[R2].txt - [1555 bytes] - [21/10/2013 17:47:17]
AdwCleaner[R3].txt - [1668 bytes] - [10/11/2013 14:45:58]
AdwCleaner[R4].txt - [7710 bytes] - [04/07/2014 05:22:10]
AdwCleaner[R5].txt - [6826 bytes] - [04/07/2014 05:35:37]
AdwCleaner[R6].txt - [2534 bytes] - [07/07/2014 05:41:47]
AdwCleaner[R7].txt - [2291 bytes] - [26/07/2014 12:25:16]
AdwCleaner[R8].txt - [3934 bytes] - [17/08/2014 16:32:30]
AdwCleaner[R9].txt - [2824 bytes] - [24/09/2014 17:40:02]
AdwCleaner[S0].txt - [9614 bytes] - [12/10/2013 18:10:14]
AdwCleaner[S10].txt - [7579 bytes] - [24/12/2014 17:09:59]
AdwCleaner[S11].txt - [4381 bytes] - [22/01/2015 18:20:00]
AdwCleaner[S1].txt - [7248 bytes] - [21/10/2013 17:49:02]
AdwCleaner[S2].txt - [1721 bytes] - [10/11/2013 14:47:23]
AdwCleaner[S3].txt - [1357 bytes] - [04/07/2014 05:33:13]
AdwCleaner[S4].txt - [6976 bytes] - [04/07/2014 05:55:27]
AdwCleaner[S5].txt - [2607 bytes] - [07/07/2014 05:57:46]
AdwCleaner[S6].txt - [2366 bytes] - [26/07/2014 13:15:57]
AdwCleaner[S7].txt - [4027 bytes] - [17/08/2014 17:22:03]
AdwCleaner[S8].txt - [2895 bytes] - [24/09/2014 18:28:30]
AdwCleaner[S9].txt - [17454 bytes] - [09/11/2014 14:20:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7780 bytes] ##########

sean · 2015/02/15

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8 x64
Ran by shaun_000 on 15/02/2015 at 13:01:10.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/02/2015 at 13:09:05.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

sean · 2015/02/15

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by shaun_000 (administrator) on WADE-PC on 15-02-2015 13:27:02
Running from C:\Users\shaun_000\Desktop
Loaded Profiles: shaun_000 (Available profiles: shaun_000 & asw19_000 & keyra_000 & liamw_000 & caitl_000 & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(AMD) C:\Windows\System32\atieclxx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KNOWHOW APP CENTRE] => C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\ismagent.exe [155488 2012-08-03] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-255547870-3018188362-2244270488-1002\...\Run: [LedIndicatorKeyboardDriver] => C:\Program Files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe [3284480 2011-09-05] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-255547870-3018188362-2244270488-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-255547870-3018188362-2244270488-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-255547870-3018188362-2244270488-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-255547870-3018188362-2244270488-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\shaun_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-255547870-3018188362-2244270488-1002: intel.com/AppUp -> C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\npAppUp.dll (Intel)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/ "
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (IntelÃ‚® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (IntelÃ‚® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (AppUp) - C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\npAppUp.dll (Intel)
CHR Profile: C:\Users\shaun_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\shaun_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\shaun_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-02-03] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-02-03] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [276480 2015-01-25] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [246360 2015-01-25] (Protect Software GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [30208 2012-07-26] (Microsoft Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [807568 2015-01-30] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2015-01-30] (COMODO)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126208 2015-01-30] (COMODO)
R3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2217616 2014-10-18] (MediaTek Inc.)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [35064 2015-02-09] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 13:27 - 2015-02-15 13:27 - 00010641 _____ () C:\Users\shaun_000\Desktop\FRST.txt
2015-02-15 13:23 - 2015-02-15 13:27 - 00000000 ____D () C:\FRST
2015-02-15 13:09 - 2015-02-15 13:09 - 00000616 _____ () C:\Users\shaun_000\Desktop\JRT.txt
2015-02-15 12:58 - 2015-02-15 13:09 - 00000000 ____D () C:\Users\shaun_000\Desktop\BRONI 2
2015-02-15 12:51 - 2015-02-15 12:51 - 02134528 _____ (Farbar) C:\Users\shaun_000\Desktop\FRST64.exe
2015-02-15 12:50 - 2015-02-15 12:50 - 01388274 _____ (Thisisu) C:\Users\shaun_000\Desktop\JRT.exe
2015-02-15 12:50 - 2015-02-15 12:50 - 01125888 _____ (Farbar) C:\Users\shaun_000\Desktop\FRST.exe
2015-02-15 12:49 - 2015-02-15 12:49 - 02112512 _____ () C:\Users\shaun_000\Desktop\adwcleaner_4.110.exe
2015-02-15 06:15 - 2015-02-15 06:15 - 00000117 _____ () C:\Windows\system32\netcfg-219898218.txt
2015-02-15 06:15 - 2015-02-15 06:15 - 00000117 _____ () C:\Windows\system32\netcfg-219897296.txt
2015-02-14 07:34 - 2015-02-14 07:34 - 00000117 _____ () C:\Windows\system32\netcfg-138285062.txt
2015-02-14 07:34 - 2015-02-14 07:34 - 00000117 _____ () C:\Windows\system32\netcfg-138284796.txt
2015-02-13 06:15 - 2015-02-13 06:19 - 00000000 ____D () C:\Users\shaun_000\Desktop\LCS- SAFETY FOLDER
2015-02-13 06:14 - 2015-02-13 06:15 - 00000000 ____D () C:\Users\shaun_000\Desktop\LCS - ENVIRO FOLDER
2015-02-13 04:59 - 2015-02-13 04:59 - 00000117 _____ () C:\Windows\system32\netcfg-42591437.txt
2015-02-13 04:59 - 2015-02-13 04:59 - 00000117 _____ () C:\Windows\system32\netcfg-42590093.txt
2015-02-12 22:05 - 2015-02-12 22:06 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-02-12 22:05 - 2015-02-12 22:05 - 00000000 ____D () C:\ProgramData\Steam
2015-02-12 21:18 - 2015-02-12 21:18 - 00000117 _____ () C:\Windows\system32\netcfg-14892453.txt
2015-02-12 20:23 - 2015-02-12 20:23 - 00000117 _____ () C:\Windows\system32\netcfg-11584687.txt
2015-02-12 16:57 - 2015-02-12 16:57 - 00019031 _____ () C:\ComboFix.txt
2015-02-12 16:28 - 2015-02-12 16:27 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-12 16:28 - 2015-02-12 16:27 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-12 16:28 - 2015-02-12 16:27 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-12 16:28 - 2015-02-12 16:27 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-02-12 16:28 - 2015-02-12 16:27 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-12 16:28 - 2015-02-12 16:27 - 00098816 _____ () C:\Windows\sed.exe
2015-02-12 16:28 - 2015-02-12 16:27 - 00080412 _____ () C:\Windows\grep.exe
2015-02-12 16:28 - 2015-02-12 16:27 - 00068096 _____ () C:\Windows\zip.exe
2015-02-12 16:28 - 2015-02-12 16:27 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-12 16:27 - 2015-02-12 16:27 - 00000000 ____D () C:\Users\shaun_000\AppData\Local\CrashDumps
2015-02-12 16:25 - 2015-02-12 16:57 - 00000000 ____D () C:\Qoobox
2015-02-12 16:24 - 2015-02-12 16:54 - 00000000 ____D () C:\Windows\erdnt
2015-02-12 05:01 - 2015-02-12 05:01 - 00000117 _____ () C:\Windows\system32\netcfg-56922390.txt
2015-02-12 05:01 - 2015-02-12 05:01 - 00000117 _____ () C:\Windows\system32\netcfg-56921453.txt
2015-02-11 22:32 - 2015-02-11 22:32 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00069448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-02-11 22:32 - 2015-02-11 22:32 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-02-11 12:45 - 2015-02-11 12:45 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\shaun_000\Desktop\rkill.exe
2015-02-11 12:35 - 2015-02-12 16:24 - 05611930 ____R (Swearware) C:\Users\shaun_000\Desktop\ComboFix.exe
2015-02-11 06:38 - 2015-02-11 06:38 - 00083296 _____ () C:\Users\shaun_000\Desktop\1975096_265836583595060_1936534027_n.jpeg
2015-02-11 06:12 - 2015-02-11 06:12 - 00000117 _____ () C:\Windows\system32\netcfg-236897406.txt
2015-02-11 00:46 - 2015-02-11 00:46 - 00000117 _____ () C:\Windows\system32\netcfg-217367812.txt
2015-02-10 21:31 - 2015-02-10 21:31 - 00000000 ____D () C:\Users\keyra_000\AppData\Roaming\StunlockStudios
2015-02-10 06:30 - 2015-02-10 06:30 - 00000117 _____ () C:\Windows\system32\netcfg-151624203.txt
2015-02-10 00:56 - 2015-02-10 06:30 - 00000117 _____ () C:\Windows\system32\netcfg-131554000.txt
2015-02-09 22:16 - 2015-02-09 22:16 - 00000117 _____ () C:\Windows\system32\netcfg-121986921.txt
2015-02-09 21:47 - 2015-02-09 21:47 - 00000117 _____ () C:\Windows\system32\netcfg-120215281.txt
2015-02-09 12:32 - 2015-02-09 12:32 - 00000117 _____ () C:\Windows\system32\netcfg-86952234.txt
2015-02-09 11:28 - 2015-02-09 11:28 - 00000117 _____ () C:\Windows\system32\netcfg-83104671.txt
2015-02-09 08:28 - 2015-02-09 11:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-09 07:44 - 2015-02-09 07:44 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-09 07:44 - 2015-02-09 07:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-09 07:43 - 2015-02-09 07:43 - 16466552 _____ (Malwarebytes Corp.) C:\Users\shaun_000\Desktop\mbar-1.08.3.1004.exe
2015-02-09 07:42 - 2015-02-09 07:42 - 15431256 _____ () C:\Users\shaun_000\Desktop\RogueKiller.exe
2015-02-09 05:41 - 2015-02-09 05:41 - 00000117 _____ () C:\Windows\system32\netcfg-62257937.txt
2015-02-08 20:24 - 2015-02-08 20:24 - 00000117 _____ () C:\Windows\system32\netcfg-28887062.txt
2015-02-08 20:13 - 2015-02-08 20:13 - 00000117 _____ () C:\Windows\system32\netcfg-28178953.txt
2015-02-08 20:12 - 2015-02-08 20:12 - 00000117 _____ () C:\Windows\system32\netcfg-28147140.txt
2015-02-08 16:03 - 2015-02-08 16:03 - 00000000 ____D () C:\Users\shaun_000\AppData\Local\Apple Computer
2015-02-08 15:59 - 2015-02-08 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-08 15:58 - 2015-02-08 15:59 - 00000000 ____D () C:\Users\shaun_000\AppData\Roaming\DVDVideoSoft
2015-02-08 15:58 - 2015-02-08 15:59 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-08 15:25 - 2015-02-08 15:25 - 00000117 _____ () C:\Windows\system32\netcfg-10930640.txt
2015-02-08 15:25 - 2015-02-08 15:25 - 00000117 _____ () C:\Windows\system32\netcfg-10929890.txt
2015-02-08 12:28 - 2015-02-08 12:28 - 00688992 _____ (Swearware) C:\Users\shaun_000\Downloads\dds.com
2015-02-08 11:40 - 2015-02-09 11:24 - 00000000 ____D () C:\Users\shaun_000\Desktop\BBS
2015-02-08 08:32 - 2015-02-08 08:32 - 00001271 _____ () C:\Users\asw19_000\Desktop\Revo Uninstaller.lnk
2015-02-08 06:30 - 2015-02-08 06:30 - 00000117 _____ () C:\Windows\system32\netcfg-146515437.txt
2015-02-07 22:03 - 2015-02-07 22:03 - 00000117 _____ () C:\Windows\system32\netcfg-116126640.txt
2015-02-07 21:10 - 2015-02-07 21:10 - 00000117 _____ () C:\Windows\system32\netcfg-112951265.txt
2015-02-07 21:10 - 2015-02-07 21:10 - 00000117 _____ () C:\Windows\system32\netcfg-112950828.txt
2015-02-07 13:46 - 2015-02-08 08:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-07 06:36 - 2015-02-07 06:36 - 00000117 _____ () C:\Windows\system32\netcfg-60505796.txt
2015-02-06 22:52 - 2015-02-06 22:52 - 00000117 _____ () C:\Windows\system32\netcfg-32638968.txt
2015-02-06 21:28 - 2015-02-06 21:28 - 00000117 _____ () C:\Windows\system32\netcfg-27646578.txt
2015-02-06 20:53 - 2015-02-06 20:53 - 00000117 _____ () C:\Windows\system32\netcfg-25523218.txt
2015-02-06 16:08 - 2015-02-06 16:08 - 00000794 _____ () C:\Users\asw19_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mbam-setup-2.0.4.1028 (1).lnk
2015-02-06 14:08 - 2015-02-06 14:08 - 06835224 _____ (SparkTrust) C:\Users\asw19_000\Downloads\SparkTrust PC Cleaner Plus Setup_eed7374_.exe
2015-02-06 13:56 - 2015-02-06 14:01 - 00004116 _____ () C:\Users\asw19_000\Downloads\software_removal_tool.log
2015-02-06 07:52 - 2015-02-06 07:52 - 01003990 _____ () C:\Users\asw19_000\Downloads\installer_adobe_flash_player_English.exe
2015-02-06 04:48 - 2015-02-06 04:48 - 00000117 _____ () C:\Windows\system32\netcfg-409987984.txt
2015-02-05 23:27 - 2015-02-06 04:48 - 00000117 _____ () C:\Windows\system32\netcfg-390751625.txt
2015-02-05 16:07 - 2012-07-26 05:26 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150205-160758.backup
2015-02-05 15:48 - 2015-02-05 16:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-05 15:48 - 2015-02-05 15:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-02-05 15:48 - 2015-02-05 15:48 - 00001265 _____ () C:\Users\shaun_000\Desktop\Spybot - Search & Destroy.lnk
2015-02-05 15:48 - 2015-02-05 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-02-05 15:47 - 2015-02-05 15:47 - 16409960 _____ (Safer Networking Limited ) C:\Users\shaun_000\Downloads\spybotsd162.exe
2015-02-05 10:19 - 2015-02-09 08:28 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 10:19 - 2015-02-09 08:27 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-05 10:19 - 2015-02-05 10:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\asw19_000\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-05 10:19 - 2015-02-05 10:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\asw19_000\Desktop\mbam-setup-2.0.4.1028 (1).exe
2015-02-05 10:19 - 2015-02-05 10:19 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-05 10:19 - 2015-02-05 10:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-05 10:19 - 2015-02-05 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-05 10:19 - 2015-02-05 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-05 10:19 - 2015-02-05 10:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-05 09:20 - 2015-02-05 09:20 - 00000117 _____ () C:\Windows\system32\netcfg-339951000.txt
2015-02-05 09:20 - 2015-02-05 09:20 - 00000117 _____ () C:\Windows\system32\netcfg-339950593.txt
2015-02-05 06:04 - 2015-02-08 16:03 - 00000000 ____D () C:\Users\shaun_000\Desktop\I 10
2015-02-05 04:53 - 2015-02-05 04:53 - 00000117 _____ () C:\Windows\system32\netcfg-323879609.txt
2015-02-05 04:53 - 2015-02-05 04:53 - 00000117 _____ () C:\Windows\system32\netcfg-323879546.txt
2015-02-04 23:59 - 2015-02-04 23:59 - 00000939 _____ () C:\Users\liamw_000\Desktop\Guitar Pro 5.lnk
2015-02-04 23:59 - 2015-02-04 23:59 - 00000939 _____ () C:\Users\caitl_000\Desktop\Guitar Pro 5.lnk
2015-02-04 23:59 - 2015-02-04 23:59 - 00000939 _____ () C:\Users\Administrator\Desktop\Guitar Pro 5.lnk
2015-02-04 23:59 - 2015-02-04 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5
2015-02-04 23:59 - 2015-02-04 23:59 - 00000000 ____D () C:\Program Files (x86)\Guitar Pro 5
2015-02-04 23:58 - 2015-02-15 06:23 - 00000000 ____D () C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce
2015-02-04 23:52 - 2015-02-04 23:52 - 00000000 ____D () C:\Users\keyra_000\AppData\Roaming\Guitar Pro 6
2015-02-04 23:52 - 2015-02-04 23:52 - 00000000 ____D () C:\ProgramData\Guitar Pro 6
2015-02-04 23:48 - 2015-02-04 23:55 - 00000000 ____D () C:\Program Files (x86)\Guitar Pro 6
2015-02-04 21:15 - 2015-02-04 21:15 - 00000117 _____ () C:\Windows\system32\netcfg-296413312.txt
2015-02-04 19:50 - 2015-02-04 19:50 - 00000117 _____ () C:\Windows\system32\netcfg-291344046.txt
2015-02-04 12:07 - 2015-02-04 12:07 - 00000117 _____ () C:\Windows\system32\netcfg-263567625.txt
2015-02-04 12:07 - 2015-02-04 12:07 - 00000117 _____ () C:\Windows\system32\netcfg-263566968.txt
2015-02-04 06:06 - 2015-02-15 13:24 - 00186436 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-02-04 06:06 - 2015-02-04 06:06 - 00003028 _____ () C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2015-02-04 05:03 - 2015-02-04 05:03 - 00000117 _____ () C:\Windows\system32\netcfg-238085000.txt
2015-02-03 18:59 - 2015-02-03 18:59 - 00000117 _____ () C:\Windows\system32\netcfg-201858687.txt
2015-02-03 04:50 - 2015-02-03 04:50 - 00000117 _____ () C:\Windows\system32\netcfg-150906656.txt
2015-02-03 00:17 - 2015-02-03 00:17 - 00000117 _____ () C:\Windows\system32\netcfg-134539546.txt
2015-02-02 22:17 - 2015-02-02 22:17 - 00000117 _____ () C:\Windows\system32\netcfg-127328562.txt
2015-02-02 19:34 - 2015-02-02 19:34 - 00000117 _____ () C:\Windows\system32\netcfg-117593265.txt
2015-02-02 17:48 - 2015-02-02 17:48 - 00000000 ____D () C:\Users\shaun_000\AppData\Roaming\Unity
2015-02-02 05:03 - 2015-02-02 05:03 - 00000117 _____ () C:\Windows\system32\netcfg-65326671.txt
2015-02-02 05:03 - 2015-02-02 05:03 - 00000117 _____ () C:\Windows\system32\netcfg-65326046.txt
2015-02-01 22:01 - 2015-02-14 20:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-01 22:01 - 2015-02-01 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-01 14:43 - 2015-02-01 14:43 - 00000117 _____ () C:\Windows\system32\netcfg-13719000.txt
2015-02-01 13:08 - 2015-02-01 14:43 - 00000117 _____ () C:\Windows\system32\netcfg-8036812.txt
2015-02-01 10:14 - 2015-02-01 10:14 - 02194432 _____ () C:\Users\shaun_000\Downloads\adwcleaner_4.109.exe
2015-02-01 06:50 - 2015-02-01 06:50 - 00000117 _____ () C:\Windows\system32\netcfg-85381453.txt
2015-01-31 19:53 - 2015-01-31 19:53 - 00000117 _____ () C:\Windows\system32\netcfg-45963875.txt
2015-01-31 07:07 - 2015-01-31 07:07 - 434304800 _____ () C:\Windows\MEMORY.DMP
2015-01-31 07:07 - 2015-01-31 07:07 - 00280608 _____ () C:\Windows\Minidump\013115-25765-01.dmp
2015-01-31 07:07 - 2015-01-31 07:07 - 00000000 ____D () C:\Windows\Minidump
2015-01-31 07:03 - 2015-01-31 07:03 - 00000117 _____ () C:\Windows\system32\netcfg-148960093.txt
2015-01-30 23:05 - 2015-01-30 23:05 - 00000117 _____ () C:\Windows\system32\netcfg-120303031.txt
2015-01-30 22:26 - 2015-01-30 22:26 - 00000117 _____ () C:\Windows\system32\netcfg-117939859.txt
2015-01-30 20:19 - 2015-01-30 20:19 - 00000117 _____ () C:\Windows\system32\netcfg-110332796.txt
2015-01-30 20:11 - 2015-01-30 20:11 - 00000117 _____ () C:\Windows\system32\netcfg-109836968.txt
2015-01-30 20:03 - 2015-01-30 20:03 - 00000117 _____ () C:\Windows\system32\netcfg-109349875.txt
2015-01-30 04:52 - 2015-01-30 04:52 - 00000117 _____ () C:\Windows\system32\netcfg-54695859.txt
2015-01-30 04:52 - 2015-01-30 04:52 - 00000117 _____ () C:\Windows\system32\netcfg-54694906.txt
2015-01-30 00:21 - 2015-01-30 00:21 - 00000000 ____D () C:\Users\keyra_000\Documents\Any Video Converter Ultimate
2015-01-30 00:20 - 2015-01-30 00:30 - 00000000 ____D () C:\Users\keyra_000\AppData\Roaming\Anvsoft
2015-01-30 00:20 - 2015-01-30 00:20 - 00000000 ____D () C:\Program Files (x86)\Anvsoft
2015-01-29 23:44 - 2015-01-29 23:44 - 00000000 ____D () C:\Users\keyra_000\AppData\Roaming\WinRAR
2015-01-29 23:44 - 2015-01-29 23:44 - 00000000 ____D () C:\Users\keyra_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-29 23:44 - 2015-01-29 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-29 23:44 - 2015-01-29 23:44 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-01-29 12:51 - 2015-02-15 13:26 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-01-29 12:51 - 2015-01-29 12:52 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2015-01-29 12:51 - 2015-01-29 12:51 - 00000167 _____ () C:\Windows\system32\netcfg-195584406.txt
2015-01-29 12:51 - 2015-01-29 12:51 - 00000117 _____ () C:\Windows\system32\netcfg-195584953.txt
2015-01-29 12:51 - 2015-01-29 12:51 - 00000117 _____ () C:\Windows\system32\netcfg-195584921.txt
2015-01-29 12:51 - 2015-01-29 12:51 - 00000000 ____D () C:\ProgramData\Shared Space
2015-01-29 12:50 - 2015-02-01 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-01-29 12:50 - 2015-01-29 12:51 - 00000000 ____D () C:\Program Files\COMODO
2015-01-29 12:50 - 2015-01-29 12:50 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2015-01-29 12:50 - 2015-01-29 12:50 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2015-01-29 12:50 - 2015-01-29 12:50 - 00000000 ____D () C:\Users\shaun_000\AppData\Local\Comodo
2015-01-29 12:49 - 2015-01-29 12:51 - 00000000 ____D () C:\ProgramData\Comodo
2015-01-29 12:49 - 2015-01-29 12:49 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-01-29 12:49 - 2015-01-29 12:49 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-01-29 08:46 - 2015-01-29 08:46 - 00000000 ____D () C:\Users\asw19_000\AppData\Local\Apple
2015-01-29 06:40 - 2015-01-29 06:40 - 00000117 _____ () C:\Windows\system32\netcfg-173298921.txt
2015-01-29 01:18 - 2015-01-29 01:18 - 00000117 _____ () C:\Windows\system32\netcfg-153994890.txt
2015-01-28 21:48 - 2015-01-28 21:48 - 00000117 _____ () C:\Windows\system32\netcfg-141407937.txt

sean · 2015/02/15

2015-01-28 20:08 - 2015-01-28 20:08 - 00000117 _____ () C:\Windows\system32\netcfg-135382531.txt
2015-01-28 11:54 - 2015-01-28 11:54 - 00000117 _____ () C:\Windows\system32\netcfg-105768859.txt
2015-01-28 10:35 - 2015-01-28 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-101026203.txt
2015-01-28 09:56 - 2015-01-28 09:56 - 00000117 _____ () C:\Windows\system32\netcfg-98660078.txt
2015-01-28 09:10 - 2015-01-28 09:10 - 00000117 _____ () C:\Windows\system32\netcfg-95887265.txt
2015-01-28 04:51 - 2015-01-28 04:51 - 00000117 _____ () C:\Windows\system32\netcfg-80347031.txt
2015-01-28 04:51 - 2015-01-28 04:51 - 00000117 _____ () C:\Windows\system32\netcfg-80345265.txt
2015-01-27 08:39 - 2015-01-27 08:39 - 00001887 _____ () C:\Users\asw19_000\Desktop\Canon MG3100 series - Shortcut.lnk
2015-01-27 06:11 - 2015-01-27 06:11 - 00001887 _____ () C:\Users\shaun_000\Desktop\Canon MG3100 series - Shortcut.lnk
2015-01-27 06:02 - 2015-01-27 06:02 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-01-27 06:02 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAR.DLL
2015-01-27 06:01 - 2011-04-27 11:00 - 00323584 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_ARL.dll
2015-01-27 06:01 - 2011-03-31 10:07 - 00114688 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_ARU.dll
2015-01-27 06:01 - 2011-03-31 10:06 - 00112128 _____ (CANON INC.) C:\Windows\system32\CNC_ARI.dll
2015-01-27 06:01 - 2010-11-29 09:17 - 00063744 _____ () C:\Windows\SysWOW64\CNC1752D.TBL
2015-01-27 06:01 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2015-01-27 06:01 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2015-01-27 04:46 - 2015-01-27 04:46 - 00000117 _____ () C:\Windows\system32\netcfg-120808968.txt
2015-01-27 04:46 - 2015-01-27 04:46 - 00000117 _____ () C:\Windows\system32\netcfg-120808140.txt
2015-01-26 17:39 - 2015-01-26 17:39 - 00000000 ____D () C:\Program Files (x86)\THQ
2015-01-26 12:09 - 2015-02-07 21:16 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-255547870-3018188362-2244270488-1006
2015-01-26 12:03 - 2015-01-26 12:03 - 00000000 ____D () C:\Users\caitl_000\AppData\Roaming\Apple Computer
2015-01-26 12:02 - 2015-01-26 12:02 - 00043336 _____ () C:\Users\caitl_000\Desktop\Removed Apps.html
2015-01-26 12:02 - 2015-01-26 12:02 - 00000000 ____D () C:\Users\caitl_000\AppData\Local\VirtualStore
2015-01-26 07:26 - 2015-01-26 07:26 - 00000000 ____D () C:\Users\asw19_000\AppData\Roaming\Apple Computer
2015-01-26 07:05 - 2015-02-09 22:22 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-255547870-3018188362-2244270488-1005
2015-01-26 07:00 - 2015-01-26 07:00 - 00000000 ____D () C:\Users\liamw_000\AppData\Roaming\Apple Computer
2015-01-26 06:59 - 2015-01-26 07:00 - 00002262 _____ () C:\Users\liamw_000\Desktop\Google Chrome.lnk
2015-01-26 06:59 - 2015-01-26 06:59 - 00044048 _____ () C:\Users\liamw_000\Desktop\Removed Apps.html
2015-01-26 06:59 - 2015-01-26 06:59 - 00000000 ____D () C:\Users\liamw_000\AppData\Local\VirtualStore
2015-01-26 04:49 - 2015-02-08 16:03 - 00000000 ____D () C:\Users\shaun_000\AppData\Roaming\Apple Computer
2015-01-26 04:48 - 2015-01-26 04:48 - 00000117 _____ () C:\Windows\system32\netcfg-34547890.txt
2015-01-26 04:48 - 2015-01-26 04:48 - 00000117 _____ () C:\Windows\system32\netcfg-34547515.txt
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\ProgramData\Last.fm
2015-01-25 20:20 - 2015-02-12 01:10 - 00000000 ____D () C:\Users\keyra_000\AppData\Local\Last.fm
2015-01-25 20:20 - 2015-01-25 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
2015-01-25 20:20 - 2015-01-25 20:20 - 00000000 ____D () C:\Program Files (x86)\Last.fm
2015-01-25 20:16 - 2015-01-26 22:07 - 00000000 ____D () C:\Users\keyra_000\AppData\Roaming\Apple Computer
2015-01-25 20:16 - 2015-01-25 20:16 - 00000000 ____D () C:\Users\keyra_000\AppData\Local\Apple Computer
2015-01-25 20:16 - 2015-01-25 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-25 20:16 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-25 20:15 - 2015-01-25 21:31 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-25 20:15 - 2015-01-25 20:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-25 20:15 - 2015-01-25 20:16 - 00000000 ____D () C:\Program Files\iTunes
2015-01-25 20:15 - 2015-01-25 20:15 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-25 20:15 - 2015-01-25 20:15 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-01-25 20:15 - 2015-01-25 20:15 - 00000000 ____D () C:\Users\keyra_000\AppData\Local\Apple
2015-01-25 20:15 - 2015-01-25 20:15 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-25 20:15 - 2015-01-25 20:15 - 00000000 ____D () C:\Program Files\iPod
2015-01-25 20:15 - 2015-01-25 20:15 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-25 20:14 - 2015-01-25 20:15 - 00000000 ____D () C:\ProgramData\Apple
2015-01-25 20:14 - 2015-01-25 20:15 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-25 20:14 - 2015-01-25 20:14 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-25 20:14 - 2015-01-25 20:14 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-01-25 20:08 - 2015-02-05 22:48 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-255547870-3018188362-2244270488-1004
2015-01-25 20:02 - 2015-01-25 20:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-01-25 20:02 - 2015-01-25 20:02 - 00000000 ____D () C:\Users\keyra_000\AppData\Local\VirtualStore
2015-01-25 19:35 - 2015-01-25 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra Entertainment
2015-01-25 19:35 - 2015-01-25 19:35 - 00000000 ____D () C:\Program Files (x86)\Sierra Entertainment
2015-01-25 19:35 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-25 19:35 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-01-25 19:35 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-25 19:35 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-01-25 19:35 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-25 19:35 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-01-25 19:35 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-25 19:35 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-01-25 19:35 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-25 19:35 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-01-25 19:35 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-25 19:35 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-01-25 19:35 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-25 19:35 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-01-25 19:35 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-01-25 19:35 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-25 19:35 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-01-25 19:35 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-01-25 19:35 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-25 19:35 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-01-25 19:33 - 2015-01-25 19:33 - 00000000 ____D () C:\Users\shaun_000\AppData\Roaming\InstallShield
2015-01-25 19:15 - 2015-01-25 19:29 - 00004096 _____ () C:\Users\Public\Documents\00000643.LCS
2015-01-25 19:11 - 2015-01-25 19:11 - 00276480 _____ (Protect Software GmbH) C:\Windows\system32\Drivers\acedrv10.sys
2015-01-25 19:11 - 2015-01-25 19:11 - 00246360 _____ (Protect Software GmbH) C:\Windows\system32\Drivers\acehlp10.sys
2015-01-25 19:11 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-25 19:11 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-01-25 19:11 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-01-25 19:11 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-25 19:11 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-25 19:11 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-25 19:11 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-01-25 19:11 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-01-25 19:11 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-01-25 19:11 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-25 19:11 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-25 19:11 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-01-25 19:11 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-25 19:11 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-01-25 19:11 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-25 19:11 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-01-25 19:11 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-25 19:11 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-01-25 19:11 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-25 19:11 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-01-25 19:11 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-25 19:11 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-01-25 19:11 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-25 19:11 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-01-25 19:11 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-25 19:11 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-01-25 19:11 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-25 19:11 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-01-25 19:11 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-25 19:11 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-01-25 19:11 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-25 19:11 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-01-25 16:26 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-25 16:26 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-01-25 16:26 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-25 16:26 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-01-25 16:25 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-25 16:25 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-01-25 16:14 - 2015-01-25 16:14 - 00000000 ____D () C:\Program Files\Flagship Studios
2015-01-25 16:09 - 2015-01-25 16:09 - 00000291 _____ () C:\Users\shaun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer.lnk
2015-01-25 15:49 - 2015-01-25 15:49 - 00000117 _____ () C:\Windows\system32\netcfg-9320500.txt
2015-01-25 15:49 - 2015-01-25 15:49 - 00000117 _____ () C:\Windows\system32\netcfg-9320406.txt
2015-01-25 13:11 - 2015-02-11 22:32 - 00382082 _____ () C:\Windows\DirectX.log
2015-01-25 13:10 - 2015-01-25 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WWII Tank Commander
2015-01-25 13:10 - 2015-01-25 13:10 - 00000000 ____D () C:\Program Files (x86)\Merscom
2015-01-25 12:07 - 2015-01-25 12:07 - 00000000 ____D () C:\Users\asw19_000\AppData\Roaming\Google
2015-01-25 08:11 - 2015-02-04 12:19 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d037fb6c5a68b1
2015-01-25 07:59 - 2015-02-13 10:20 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-255547870-3018188362-2244270488-1003
2015-01-25 07:54 - 2015-01-25 07:54 - 00043336 _____ () C:\Users\asw19_000\Desktop\Removed Apps.html
2015-01-25 07:53 - 2015-01-25 07:53 - 00000000 ____D () C:\Users\asw19_000\AppData\Local\VirtualStore
2015-01-25 06:27 - 2015-01-25 06:27 - 00000117 _____ () C:\Windows\system32\netcfg-40164859.txt
2015-01-25 06:27 - 2015-01-25 06:27 - 00000117 _____ () C:\Windows\system32\netcfg-40164500.txt
2015-01-25 01:27 - 2015-01-25 14:42 - 00000000 ____D () C:\Windows.old
2015-01-25 01:27 - 2015-01-25 01:27 - 00262144 _____ () C:\Windows\system32\config\userdiff
2015-01-25 01:07 - 2015-01-25 10:22 - 00000000 ____D () C:\$SysReset
2015-01-24 19:32 - 2015-01-24 19:32 - 01080608 _____ (Unity Technologies ApS) C:\Users\shaun_000\Downloads\UnityWebPlayer (2).exe
2015-01-24 19:32 - 2015-01-24 19:32 - 00000000 ____D () C:\Users\shaun_000\AppData\Local\Unity
2015-01-24 19:09 - 2014-05-20 02:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-24 19:09 - 2014-05-19 23:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-24 19:09 - 2014-05-19 23:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-24 19:09 - 2014-05-19 23:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-24 19:09 - 2014-05-19 23:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-24 19:09 - 2014-05-19 23:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-24 19:09 - 2014-05-19 23:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-01-24 19:09 - 2014-05-19 23:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-01-24 19:09 - 2014-05-19 23:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-24 19:09 - 2014-05-14 22:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-24 19:09 - 2014-05-14 22:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-24 19:09 - 2014-05-14 22:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-24 19:09 - 2014-05-14 22:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-24 19:09 - 2013-08-16 05:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-24 19:09 - 2013-08-16 05:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-24 19:09 - 2013-08-15 22:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-01-24 19:09 - 2012-11-06 04:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-01-24 19:09 - 2012-11-06 04:00 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wushareduxresources.dll
2015-01-24 17:54 - 2015-01-26 12:06 - 00000376 _____ () C:\Windows\ODBC.INI
2015-01-24 17:54 - 2015-01-24 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-24 17:53 - 2015-01-24 17:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft ActiveSync
2015-01-24 17:52 - 2015-02-02 05:39 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-255547870-3018188362-2244270488-1002
2015-01-24 17:52 - 2015-01-24 17:52 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-24 17:44 - 2015-01-24 17:44 - 00001810 _____ () C:\Windows\system32\RaCoInst.log
2015-01-24 17:44 - 2015-01-24 17:44 - 00000260 _____ () C:\Windows\system32\netcfg-859968.txt
2015-01-24 17:39 - 2015-01-25 13:45 - 00000000 ____D () C:\Users\shaun_000\AppData\Local\VirtualStore
2015-01-24 17:36 - 2015-02-15 13:27 - 01078827 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 17:35 - 2015-01-24 17:35 - 00012961 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2015-01-24 17:33 - 2015-02-07 21:11 - 00067272 _____ () C:\Users\caitl_000\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 17:33 - 2015-02-06 07:06 - 00067272 _____ () C:\Users\liamw_000\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 17:33 - 2015-02-05 20:25 - 00067272 _____ () C:\Users\keyra_000\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 17:33 - 2015-01-29 20:20 - 00000000 ____D () C:\Users\keyra_000\AppData\Roaming\Adobe
2015-01-24 17:33 - 2015-01-29 20:20 - 00000000 ____D () C:\Users\keyra_000\AppData\Local\Adobe
2015-01-24 17:33 - 2015-01-26 17:39 - 00000000 ____D () C:\Users\liamw_000
2015-01-24 17:33 - 2015-01-26 17:39 - 00000000 ____D () C:\Users\keyra_000
2015-01-24 17:33 - 2015-01-26 12:09 - 00000000 ____D () C:\Users\caitl_000
2015-01-24 17:33 - 2015-01-26 12:02 - 00000000 ____D () C:\Users\caitl_000\AppData\Local\Packages
2015-01-24 17:33 - 2015-01-26 12:02 - 00000000 ____D () C:\Users\caitl_000\AppData\Local\Google
2015-01-24 17:33 - 2015-01-26 06:59 - 00000000 ____D () C:\Users\liamw_000\AppData\Local\Packages
2015-01-24 17:33 - 2015-01-26 06:59 - 00000000 ____D () C:\Users\liamw_000\AppData\Local\Google
2015-01-24 17:33 - 2015-01-25 20:03 - 00000000 ____D () C:\Users\keyra_000\AppData\Local\Packages
2015-01-24 17:33 - 2015-01-25 20:03 - 00000000 ____D () C:\Users\keyra_000\AppData\Local\Google
2015-01-24 17:33 - 2012-08-23 10:04 - 00000000 ____D () C:\Users\liamw_000\AppData\Roaming\Macromedia
2015-01-24 17:33 - 2012-08-23 10:04 - 00000000 ____D () C:\Users\liamw_000\AppData\Local\Adobe
2015-01-24 17:33 - 2012-08-23 10:04 - 00000000 ____D () C:\Users\keyra_000\AppData\Roaming\Macromedia
2015-01-24 17:33 - 2012-08-23 10:04 - 00000000 ____D () C:\Users\caitl_000\AppData\Roaming\Macromedia
2015-01-24 17:33 - 2012-08-23 10:04 - 00000000 ____D () C:\Users\caitl_000\AppData\Local\Adobe
2015-01-24 17:33 - 2012-08-23 09:58 - 00000000 ____D () C:\Users\liamw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Led Indicator Keyboard Driver
2015-01-24 17:33 - 2012-08-23 09:58 - 00000000 ____D () C:\Users\keyra_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Led Indicator Keyboard Driver
2015-01-24 17:33 - 2012-08-23 09:58 - 00000000 ____D () C:\Users\caitl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Led Indicator Keyboard Driver
2015-01-24 17:33 - 2012-08-23 09:51 - 00000000 ____D () C:\Users\liamw_000\AppData\Roaming\ATI
2015-01-24 17:33 - 2012-08-23 09:51 - 00000000 ____D () C:\Users\liamw_000\AppData\Local\ATI
2015-01-24 17:33 - 2012-08-23 09:51 - 00000000 ____D () C:\Users\keyra_000\AppData\Roaming\ATI
2015-01-24 17:33 - 2012-08-23 09:51 - 00000000 ____D () C:\Users\keyra_000\AppData\Local\ATI
2015-01-24 17:33 - 2012-08-23 09:51 - 00000000 ____D () C:\Users\caitl_000\AppData\Roaming\ATI
2015-01-24 17:33 - 2012-08-23 09:51 - 00000000 ____D () C:\Users\caitl_000\AppData\Local\ATI
2015-01-24 17:33 - 2012-08-01 08:01 - 00001430 _____ () C:\Users\liamw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 17:33 - 2012-08-01 08:01 - 00001430 _____ () C:\Users\keyra_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 17:33 - 2012-08-01 08:01 - 00001430 _____ () C:\Users\caitl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 17:33 - 2012-08-01 08:01 - 00000020 ___SH () C:\Users\liamw_000\ntuser.ini
2015-01-24 17:33 - 2012-08-01 08:01 - 00000020 ___SH () C:\Users\keyra_000\ntuser.ini
2015-01-24 17:33 - 2012-08-01 08:01 - 00000020 ___SH () C:\Users\caitl_000\ntuser.ini
2015-01-24 17:33 - 2012-08-01 08:01 - 00000000 ____D () C:\Users\liamw_000\AppData\Roaming\Adobe
2015-01-24 17:33 - 2012-08-01 08:01 - 00000000 ____D () C:\Users\caitl_000\AppData\Roaming\Adobe
2015-01-24 17:33 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\liamw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-24 17:33 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\liamw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-24 17:33 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\liamw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-24 17:33 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\keyra_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-24 17:33 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\keyra_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-24 17:33 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\keyra_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-24 17:33 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\caitl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-24 17:33 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\caitl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-24 17:33 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\caitl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-24 17:33 - 2012-07-26 08:13 - 00000000 ____D () C:\Users\liamw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-24 17:33 - 2012-07-26 08:13 - 00000000 ____D () C:\Users\keyra_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-24 17:33 - 2012-07-26 08:13 - 00000000 ____D () C:\Users\caitl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-24 17:32 - 2015-02-05 08:38 - 00000000 ____D () C:\Users\asw19_000\AppData\Roaming\Adobe
2015-01-24 17:32 - 2015-02-05 08:38 - 00000000 ____D () C:\Users\asw19_000\AppData\Local\Adobe
2015-01-24 17:32 - 2015-02-05 07:49 - 00067272 _____ () C:\Users\asw19_000\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 17:32 - 2015-02-05 04:53 - 00067272 _____ () C:\Users\shaun_000\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 17:32 - 2015-02-04 05:15 - 00000000 ____D () C:\Users\shaun_000\AppData\Roaming\Adobe
2015-01-24 17:32 - 2015-02-04 05:15 - 00000000 ____D () C:\Users\shaun_000\AppData\Local\Adobe
2015-01-24 17:32 - 2015-02-01 17:13 - 00000000 ____D () C:\Users\shaun_000\AppData\Local\Google
2015-01-24 17:32 - 2015-01-26 14:46 - 00000000 ____D () C:\Users\asw19_000
2015-01-24 17:32 - 2015-01-25 12:07 - 00000000 ____D () C:\Users\asw19_000\AppData\Local\Google
2015-01-24 17:32 - 2015-01-25 07:53 - 00000000 ____D () C:\Users\asw19_000\AppData\Local\Packages
2015-01-24 17:32 - 2015-01-24 18:33 - 00000000 ____D () C:\Users\shaun_000
2015-01-24 17:32 - 2015-01-24 17:41 - 00000000 ____D () C:\Users\shaun_000\AppData\Local\Packages
2015-01-24 17:32 - 2015-01-24 17:34 - 00032388 _____ () C:\Windows\diagwrn.xml
2015-01-24 17:32 - 2015-01-24 17:34 - 00032388 _____ () C:\Windows\diagerr.xml
2015-01-24 17:32 - 2015-01-24 17:32 - 00000117 _____ () C:\Windows\system32\netcfg-117296.txt
2015-01-24 17:32 - 2015-01-24 17:32 - 00000117 _____ () C:\Windows\system32\netcfg-109578.txt
2015-01-24 17:32 - 2012-08-23 10:04 - 00000000 ____D () C:\Users\shaun_000\AppData\Roaming\Macromedia
2015-01-24 17:32 - 2012-08-23 10:04 - 00000000 ____D () C:\Users\asw19_000\AppData\Roaming\Macromedia
2015-01-24 17:32 - 2012-08-23 09:58 - 00000000 ____D () C:\Users\shaun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Led Indicator Keyboard Driver
2015-01-24 17:32 - 2012-08-23 09:58 - 00000000 ____D () C:\Users\asw19_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Led Indicator Keyboard Driver
2015-01-24 17:32 - 2012-08-23 09:51 - 00000000 ____D () C:\Users\shaun_000\AppData\Roaming\ATI
2015-01-24 17:32 - 2012-08-23 09:51 - 00000000 ____D () C:\Users\shaun_000\AppData\Local\ATI
2015-01-24 17:32 - 2012-08-23 09:51 - 00000000 ____D () C:\Users\asw19_000\AppData\Roaming\ATI
2015-01-24 17:32 - 2012-08-23 09:51 - 00000000 ____D () C:\Users\asw19_000\AppData\Local\ATI
2015-01-24 17:32 - 2012-08-01 08:01 - 00001430 _____ () C:\Users\shaun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 17:32 - 2012-08-01 08:01 - 00001430 _____ () C:\Users\asw19_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 17:32 - 2012-08-01 08:01 - 00000020 ___SH () C:\Users\shaun_000\ntuser.ini
2015-01-24 17:32 - 2012-08-01 08:01 - 00000020 ___SH () C:\Users\asw19_000\ntuser.ini
2015-01-24 17:32 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\shaun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-24 17:32 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\shaun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-24 17:32 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\shaun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-24 17:32 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\asw19_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-24 17:32 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\asw19_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-24 17:32 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\asw19_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-24 17:32 - 2012-07-26 08:13 - 00000000 ____D () C:\Users\shaun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-24 17:32 - 2012-07-26 08:13 - 00000000 ____D () C:\Users\asw19_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-24 17:30 - 2015-02-15 13:25 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d037fb6c5a68b1.job
2015-01-24 17:30 - 2012-08-23 10:06 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-01-24 17:30 - 2012-08-23 10:04 - 00000000 ____D () C:\Users\Default\AppData\Local\Adobe
2015-01-24 17:30 - 2012-08-23 09:58 - 00061736 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 17:30 - 2012-08-23 09:58 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Led Indicator Keyboard Driver
2015-01-24 17:30 - 2012-08-23 09:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\ATI
2015-01-24 17:30 - 2012-08-23 09:51 - 00000000 ____D () C:\Users\Default\AppData\Local\ATI
2015-01-24 17:30 - 2012-08-01 08:01 - 00001430 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 17:30 - 2012-08-01 08:01 - 00000020 ___SH () C:\Users\Default\ntuser.ini
2015-01-24 17:30 - 2012-08-01 08:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-24 17:30 - 2012-08-01 08:01 - 00000000 ____D () C:\Users\Default\AppData\Local\Packages
2015-01-24 17:29 - 2015-01-24 17:29 - 06000640 _____ () C:\Program Files (x86)\GUTB189.tmp
2015-01-24 17:29 - 2015-01-24 17:29 - 00001140 _____ () C:\Windows\system32\netcfg-96500.txt
2015-01-24 17:29 - 2015-01-24 17:29 - 00001099 _____ () C:\Windows\system32\netcfg-82296.txt
2015-01-24 17:29 - 2015-01-24 17:29 - 00000000 ____D () C:\Program Files (x86)\GUMB0EC.tmp
2015-01-24 17:28 - 2015-01-24 17:28 - 00002308 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-255547870-3018188362-2244270488-500

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 13:25 - 2012-08-23 10:06 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 13:24 - 2012-08-23 10:06 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 13:21 - 2012-08-23 10:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 13:02 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\system32\sru
2015-02-15 12:57 - 2012-07-26 07:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 12:56 - 2013-10-12 18:08 - 00000000 ____D () C:\AdwCleaner
2015-02-15 09:03 - 2013-04-08 08:44 - 00000000 ___RD () C:\Users\asw19_000\Desktop\Betty's Folder
2015-02-13 10:56 - 2012-07-26 07:28 - 01123376 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-13 06:10 - 2013-04-08 10:57 - 00000000 ____D () C:\Users\shaun_000\Desktop\SEAN - EVERYTHING
2015-02-12 17:09 - 2012-07-26 05:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-12 17:08 - 2012-08-01 07:55 - 00054858 _____ () C:\Windows\PFRO.log
2015-02-12 16:54 - 2012-07-26 05:26 - 00000215 _____ () C:\Windows\system.ini
2015-02-11 13:11 - 2012-08-23 10:07 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-11 10:59 - 2012-07-26 07:21 - 00048978 _____ () C:\Windows\setupact.log
2015-02-10 00:10 - 2013-08-08 21:44 - 00000000 ____D () C:\Users\keyra_000\Desktop\Documents & Uni Work
2015-02-07 21:34 - 2013-05-06 08:35 - 00000000 ____D () C:\Users\caitl_000\Desktop\VERY RANDO,
2015-02-06 13:48 - 2012-08-23 10:07 - 00000000 ____D () C:\Program Files\Google
2015-02-06 13:48 - 2012-08-23 10:06 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-06 13:48 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\Cursors
2015-02-06 13:48 - 2012-07-26 07:19 - 00301072 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-05 08:41 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-02-04 12:19 - 2012-08-23 10:06 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-01 17:13 - 2012-08-23 10:06 - 00000000 ____D () C:\ProgramData\Google
2015-01-30 12:27 - 2014-12-09 00:20 - 00807568 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2015-01-30 12:27 - 2014-12-09 00:20 - 00481576 _____ (COMODO) C:\Windows\system32\guard64.dll
2015-01-30 12:27 - 2014-12-09 00:20 - 00386768 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2015-01-30 12:27 - 2014-12-09 00:20 - 00354520 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2015-01-30 12:27 - 2014-12-09 00:20 - 00286424 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2015-01-30 12:27 - 2014-12-09 00:20 - 00126208 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2015-01-30 12:27 - 2014-12-09 00:20 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2015-01-30 12:27 - 2014-12-09 00:20 - 00040736 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2015-01-30 12:27 - 2014-12-09 00:20 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2015-01-30 12:27 - 2014-12-09 00:20 - 00035080 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2015-01-30 12:27 - 2014-12-09 00:20 - 00020184 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2015-01-29 20:21 - 2012-08-23 10:07 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-28 15:50 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-01-28 09:59 - 2013-04-11 20:01 - 00002262 _____ () C:\Users\caitl_000\Desktop\Google Chrome.lnk
2015-01-27 06:01 - 2012-07-26 08:12 - 00000000 __RSD () C:\Windows\Media
2015-01-26 22:38 - 2014-08-18 20:51 - 00000000 ____D () C:\Users\keyra_000\Desktop\Band Stuff
2015-01-26 17:44 - 2013-04-13 14:05 - 00000000 ____D () C:\Users\shaun_000\Documents\My Games
2015-01-26 17:44 - 2012-07-26 08:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-26 05:00 - 2012-07-26 07:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-25 19:34 - 2012-08-23 09:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-25 14:43 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\rescache
2015-01-25 14:01 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-25 08:16 - 2012-08-23 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-25 01:27 - 2012-07-26 08:13 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2015-01-24 17:53 - 2012-07-26 07:52 - 00000000 ____D () C:\Windows\ShellNew
2015-01-24 17:52 - 2012-08-23 10:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-24 17:52 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\system32\restore
2015-01-24 17:51 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\System
2015-01-24 17:41 - 2012-08-23 10:04 - 00000000 ____D () C:\ProgramData\TTG
2015-01-24 17:39 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\WinStore
2015-01-24 17:38 - 2012-07-26 08:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-01-24 17:36 - 2012-08-01 16:55 - 00000000 ____D () C:\Windows\Panther
2015-01-24 17:36 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\system32\Recovery
2015-01-24 17:35 - 2012-07-26 05:37 - 00000000 __RHD () C:\Users\Default
2015-01-24 17:34 - 2012-07-26 08:12 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-24 17:30 - 2012-08-23 10:06 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 17:29 - 2012-07-26 08:13 - 00003608 _____ () C:\Windows\DtcInstall.log
2015-01-22 22:40 - 2013-05-29 02:18 - 00000000 ___RD () C:\Users\keyra_000\Dropbox
2015-01-16 23:08 - 2015-01-14 23:38 - 00000000 ____D () C:\Users\keyra_000\Desktop\Job Applications

==================== Files in the root of some directories =======

2015-01-24 17:29 - 2015-01-24 17:29 - 6000640 _____ () C:\Program Files (x86)\GUTB189.tmp

Some content of TEMP:
====================
C:\Users\shaun_000\AppData\Local\temp\Quarantine.exe
C:\Users\shaun_000\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-12 05:40

==================== End Of Log ============================

sean · 2015/02/15

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by shaun_000 at 2015-02-15 13:27:25
Running from C:\Users\shaun_000\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.3.300.270 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
COMODO Antivirus (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
Company of Heroes (HKLM-x32\...\{66F78C51-D108-4F0C-A93C-1CBE74CE338F}) (Version: 1.0.0.99 - THQ Inc.)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios)
F.E.A.R. Online (HKLM-x32\...\Steam App 223650) (Version: - InPlay Interactive)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guitar Pro 5.0 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Hellgate: London (HKLM\...\{A2B4455D-1046-4732-BFBC-0821BEFC07BC}) (Version: 1.10.180.3416 - Flagship Studios)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
KNOWHOW APP CENTRE (HKLM-x32\...\KNOWHOW APP CENTRE 38783) (Version: 3.6.1.38783.16 - KNOWHOW)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Led Indicator Keyboard Driver (HKLM-x32\...\Led Indicator Keyboard Driver) (Version: - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
ProtectDisc Helper Driver 10 (HKLM-x32\...\ProtectDisc Driver 10) (Version: 10.0.0.1 - )
Radioplayer (HKLM-x32\...\com.radioplayer.launcher.radioplayerlauncher) (Version: 1.0.294 - UK Radioplayer Ltd)
Radioplayer (x32 Version: 1.0.294 - UK Radioplayer Ltd) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skypeâ„¢ 5.8 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.8.158 - Skype Technologies S.A.)
Spartans Vs Zombies Defense (HKLM-x32\...\Steam App 340460) (Version: - YFC games)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.72.g9aaf3271 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TimeShift (HKLM-x32\...\{1367FA2F-2B3D-430F-872F-588B93420BFC}) (Version: 1.00.000 - Sierra Entertainment)
Unity Web Player (HKU\S-1-5-21-255547870-3018188362-2244270488-1002\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WWII Tank Commander (HKLM-x32\...\{691A8EAE-2985-4183-B3BE-468DC564498E}) (Version: 1.00.000 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

04-02-2015 23:49:34 Installed Microsoft Visual C++ 2005 Redistributable
07-02-2015 13:47:19 Revo Uninstaller's restore point - Strong Signal
11-02-2015 22:30:16 Installed DirectX

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 05:26 - 2015-02-12 16:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1BA9C8D1-85E4-40D0-A0C4-E64243F0128F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-03] (COMODO)
Task: {34169188-5409-44DB-8A91-25146D71409F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-02-03] (COMODO)
Task: {38F1ABB9-0698-41E7-92C3-09EE8A8F4DA9} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-02-03] (COMODO)
Task: {42483536-125F-4C67-8EA8-67ADE57A7C99} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-03] (COMODO)
Task: {69F9F935-12F1-4927-9084-C18B8467ABA7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {6D982438-A1A0-4FCB-B37C-40B3DCE48A6E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {75D23AF2-4876-4A10-BE04-9E5CCA05940B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {8F8519B1-E96B-4BB5-B2B5-4CC9AEE3C414} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-03] (COMODO)
Task: {B1B82D2B-4A84-406C-BE0E-064DA16E3528} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-03] (COMODO)
Task: {B8B8E85A-2F64-4126-A193-2FAA045107D6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23] (Adobe Systems Incorporated)
Task: {F2BE82F7-8FD5-4BBF-88DD-178928C4B4F8} - System32\Tasks\GoogleUpdateTaskMachineCore1d037fb6c5a68b1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d037fb6c5a68b1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2011-08-25 15:58 - 2011-09-05 09:37 - 03284480 _____ () C:\Program Files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe
2012-08-06 11:11 - 2012-08-06 11:11 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-23 09:41 - 2012-06-25 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2011-08-25 15:52 - 2011-01-26 15:53 - 00028160 _____ () C:\Program Files (x86)\Led Indicator Keyboard Driver\uiHook.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\grep.exe:$CmdTcID
AlternateDataStreams: C:\Windows\MBR.exe:$CmdTcID
AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID
AlternateDataStreams: C:\Windows\PEV.exe:$CmdTcID
AlternateDataStreams: C:\Windows\sed.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWREG.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWSC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWXCACLS.exe:$CmdTcID
AlternateDataStreams: C:\Windows\zip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID

sean · 2015/02/15

AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Users\asw19_000\Desktop\mbam-setup-2.0.4.1028 (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\asw19_000\Desktop\mbam-setup-2.0.4.1028 (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\asw19_000\Downloads\installer_adobe_flash_player_English.exe:$CmdTcID
AlternateDataStreams: C:\Users\asw19_000\Downloads\mbam-setup-2.0.4.1028.exe:$CmdTcID
AlternateDataStreams: C:\Users\asw19_000\Downloads\mbam-setup-2.0.4.1028.exe:$CmdZnID
AlternateDataStreams: C:\Users\asw19_000\Downloads\mynpower_bill_09-02-2015 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\asw19_000\Downloads\mynpower_bill_09-02-2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\asw19_000\Downloads\mynpower_bill_11-16-2014 03-23-13 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\asw19_000\Downloads\mynpower_bill_11-16-2014 03-23-13.pdf:$CmdZnID
AlternateDataStreams: C:\Users\asw19_000\Downloads\mynpower_bill_11-16-2014 03-23-14 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\asw19_000\Downloads\mynpower_bill_11-16-2014 03-23-14.pdf:$CmdZnID
AlternateDataStreams: C:\Users\asw19_000\Downloads\SparkTrust PC Cleaner Plus Setup_eed7374_.exe:$CmdTcID
AlternateDataStreams: C:\Users\asw19_000\Downloads\SparkTrust PC Cleaner Plus Setup_eed7374_.exe:$CmdZnID
AlternateDataStreams: C:\Users\shaun_000\Desktop\10952571_10206020497501260_7655945293938048278_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\shaun_000\Desktop\1975096_265836583595060_1936534027_n.jpeg:$CmdZnID
AlternateDataStreams: C:\Users\shaun_000\Desktop\adwcleaner_4.110.exe:$CmdTcID
AlternateDataStreams: C:\Users\shaun_000\Desktop\adwcleaner_4.110.exe:$CmdZnID
AlternateDataStreams: C:\Users\shaun_000\Desktop\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\shaun_000\Desktop\FRST.exe:$CmdTcID
AlternateDataStreams: C:\Users\shaun_000\Desktop\FRST.exe:$CmdZnID
AlternateDataStreams: C:\Users\shaun_000\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\shaun_000\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\shaun_000\Desktop\HEADED DOCUMENT (1).doc:$CmdZnID
AlternateDataStreams: C:\Users\shaun_000\Desktop\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\shaun_000\Desktop\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\shaun_000\Desktop\mbar-1.08.3.1004.exe:$CmdTcID
AlternateDataStreams: C:\Users\shaun_000\Desktop\mbar-1.08.3.1004.exe:$CmdZnID
AlternateDataStreams: C:\Users\shaun_000\Desktop\rkill.exe:$CmdTcID
AlternateDataStreams: C:\Users\shaun_000\Desktop\rkill.exe:$CmdZnID
AlternateDataStreams: C:\Users\shaun_000\Desktop\RogueKiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\shaun_000\Desktop\RogueKiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\shaun_000\Desktop\RUC-PSNI.jpg:$CmdZnID
AlternateDataStreams: C:\Users\shaun_000\Downloads\adwcleaner_4.109.exe:$CmdTcID
AlternateDataStreams: C:\Users\shaun_000\Downloads\adwcleaner_4.109.exe:$CmdZnID
AlternateDataStreams: C:\Users\shaun_000\Downloads\dds.com:$CmdTcID
AlternateDataStreams: C:\Users\shaun_000\Downloads\dds.com:$CmdZnID
AlternateDataStreams: C:\Users\shaun_000\Downloads\spybotsd162.exe:$CmdTcID
AlternateDataStreams: C:\Users\shaun_000\Downloads\spybotsd162.exe:$CmdZnID

sean · 2015/02/15

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-255547870-3018188362-2244270488-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\shaun_000\Desktop\SEAN - EVERYTHING\BELFAST\100_0848.JPG
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "iTunesHelper "
HKU\S-1-5-21-255547870-3018188362-2244270488-1002\...\StartupApproved\Run: => "swg "

==================== Accounts: =============================

598E0721A5F7455F8E5E (S-1-5-21-255547870-3018188362-2244270488-1008 - Limited - Enabled)
Administrator (S-1-5-21-255547870-3018188362-2244270488-500 - Administrator - Disabled) => C:\Users\Administrator
asw19_000 (S-1-5-21-255547870-3018188362-2244270488-1003 - Administrator - Enabled) => C:\Users\asw19_000
caitl_000 (S-1-5-21-255547870-3018188362-2244270488-1006 - Administrator - Enabled) => C:\Users\caitl_000
Guest (S-1-5-21-255547870-3018188362-2244270488-501 - Limited - Enabled)
keyra_000 (S-1-5-21-255547870-3018188362-2244270488-1004 - Administrator - Enabled) => C:\Users\keyra_000
liamw_000 (S-1-5-21-255547870-3018188362-2244270488-1005 - Administrator - Enabled) => C:\Users\liamw_000
shaun_000 (S-1-5-21-255547870-3018188362-2244270488-1002 - Administrator - Enabled) => C:\Users\shaun_000

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

sean · 2015/02/15

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-02-15 13:23:28.885
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 13:09:38.489
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 13:00:49.710
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 12:53:53.674
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 12:48:34.458
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 12:14:19.220
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 11:30:10.739
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 10:00:48.370
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 09:37:02.267
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 08:53:52.893
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz
Percentage of memory in use: 18%
Total physical RAM: 8147.93 MB
Available physical RAM: 6676.86 MB
Total Pagefile: 16339.93 MB
Available Pagefile: 14750.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

Log in or Sign up

Solved Ads by Strong Signal

sean Well-Known Member Thread Starter

broni Moderator Malware Analyst

sean Well-Known Member Thread Starter

broni Moderator Malware Analyst

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

broni Moderator Malware Analyst

sean Well-Known Member Thread Starter

broni Moderator Malware Analyst

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

broni Moderator Malware Analyst

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved Ads by Strong Signal

sean Well-Known Member Thread Starter

broni Moderator Malware Analyst

sean Well-Known Member Thread Starter

broni Moderator Malware Analyst

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

broni Moderator Malware Analyst

sean Well-Known Member Thread Starter

broni Moderator Malware Analyst

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

broni Moderator Malware Analyst

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

sean Well-Known Member Thread Starter

Share This Page

Useful Searches