Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware - Video Converter Exe File

Started by Computer Problems , Jan 15 2016 06:11 PM

This topic is locked

13 replies to this topic

#1 Computer Problems

Member

Full Member
14 posts

Posted 15 January 2016 - 06:11 PM

Hi all,

Managed to pick up some nasty stuff while trying to find a video converter online. Thought the website was okay and scanned the exe file and it seemed okay, but I'm getting alerts all the time after this. I tried doing a system restore first, but every time it comes up with an error afterwards saying it was not properly done.

Although after the failed system restore, I'm not getting any of those alerts from my antivirus telling me it blocked a potential threat. Browser doesn't seem to be hijacked, I'm not getting redirected anywhere, and computer speed isn't any slower. I just want to make sure everything is okay right now. If you guys could help, that would be great!

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15/01/2016
Scan Time: 4:49 PM
Logfile: Virus.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.15.08
Rootkit Database: v2016.01.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: James

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355780
Time Elapsed: 11 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.MultiPlug, C:\Program Files (x86)\E85049A9-1452833669-0FDB-D893-88A48C83377B, Quarantined, [b83c83b65b3ed660bb20b01b6b98a759],
PUP.Optional.DNSio.BrwsrFlsh, C:\Program Files (x86)\WebDnsio, Quarantined, [47ad73c6287170c671a5299f659d8b75],

Files: 10
PUP.Optional.ConvertAd, C:\Users\James\AppData\Local\Temp\nsv32DC.tmp, Quarantined, [35bf4aeff6a38caae076894ed52cc43c],
Trojan.Agent.BHO, C:\Users\James\AppData\Local\Temp\nsvDCEA.tmp, Quarantined, [f7fdd861e0b9f34373a34e26748dcc34],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Users\James\AppData\Local\Temp\awhD00E.tmp, Quarantined, [e41046f3524782b44357032a50b1e51b],
PUP.Optional.EasyDriverPro, C:\Users\James\AppData\Local\Temp\awhD09C.tmp, Quarantined, [896bb584d9c086b0bb435f6ba75aec14],
PUP.Optional.MyBestOffersToday, C:\Users\James\AppData\Local\Temp\awhD198.tmp, Quarantined, [a54fef4a5049f54106bbdce9fe030df3],
Adware.EoRezo.Gen, C:\Users\James\AppData\Local\Temp\awhD1D7.tmp, Quarantined, [29cb05343d5c0036b92792408879ff01],
PUP.Optional.TrailerTime, C:\Users\James\AppData\Local\Temp\awhD228.tmp, Quarantined, [c52f61d8cacf3303da030ac1e12030d0],
PUP.Optional.MultiPlug, C:\Program Files (x86)\E85049A9-1452833669-0FDB-D893-88A48C83377B\knsb96B3.tmpfs, Quarantined, [b83c83b65b3ed660bb20b01b6b98a759],
PUP.Optional.MultiPlug, C:\Program Files (x86)\E85049A9-1452833669-0FDB-D893-88A48C83377B\Number of results, Quarantined, [b83c83b65b3ed660bb20b01b6b98a759],
PUP.Optional.MultiPlug, C:\Program Files (x86)\E85049A9-1452833669-0FDB-D893-88A48C83377B\vnsg2F0A.tmp, Quarantined, [b83c83b65b3ed660bb20b01b6b98a759],

Physical Sectors: 0
(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18163 BrowserJavaVersion: 10.55.2
Run by James at 17:02:53 on 2016-01-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7967.5454 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\James\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - <orphaned>
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [F.lux] "C:\Users\James\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
dRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{961576D5-9C0E-4346-8F64-3A3EEA30614E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{961576D5-9C0E-4346-8F64-3A3EEA30614E}\4646D2772747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9DC48570-B666-4AB8-B311-9A79F390F76D} : DHCPNameServer = 192.168.1.1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\31v7tnao.default-1411257059566\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\James\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2012-1-27 280656]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-4 65224]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-9-4 273784]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-3 52760]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-7-20 1055560]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-7-20 451040]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-5-18 283200]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-27 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-1-27 204288]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-5-13 128904]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-25 28656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2012-7-20 97648]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-25 155304]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-1-14 226440]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-7-3 122072]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-7-3 384728]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-7-3 773848]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-1-8 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-1-8 1773696]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-1-15 1513784]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-1-15 1135416]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-1-27 1128952]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-9-5 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-9-5 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-9-5 171928]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-1-27 231440]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2014-5-9 224720]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-1-15 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016-1-15 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-1-15 63704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-27 565352]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2015-2-17 237064]
R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-1-27 136000]
R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-1-27 409408]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-1-27 47232]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-7-3 405208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 AvastVBoxSvc;AvastVBox COM Service;"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" --> C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [?]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2012-1-27 349736]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-1-27 39464]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-1-14 114688]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2016-01-16 00:01:12   79064   ----a-w-   C:\Windows\System32\drivers\onubbstv.sys
2016-01-15 23:49:00   192216   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-01-15 23:48:36   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2016-01-15 23:48:36   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2016-01-15 23:48:36   109272   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2016-01-15 23:48:36   --------   d-----w-   C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-15 10:24:32   75888   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21923091-06F9-42A3-B5AB-0F95BC37AFA5}\offreg.6132.dll
2016-01-15 08:43:36   11154520   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21923091-06F9-42A3-B5AB-0F95BC37AFA5}\mpengine.dll
2016-01-15 06:38:02   11154520   ------w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2016-01-15 06:27:59   79872   ----a-w-   C:\Windows\SysWow64\MP3DMOD.DLL
2016-01-15 06:21:54   405504   ----a-w-   C:\Windows\System32\gdi32.dll
2016-01-15 05:53:55   43112   ----a-w-   C:\Windows\avastSS.scr
2016-01-15 05:06:11   --------   d-----w-   C:\Users\James\AppData\Roaming\CleanBrowser
2016-01-15 04:56:00   --------   d-----w-   C:\Users\James\AppData\Local\E85049A9-1452808560-0FDB-D893-88A48C83377B
2016-01-15 01:06:16   --------   d-----w-   C:\Users\James\AppData\Roaming\Faasoft Video Converter
2016-01-13 06:05:55   1393152   ----a-w-   C:\Windows\System32\WMALFXGFXDSP.dll
2016-01-13 06:05:55   1393152   ----a-w-   C:\Windows\System32\WMALFXGFXDSP(115).dll
2016-01-07 04:12:10   --------   d-s---w-   C:\Windows\SysWow64\Microsoft
.
==================== Find3M ====================
.
2016-01-15 05:54:39   97648   ----a-w-   C:\Windows\System32\drivers\aswmonflt.sys
2016-01-15 05:53:57   93528   ----a-w-   C:\Windows\System32\drivers\aswRdr2.sys
2016-01-15 05:53:57   65224   ----a-w-   C:\Windows\System32\drivers\aswRvrt.sys
2016-01-15 05:53:57   28656   ----a-w-   C:\Windows\System32\drivers\aswHwid.sys
2016-01-15 05:53:57   273784   ----a-w-   C:\Windows\System32\drivers\aswVmm.sys
2016-01-15 05:53:57   155304   ----a-w-   C:\Windows\System32\drivers\aswStm.sys
2016-01-15 05:53:51   1055560   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2016-01-04 08:09:09   796864   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2016-01-04 08:09:09   142528   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-30 19:08:35   5572544   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2015-12-30 19:08:34   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2015-12-30 19:08:34   154560   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2015-12-30 19:05:33   1730496   ----a-w-   C:\Windows\System32\ntdll.dll
2015-12-30 19:02:28   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2015-12-30 19:02:28   243712   ----a-w-   C:\Windows\System32\wow64.dll
2015-12-30 19:02:28   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2015-12-30 19:02:17   215040   ----a-w-   C:\Windows\System32\winsrv.dll
2015-12-30 19:02:13   210432   ----a-w-   C:\Windows\System32\wdigest.dll
2015-12-30 19:02:03   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2015-12-30 19:01:56   28672   ----a-w-   C:\Windows\System32\sspisrv.dll
2015-12-30 19:01:56   135680   ----a-w-   C:\Windows\System32\sspicli.dll
2015-12-30 19:01:55   503808   ----a-w-   C:\Windows\System32\srcore.dll
2015-12-30 19:01:55   50176   ----a-w-   C:\Windows\System32\srclient.dll
2015-12-30 19:01:14   28160   ----a-w-   C:\Windows\System32\secur32.dll
2015-12-30 19:01:12   344064   ----a-w-   C:\Windows\System32\schannel.dll
2015-12-30 19:01:10   1214464   ----a-w-   C:\Windows\System32\rpcrt4.dll
2015-12-30 19:00:23   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2015-12-30 18:59:11   312320   ----a-w-   C:\Windows\System32\ncrypt.dll
2015-12-30 18:59:07   315392   ----a-w-   C:\Windows\System32\msv1_0.dll
2015-12-30 18:59:02   60416   ----a-w-   C:\Windows\System32\msobjs.dll
2015-12-30 18:58:31   146432   ----a-w-   C:\Windows\System32\msaudite.dll
2015-12-30 18:58:00   1461248   ----a-w-   C:\Windows\System32\lsasrv.dll
2015-12-30 18:57:55   729600   ----a-w-   C:\Windows\System32\kerberos.dll
2015-12-30 18:57:55   424448   ----a-w-   C:\Windows\System32\KernelBase.dll
2015-12-30 18:55:46   43520   ----a-w-   C:\Windows\System32\csrsrv.dll
2015-12-30 18:55:45   43520   ----a-w-   C:\Windows\System32\cryptbase.dll
2015-12-30 18:55:44   22016   ----a-w-   C:\Windows\System32\credssp.dll
2015-12-30 18:47:23   3993536   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2015-12-30 18:47:23   3938240   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2015-12-30 18:44:26   1311768   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2015-12-30 18:41:32   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2015-12-30 18:41:31   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2015-12-30 18:41:31   665088   ----a-w-   C:\Windows\SysWow64\rpcrt4.dll
2015-12-30 18:41:31   274944   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2015-12-30 18:41:17   171520   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2015-12-30 18:41:11   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2015-12-30 18:41:03   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2015-12-30 18:40:29   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2015-12-30 18:40:28   251392   ----a-w-   C:\Windows\SysWow64\schannel.dll
2015-12-30 18:39:38   223232   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2015-12-30 18:39:35   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2015-12-30 18:39:32   60416   ----a-w-   C:\Windows\SysWow64\msobjs.dll
2015-12-30 18:39:17   146432   ----a-w-   C:\Windows\SysWow64\msaudite.dll
2015-12-30 18:38:56   552960   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2015-12-30 18:38:11   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2015-12-30 17:57:51   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2015-12-30 17:50:50   338432   ----a-w-   C:\Windows\System32\conhost.exe
2015-12-30 17:49:09   296960   ----a-w-   C:\Windows\System32\rstrui.exe
2015-12-30 17:44:49   50176   ----a-w-   C:\Windows\SysWow64\auditpol.exe
2015-12-30 17:43:39   159232   ----a-w-   C:\Windows\System32\drivers\mrxsmb.sys
2015-12-30 17:42:48   290816   ----a-w-   C:\Windows\System32\drivers\mrxsmb10.sys
2015-12-30 17:42:41   129024   ----a-w-   C:\Windows\System32\drivers\mrxsmb20.sys
2015-12-30 17:41:07   30720   ----a-w-   C:\Windows\System32\lsass.exe
2015-12-30 17:41:00   112640   ----a-w-   C:\Windows\System32\smss.exe
2015-12-30 17:32:54   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2015-12-30 17:32:53   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2015-12-30 17:32:52   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2015-12-30 17:32:51   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2015-12-30 17:30:55   36352   ----a-w-   C:\Windows\SysWow64\cryptbase.dll
2015-12-30 17:30:40   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-12-30 17:30:40   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-12-30 17:30:40   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-12-30 17:30:40   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-12-12 18:31:10   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-12-12 18:30:59   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2015-12-12 18:16:29   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2015-12-12 18:15:46   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2015-12-12 18:15:40   417792   ----a-w-   C:\Windows\System32\html.iec
2015-12-12 18:15:09   571904   ----a-w-   C:\Windows\System32\vbscript.dll
2015-12-12 18:14:59   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2015-12-12 18:07:27   6051328   ----a-w-   C:\Windows\System32\jscript9.dll
2015-12-12 18:02:34   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-12-12 18:02:34   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2015-12-12 18:02:19   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2015-12-12 17:55:26   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2015-12-12 17:49:57   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2015-12-12 17:44:06   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-12-12 17:37:41   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2015-12-12 17:37:39   496640   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2015-12-12 17:37:05   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2015-12-12 17:36:57   341504   ----a-w-   C:\Windows\SysWow64\html.iec
2015-12-12 17:36:04   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2015-12-12 17:27:24   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2015-12-12 17:27:04   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2015-12-12 17:21:12   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2015-12-12 17:20:50   2123264   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-12-12 17:14:57   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-12-12 17:09:47   4610560   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2015-12-12 17:06:02   2487808   ----a-w-   C:\Windows\System32\wininet.dll
2015-12-12 17:00:20   2050560   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
.
============= FINISH: 17:03:38.83 ===============

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 7 Update 55
Java version 32-bit out of Date!
Adobe Flash Player 20.0.0.267
Mozilla Firefox (42.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Thank you again!

Edited by Computer Problems, 15 January 2016 - 06:24 PM.

#2 nasdaq

Forum Deity

Global Moderator
49,267 posts

Posted 17 January 2016 - 06:59 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the LogFile button and the report will open in Notepad.

IMPORTANT

If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Check off the element(s) you wish to keep.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleanerCx.txt (x is a number).

===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

How is the computer running now?
Wait for further instructions.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 Computer Problems

Member

Full Member
14 posts

Posted 18 January 2016 - 04:38 PM

HI Nasdaq,

Thanks for the help. Here are the results

# AdwCleaner v5.030 - Logfile created 18/01/2016 at 15:29:03
# Updated 17/01/2016 by Xplode
# Database : 2016-01-17.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : James - DEVIANT
# Running from : C:\Users\James\Desktop\All Music\adwcleaner_5.030.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\James\AppData\Local\E85049A9-1452808560-0FDB-D893-88A48C83377B

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [783 bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by James (administrator) on DEVIANT (18-01-2016 15:34:19)
Running from C:\Users\James\Desktop\All Music
Loaded Profiles: James (Available Profiles: James)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Flux Software LLC) C:\Users\James\AppData\Local\FluxSoftware\Flux\flux.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Farbar) C:\Users\James\Desktop\All Music\FRST64(1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-14] (AVAST Software)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-10-12] (QFX Software Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-964378446-540514427-2992831550-1000\...\Run: [F.lux] => C:\Users\James\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-964378446-540514427-2992831550-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-964378446-540514427-2992831550-1000\...\Run: [Google Update] => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-964378446-540514427-2992831550-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-964378446-540514427-2992831550-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-964378446-540514427-2992831550-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-964378446-540514427-2992831550-1000\...\MountPoints2: J - J:\SETUP.EXE
HKU\S-1-5-21-964378446-540514427-2992831550-1000\...\MountPoints2: {37a7b007-1437-11e3-bffd-74de2b79eb39} - K:\iStudio.exe
HKU\S-1-5-21-964378446-540514427-2992831550-1000\...\MountPoints2: {dbbb7b79-2442-11e4-bfce-50e549d9ac72} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\Run: [Advanced SystemCare 6] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-14] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-01-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{961576D5-9C0E-4346-8F64-3A3EEA30614E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9DC48570-B666-4AB8-B311-9A79F390F76D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-964378446-540514427-2992831550-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
HKU\S-1-5-21-964378446-540514427-2992831550-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON/19
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {FBF0EF74-FA1B-4ABB-8025-6BA71170A57E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {FBF0EF74-FA1B-4ABB-8025-6BA71170A57E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-964378446-540514427-2992831550-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-964378446-540514427-2992831550-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-964378446-540514427-2992831550-1000 -> {FBF0EF74-FA1B-4ABB-8025-6BA71170A57E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-964378446-540514427-2992831550-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\31v7tnao.default-1411257059566
FF NewTab: www.google.ca
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-04] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-964378446-540514427-2992831550-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\James\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-964378446-540514427-2992831550-1000: @talk.google.com/O1DPlugin -> C:\Users\James\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-964378446-540514427-2992831550-1000: @tools.google.com/Google Update;version=3 -> C:\Users\James\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-964378446-540514427-2992831550-1000: @tools.google.com/Google Update;version=9 -> C:\Users\James\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\James\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\James\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\31v7tnao.default-1411257059566\searchplugins\youtube-video-search.xml [2015-11-22]
FF Extension: NoScript - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\31v7tnao.default-1411257059566\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-01-10]
FF Extension: Adblock Plus - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\31v7tnao.default-1411257059566\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-14]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-14] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-17] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
R2 sppsvc; C:\Windows\SysWOW64\sppsvc.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2016-01-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2016-01-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-14] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-18] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-18] (QFX Software Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-18] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-17] (Sandboxie Holdings, LLC)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-18 15:34 - 2016-01-18 15:34 - 00000000 ____D C:\FRST
2016-01-17 00:13 - 2016-01-17 00:13 - 00000372 _____ C:\Users\James\Desktop\Tron deck.txt
2016-01-16 15:19 - 2016-01-16 15:27 - 00000000 ____D C:\Users\James\Desktop\vacation
2016-01-16 14:00 - 2016-01-17 11:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-16 01:57 - 2016-01-16 01:57 - 00000057 _____ C:\Users\James\Desktop\animes 2016.txt
2016-01-15 17:09 - 2016-01-15 17:09 - 00001053 _____ C:\Users\James\Desktop\checkup.txt
2016-01-15 17:03 - 2016-01-15 17:03 - 00025953 _____ C:\Users\James\Desktop\dds.txt
2016-01-15 17:03 - 2016-01-15 17:03 - 00011067 _____ C:\Users\James\Desktop\attach.txt
2016-01-15 17:02 - 2016-01-15 17:02 - 00002589 _____ C:\Users\James\Desktop\Virus.txt
2016-01-15 16:49 - 2016-01-18 15:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-15 16:48 - 2016-01-15 16:48 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-15 16:48 - 2016-01-15 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-15 16:48 - 2016-01-15 16:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-15 16:48 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-15 16:48 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-15 16:48 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-14 23:28 - 2015-12-11 11:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-14 23:28 - 2015-12-08 14:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-14 23:28 - 2015-12-08 14:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-14 23:28 - 2015-12-08 14:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-14 23:28 - 2015-12-08 14:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-14 23:28 - 2015-12-08 14:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-14 23:28 - 2015-12-08 14:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-14 23:28 - 2015-12-08 14:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-14 23:28 - 2015-12-08 14:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-14 23:28 - 2015-12-08 14:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-14 23:28 - 2015-12-08 14:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-14 23:28 - 2015-12-08 14:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-14 23:28 - 2015-12-08 14:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-14 23:28 - 2015-12-08 14:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-14 23:28 - 2015-12-08 14:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-14 23:28 - 2015-12-08 14:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-14 23:28 - 2015-12-08 14:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-14 23:28 - 2015-12-08 14:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-14 23:28 - 2015-12-08 14:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-14 23:28 - 2015-12-08 14:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-14 23:28 - 2015-12-08 14:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-14 23:28 - 2015-12-08 14:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-14 23:28 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-14 23:28 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-14 23:28 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-14 23:28 - 2015-12-08 14:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-14 23:28 - 2015-12-08 14:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-14 23:28 - 2015-12-08 12:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-14 23:28 - 2015-12-08 12:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-14 23:28 - 2015-12-08 12:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-14 23:28 - 2015-12-08 12:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-14 23:28 - 2015-12-08 12:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-14 23:28 - 2015-12-08 12:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-14 23:28 - 2015-12-08 12:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-14 23:28 - 2015-12-08 12:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-14 23:28 - 2015-12-08 12:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-14 23:28 - 2015-12-08 12:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-14 23:28 - 2015-12-08 12:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-14 23:28 - 2015-12-08 12:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-14 23:28 - 2015-12-08 12:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-14 23:28 - 2015-12-08 12:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-14 23:28 - 2015-12-08 12:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-14 23:28 - 2015-11-13 16:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-14 23:28 - 2015-11-13 16:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-14 23:28 - 2015-11-13 16:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-14 23:28 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-14 23:28 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-14 23:28 - 2015-11-13 15:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-14 23:27 - 2015-12-23 16:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-14 23:27 - 2015-12-23 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-14 23:27 - 2015-12-12 11:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-14 23:27 - 2015-12-12 11:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-14 23:27 - 2015-12-12 11:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-14 23:27 - 2015-12-12 11:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-14 23:27 - 2015-12-12 11:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-14 23:27 - 2015-12-12 11:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-14 23:27 - 2015-12-12 11:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-14 23:27 - 2015-12-12 11:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-14 23:27 - 2015-12-12 11:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-14 23:27 - 2015-12-12 11:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-14 23:27 - 2015-12-12 11:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-14 23:27 - 2015-12-12 11:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-14 23:27 - 2015-12-12 11:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-14 23:27 - 2015-12-12 11:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-14 23:27 - 2015-12-12 11:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-14 23:27 - 2015-12-12 11:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-14 23:27 - 2015-12-12 11:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-14 23:27 - 2015-12-12 11:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-14 23:27 - 2015-12-12 10:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-14 23:27 - 2015-12-12 10:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-14 23:27 - 2015-12-12 10:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-14 23:27 - 2015-12-12 10:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-14 23:27 - 2015-12-12 10:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-14 23:27 - 2015-12-12 10:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-14 23:27 - 2015-12-12 10:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-14 23:27 - 2015-12-12 10:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-14 23:27 - 2015-12-12 10:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-14 23:27 - 2015-12-12 10:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-14 23:27 - 2015-12-12 10:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-14 23:27 - 2015-12-12 10:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-14 23:27 - 2015-12-12 10:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-14 23:27 - 2015-12-12 10:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-14 23:27 - 2015-12-12 10:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-14 23:27 - 2015-12-12 10:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-14 23:27 - 2015-12-12 10:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-14 23:27 - 2015-12-12 10:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-14 23:27 - 2015-12-12 10:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-14 23:27 - 2015-12-12 10:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-14 23:27 - 2015-12-12 10:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-14 23:27 - 2015-12-12 10:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-14 23:27 - 2015-12-12 10:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-14 23:27 - 2015-12-12 10:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-14 23:27 - 2015-12-12 10:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-14 23:27 - 2015-12-12 10:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-14 23:27 - 2015-12-12 10:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-14 23:27 - 2015-12-12 10:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-14 23:27 - 2015-12-12 10:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-14 23:27 - 2015-12-12 10:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-14 23:27 - 2015-12-12 10:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-14 23:27 - 2015-12-12 10:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-14 23:27 - 2015-12-12 10:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-14 23:27 - 2015-12-12 10:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-14 23:27 - 2015-12-12 10:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-14 23:27 - 2015-12-12 10:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-14 23:27 - 2015-12-12 10:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-14 23:27 - 2015-12-12 10:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-14 23:27 - 2015-12-12 10:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-14 23:27 - 2015-12-12 09:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-14 23:27 - 2015-12-12 09:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-14 23:27 - 2015-12-12 09:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-14 23:27 - 2015-12-12 09:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-14 23:27 - 2015-12-12 09:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-14 23:27 - 2015-12-08 14:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-14 23:27 - 2015-12-08 14:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-14 23:27 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-14 23:27 - 2015-12-08 14:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-14 23:27 - 2015-12-08 14:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-14 23:27 - 2015-12-08 14:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-14 23:27 - 2015-12-08 14:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-14 23:27 - 2015-12-08 14:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-14 23:27 - 2015-12-08 14:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-14 23:27 - 2015-12-08 14:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-14 23:27 - 2015-12-08 14:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-14 23:27 - 2015-12-08 12:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-14 23:27 - 2015-12-08 12:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-14 23:27 - 2015-12-08 12:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-14 23:27 - 2015-12-08 12:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-14 23:27 - 2015-12-08 12:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-14 23:27 - 2015-12-08 12:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-14 23:27 - 2015-12-08 12:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-14 23:27 - 2015-12-08 11:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-14 23:27 - 2015-12-08 11:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-14 23:27 - 2015-12-08 11:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-14 23:27 - 2015-12-08 10:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-14 23:27 - 2015-11-16 18:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-14 23:27 - 2015-11-16 18:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-14 23:27 - 2015-11-16 18:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-14 23:27 - 2015-11-16 18:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-14 23:27 - 2015-11-16 18:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-14 23:27 - 2015-11-16 18:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-14 23:27 - 2015-11-16 13:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-14 23:21 - 2015-12-30 12:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-14 23:21 - 2015-12-30 12:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-14 23:21 - 2015-12-30 12:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-14 23:21 - 2015-12-30 12:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-14 23:21 - 2015-12-30 12:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-14 23:21 - 2015-12-30 12:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-14 23:21 - 2015-12-30 12:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-14 23:21 - 2015-12-30 12:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-14 23:21 - 2015-12-30 12:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-14 23:21 - 2015-12-30 12:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-14 23:21 - 2015-12-30 12:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-14 23:21 - 2015-12-30 12:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-14 23:21 - 2015-12-30 12:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-14 23:21 - 2015-12-30 12:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-14 23:21 - 2015-12-30 12:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-14 23:21 - 2015-12-30 12:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-14 23:21 - 2015-12-30 12:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-14 23:21 - 2015-12-30 12:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-14 23:21 - 2015-12-30 11:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-14 23:21 - 2015-12-30 11:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-14 23:21 - 2015-12-30 11:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-14 23:21 - 2015-12-30 11:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-14 23:21 - 2015-12-30 11:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-14 23:21 - 2015-12-30 11:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-14 23:21 - 2015-12-30 11:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-14 23:21 - 2015-12-30 11:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-14 23:21 - 2015-12-30 11:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-14 23:21 - 2015-12-30 11:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-14 23:21 - 2015-12-30 11:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-14 23:21 - 2015-12-30 11:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-14 23:21 - 2015-12-30 11:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-14 23:21 - 2015-12-30 11:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-14 23:21 - 2015-12-30 11:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-14 23:21 - 2015-12-30 11:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-14 23:21 - 2015-12-30 11:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-14 23:21 - 2015-12-30 11:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-14 23:21 - 2015-12-30 11:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-14 23:21 - 2015-12-30 11:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-14 23:21 - 2015-12-30 11:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-14 23:21 - 2015-12-30 11:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-14 23:21 - 2015-12-30 11:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-14 23:21 - 2015-12-30 11:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-14 23:21 - 2015-12-30 11:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-14 23:21 - 2015-12-30 11:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-14 23:21 - 2015-12-30 11:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-14 23:21 - 2015-12-30 11:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-14 23:21 - 2015-12-30 11:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 10:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-14 23:21 - 2015-12-30 10:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-14 23:21 - 2015-12-30 10:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-14 23:21 - 2015-12-30 10:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-14 23:21 - 2015-12-30 10:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-14 23:21 - 2015-12-30 10:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-14 23:21 - 2015-12-30 10:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-14 23:21 - 2015-12-30 10:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-14 23:21 - 2015-12-30 10:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-14 23:21 - 2015-12-30 10:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-14 23:21 - 2015-12-30 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-14 23:21 - 2015-12-30 10:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-14 23:21 - 2015-12-30 10:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-14 23:21 - 2015-12-30 10:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-14 23:21 - 2015-12-30 10:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 10:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-14 23:21 - 2015-12-30 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-14 23:21 - 2015-12-08 14:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-14 23:21 - 2015-12-08 12:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-14 22:54 - 2016-01-14 22:53 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-14 22:53 - 2016-01-14 22:53 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-14 22:20 - 2016-01-14 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-14 22:06 - 2016-01-14 22:06 - 00000000 ____D C:\Users\James\AppData\Roaming\CleanBrowser
2016-01-14 18:07 - 2016-01-14 18:13 - 00000000 ____D C:\Users\James\Documents\Faasoft Video Converter
2016-01-14 18:06 - 2016-01-14 18:06 - 00000000 ____D C:\Users\James\AppData\Roaming\Faasoft Video Converter
2016-01-14 17:57 - 2016-01-14 17:57 - 00016896 ___SH C:\Users\James\Downloads\Thumbs.db
2016-01-12 23:05 - 2015-12-08 12:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-12 23:05 - 2009-07-13 18:41 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP(115).dll
2016-01-07 17:27 - 2016-01-07 17:27 - 00000158 _____ C:\Users\James\Documents\reanimator creatures.txt
2016-01-04 17:09 - 2016-01-04 17:09 - 00000000 ____D C:\Users\James\Desktop\Comics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-18 15:35 - 2012-09-06 19:44 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-964378446-540514427-2992831550-1000UA.job
2016-01-18 15:34 - 2015-03-20 16:21 - 00000000 ____D C:\Users\James\Desktop\All Music
2016-01-18 15:34 - 2009-07-13 20:20 - 00000000 ____D C:\Windows
2016-01-18 15:33 - 2012-01-27 16:41 - 00000000 ____D C:\ProgramData\PDFC
2016-01-18 15:30 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-18 15:29 - 2013-09-05 19:04 - 00000000 ____D C:\AdwCleaner
2016-01-18 15:29 - 2009-07-13 21:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-18 15:29 - 2009-07-13 21:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-18 15:27 - 2012-05-12 16:20 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E2B08674-E19C-4FF6-8BD1-A6D016C1B124}
2016-01-18 15:25 - 2012-07-20 23:58 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-17 23:09 - 2013-03-18 20:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-17 22:44 - 2013-10-14 20:52 - 00000000 ____D C:\Users\James\AppData\Roaming\Skype
2016-01-17 21:54 - 2014-03-10 21:20 - 00007641 _____ C:\Users\James\Documents\music 2014.txt
2016-01-17 20:31 - 2012-09-06 19:44 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-964378446-540514427-2992831550-1000Core.job
2016-01-17 11:42 - 2012-05-12 17:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-16 15:22 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-16 15:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-01-15 16:49 - 2015-03-15 20:40 - 00000000 __SHD C:\Users\James\AppData\LocalLow\EmieBrowserModeList
2016-01-15 16:49 - 2015-03-15 20:40 - 00000000 __SHD C:\Users\James\AppData\Local\EmieBrowserModeList
2016-01-15 16:49 - 2014-05-04 08:42 - 00000000 __SHD C:\Users\James\AppData\LocalLow\EmieUserList
2016-01-15 16:49 - 2014-05-04 08:42 - 00000000 __SHD C:\Users\James\AppData\Local\EmieUserList
2016-01-15 16:49 - 2014-05-04 08:42 - 00000000 __SHD C:\Users\James\AppData\Local\EmieSiteList
2016-01-15 16:49 - 2014-05-04 08:41 - 00000000 __SHD C:\Users\James\AppData\LocalLow\EmieSiteList
2016-01-15 16:48 - 2013-09-04 15:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-15 03:27 - 2009-07-13 21:45 - 00286672 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-15 03:24 - 2015-04-04 19:37 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-01-15 03:24 - 2015-04-04 19:37 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-15 03:24 - 2014-12-10 16:30 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-15 03:24 - 2014-05-06 06:47 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-15 03:08 - 2013-08-13 21:14 - 00000000 ____D C:\Windows\system32\MRT
2016-01-15 03:05 - 2012-06-07 06:25 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-14 23:33 - 2014-04-12 13:27 - 00000010 _____ C:\Users\James\AppData\Local\sponge.last.runtime.cache
2016-01-14 23:10 - 2015-01-03 19:42 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 22:54 - 2012-07-20 23:58 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-14 22:54 - 2012-07-20 23:58 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-01-14 22:53 - 2014-04-25 12:23 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-14 22:53 - 2014-04-25 12:23 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-14 22:53 - 2013-09-04 15:33 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-14 22:53 - 2013-09-04 15:33 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-14 22:53 - 2012-07-20 23:58 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-01-14 22:53 - 2012-07-20 23:58 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-14 22:52 - 2015-07-01 23:51 - 00001884 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-14 22:49 - 2014-05-09 11:44 - 00003260 _____ C:\Windows\Sandboxie.ini
2016-01-14 22:48 - 2013-10-14 20:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-14 22:42 - 2015-12-03 16:30 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-14 22:42 - 2014-05-09 11:49 - 00000000 ____D C:\Users\James\AppData\Roaming\QFX Software
2016-01-14 22:42 - 2014-05-09 11:49 - 00000000 ____D C:\ProgramData\QFX Software
2016-01-14 22:42 - 2013-09-05 16:46 - 00000000 ____D C:\ProgramData\Spybot - Sear

Edited by Computer Problems, 18 January 2016 - 04:41 PM.

#4 Computer Problems

Member

Full Member
14 posts

Posted 18 January 2016 - 04:43 PM

It says the addition.txt file is too big to attach. The size I have on notepad is 54kb. What do you want me to do?

#5 nasdaq

Forum Deity

Global Moderator
49,267 posts

Posted 19 January 2016 - 07:16 AM

Your are saying that you do not have any issues with this computer.

I find it very strange that you have so many zero byte files in the C:\Windows\SysWOW64 folder

Let me check this further.
===

Please run the Farbar Recovery Scan Tool. Enter lsass.exe;spoolsv.exe in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.
===

Copy and paste the content of the Addition.txt file for my review.

#6 Computer Problems

Member

Full Member
14 posts

Posted 19 January 2016 - 06:36 PM

Here you go

Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by James (2016-01-19 17:34:13)
Running from C:\Users\James\Desktop\All Music
Boot Mode: Normal

================== Search Files: "lsass.exe;spoolsv.exe" =============

C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682\spoolsv.exe
[2012-08-14 17:34][2012-02-10 23:20] 0559616 ____A (Microsoft Corporation) B9D7A4858CF32A6A15D2763F1DE47E0E [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_3433cdb2d8563d50\spoolsv.exe
[2012-08-14 17:34][2012-02-10 23:36] 0559104 ____A (Microsoft Corporation) 85DAA09A98C9286D4EA2BA8D0E644377 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[2010-11-20 20:24][2010-11-20 20:24] 0559104 ____A (Microsoft Corporation) B96C17B5DC1424D56EEA3A99E97428CD [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23313_none_04f8f9708c8984b7\lsass.exe
[2016-01-14 23:21][2015-12-30 10:47] 0030720 ____A (Microsoft Corporation) 8A6ED755DF7097571660723E06BA7B81 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23250_none_04cab6fc8cacab4f\lsass.exe
[2015-11-10 16:50][2015-10-19 18:10] 0031232 ____A (Microsoft Corporation) 0F3591FD0F246CD5941B6DC8184E66B7 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23249_none_04de89828c9c736d\lsass.exe
[2015-11-10 16:50][2015-10-16 11:10] 0031232 ____A (Microsoft Corporation) 642713B5EFA4A27E1CB88E99208F160A [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23211_none_04f6f6f68c8b54e2\lsass.exe
[2015-10-13 14:50][2015-09-15 16:37] 0031232 ____A (Microsoft Corporation) A51431778979B82E6C7041EAB29F66F4 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23153_none_04cdb5f48ca9fa2d\lsass.exe
[2015-09-08 15:16][2015-08-04 11:11] 0031232 ____A (Microsoft Corporation) 2BB259A51DDADBCF9652C67A3E82447C [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23142_none_04d785968ca2c4e5\lsass.exe
[2015-09-08 15:17][2015-07-22 15:03] 0031232 ____A (Microsoft Corporation) FBD94DDAB6D96DE7ECE7D38E48035A75 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23136_none_04e656aa8c970e50\lsass.exe
[2015-08-11 15:14][2015-07-15 11:08] 0031232 ____A (Microsoft Corporation) 31359EDA482F9A4C5DB36741596550AC [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23126_none_04f126968c8ef25f\lsass.exe
[2015-08-11 15:14][2015-07-14 20:19] 0031232 ____A (Microsoft Corporation) 2CCFA4793B9696F26214634300FE8B37 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23115_none_04faf6388c87bd17\lsass.exe
[2015-07-14 14:52][2015-07-01 11:20] 0031232 ____A (Microsoft Corporation) 5F8423E7FDA0EB902C6D156F6121E094 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23112_none_04f7f55a8c8a7112\lsass.exe
[2015-07-14 14:51][2015-06-27 11:12] 0031232 ____A (Microsoft Corporation) BD1E0ADA58D82453182F297C4C6AA00A [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23072_none_04b713ec8cbb1b91\lsass.exe
[2015-06-09 14:53][2015-05-25 11:21] 0031232 ____A (Microsoft Corporation) 2A953A1104439BA166FD63A5806A16DF [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23040_none_04d5831c8ca49510\lsass.exe
[2015-05-12 14:44][2015-04-27 12:16] 0031232 ____A (Microsoft Corporation) D52C700254E7FBD9BF6D817BA7BA5309 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23017_none_04fcf4e68c85f29e\lsass.exe
[2015-05-12 14:45][2015-04-03 20:25] 0031232 ____A (Microsoft Corporation) BB9C1B746086558899935E3333CD4580 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23002_none_0502c3608c8257fa\lsass.exe
[2015-04-14 14:31][2015-03-16 22:11] 0031232 ____A (Microsoft Corporation) DCCDD65A4E68360E5CF57AFC864C64E0 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22983_none_04ad6c288cc21d97\lsass.exe
[2015-03-10 12:37][2015-03-05 22:32] 0031232 ____A (Microsoft Corporation) 395CAE11172BEBB0253895E8B5F82BFA [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22948_none_04ddad4a8c9d2c86\lsass.exe
[2015-03-10 12:38][2015-02-02 20:50] 0031232 ____A (Microsoft Corporation) CBB80CC43E683F929F8D5E50330F7BA6 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22943_none_04d8abd88ca1add3\lsass.exe
[2015-03-10 12:38][2015-01-26 20:56] 0031232 ____A (Microsoft Corporation) 5B63917A1BE4728D8111850CDEF252F1 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_04f04c448c8fa89f\lsass.exe
[2014-05-13 20:51][2014-04-11 19:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1\lsass.exe
[2014-05-13 20:51][2014-04-11 19:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22920_none_04eb4ad28c9429ec\lsass.exe
[2015-02-10 15:50][2015-01-10 00:09] 0031232 ____A (Microsoft Corporation) 55C62F66528A7BF58EA964B70BCB3D96 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[2014-05-13 20:51][2014-04-11 19:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[2014-11-12 15:49][2014-09-19 02:47] 0031232 ____A (Microsoft Corporation) B84317193B6A29F5F5DCF538C34FDCED [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[2014-05-13 20:51][2014-04-11 19:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[2014-05-13 20:51][2014-04-11 19:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[2014-05-13 20:51][2014-04-11 19:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[2014-07-09 14:43][2014-05-30 01:00] 0031232 ____A (Microsoft Corporation) 04F6C08B30C599D301CE8530A6F6A703 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[2014-05-13 20:51][2014-04-11 19:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
[2013-11-13 16:31][2013-09-24 18:08] 0030720 ____A (Microsoft Corporation) F021DAFB1F87616FCEBA159C2ED7042F [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2012-07-10 16:56][2012-06-04 00:51] 0031232 ____A (Microsoft Corporation) 79C908CAA6F43021EB05F4C733A927D1 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2012-05-13 09:48][2011-11-16 23:20] 0031232 ____A (Microsoft Corporation) 0A10B74FBB437FF9A23F1D5DE4446A83 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19110_none_046c59e1736e9bc1\lsass.exe
[2016-01-14 23:21][2015-12-30 10:41] 0030720 ____A (Microsoft Corporation) CB0E57424A776C51EF42469064ADBF08 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19045_none_0450e9a973827120\lsass.exe
[2015-11-10 16:50][2015-10-19 18:04] 0031232 ____A (Microsoft Corporation) 2BC45F4CF55B45BDD650828192F132B8 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19044_none_044fe95f738357c9\lsass.exe
[2015-11-10 16:51][2015-10-17 11:09] 0031232 ____A (Microsoft Corporation) AECDFB5F08DC5069563AFC6F47C0DDE5 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19043_none_044ee91573843e72\lsass.exe
[2015-11-10 16:50][2015-10-16 11:04] 0031232 ____A (Microsoft Corporation) 50996040C28F2E644F7270D2A3BE2BC8 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19007_none_047e29ed7360340a\lsass.exe
[2015-10-13 14:51][2015-09-15 11:10] 0031232 ____A (Microsoft Corporation) 5424EC756808C1002457033D969115C7 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18939_none_045fe29b73768749\lsass.exe
[2015-09-08 15:17][2015-07-22 17:01] 0031232 ____A (Microsoft Corporation) FDD980360C9D72DA77F4C59376AE95C9 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18933_none_0459e0df737bef3f\lsass.exe
[2015-08-11 15:14][2015-07-15 11:10] 0031232 ____A (Microsoft Corporation) 0D48E93C6BE3143C0198CB252B992D16 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18923_none_0464b0cb7373d34e\lsass.exe
[2015-08-11 15:14][2015-07-14 20:19] 0031232 ____A (Microsoft Corporation) A7C232F194DE012B41B5EE0C5021CFDB [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18912_none_046e806d736c9e06\lsass.exe
[2015-07-14 14:52][2015-07-01 13:47] 0031232 ____A (Microsoft Corporation) 97D879A884E7CDFED51AD63348A35254 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18909_none_0480525f735e3376\lsass.exe
[2015-07-14 14:51][2015-06-27 11:02] 0031232 ____A (Microsoft Corporation) FCCD46F56DD641ED856FC0E65757B4FD [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18869_none_043f70f1738eddf5\lsass.exe
[2015-06-09 14:53][2015-05-25 11:18] 0031232 ____A (Microsoft Corporation) 17A6A9AAD04CCC6EE53290585BFC43AF [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18839_none_045fe0b573768a22\lsass.exe
[2015-05-12 14:44][2015-04-27 12:22] 0031232 ____A (Microsoft Corporation) 9262D6E2C239EDD6D87B080F2BCCEC9F [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18812_none_046e7e87736ca0df\lsass.exe
[2015-05-12 14:45][2015-04-03 20:20] 0031232 ____A (Microsoft Corporation) 4C3FAC816925F73A34AD52F1F7C0A7EA [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18798_none_041dfefd73a81b4a\lsass.exe
[2015-04-14 14:31][2015-03-16 22:15] 0031232 ____A (Microsoft Corporation) CA4FC33FB22D92368A0B221092B46374 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18779_none_04349f1f7396fcbf\lsass.exe
[2015-03-10 12:37][2015-03-05 22:41] 0031232 ____A (Microsoft Corporation) B6C7729936AAF8E0697F0A7DCA82CED8 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18741_none_044d0c937385de34\lsass.exe
[2015-03-10 12:38][2015-02-02 20:30] 0031232 ____A (Microsoft Corporation) 7554A1B82B4A222FD4CC292ABD38A558 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18738_none_045ede85737773a4\lsass.exe
[2015-03-10 12:38][2015-01-28 20:18] 0031232 ____A (Microsoft Corporation) 43FE6F74D2D43443CF2279613FA0A516 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_04757ea773665519\lsass.exe
[2015-02-10 15:49][2015-01-15 01:09] 0031232 ____A (Microsoft Corporation) E0105F3B5B1C4B0F5B3D788A13504EC6 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[2015-02-10 15:47][2015-01-13 23:04] 0031232 ____A (Microsoft Corporation) 1E31700D9C9E0FB79999D02A8437482C [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18714_none_04707d35736ad666\lsass.exe
[2015-02-10 15:50][2015-01-09 23:47] 0031232 ____A (Microsoft Corporation) C8152B86C0F12E61B0AD5C95751547D3 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[2014-05-13 20:51][2014-04-11 19:19] 0031232 ____A (Microsoft Corporation) 204F3F58212B3E422C90BD9691A2DF28 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[2014-11-12 15:49][2014-09-19 02:42] 0031232 ____A (Microsoft Corporation) 341655B216721D89CADE9DEA2F33872F [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[2014-05-13 20:51][2014-04-11 19:19] 0031232 ____A (Microsoft Corporation) 204F3F58212B3E422C90BD9691A2DF28 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[2014-05-13 20:51][2014-04-11 19:19] 0031232 ____A (Microsoft Corporation) 204F3F58212B3E422C90BD9691A2DF28 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe
[2014-07-09 14:43][2014-05-30 01:07] 0031232 ____A (Microsoft Corporation) F23812F9F7B130854E4BC0389F7C688C [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[2014-05-13 20:51][2014-04-11 19:19] 0031232 ____A (Microsoft Corporation) 204F3F58212B3E422C90BD9691A2DF28 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2013-11-13 16:31][2013-09-24 18:03] 0030720 ____A (Microsoft Corporation) 4D71227301DD8D09097B9E4CC6527E5A [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[2012-05-13 09:48][2011-11-16 23:33] 0031232 ____A (Microsoft Corporation) C118A82CD78818C29AB228366EBF81C3 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2012-05-13 09:48][2011-11-16 23:33] 0031232 ____A (Microsoft Corporation) C118A82CD78818C29AB228366EBF81C3 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2009-07-13 16:20][2009-07-13 18:39] 0031232 ____A (Microsoft Corporation) 0793F40B9B8A1BDD266296409DBD91EA [File is digitally signed]

C:\Windows\SysWOW64\lsass.exe
[2013-09-04 17:04][2013-09-04 17:04] 0000000 ____A () [File not signed]

C:\Windows\SysWOW64\spoolsv.exe
[2013-09-04 17:04][2013-09-04 17:04] 0000000 ____A () [File not signed]

C:\Windows\System32\lsass.exe
[2016-01-14 23:21][2015-12-30 10:41] 0030720 ____A (Microsoft Corporation) CB0E57424A776C51EF42469064ADBF08 [File is digitally signed]

C:\Windows\System32\spoolsv.exe
[2012-08-14 17:34][2012-02-10 23:36] 0559104 ____A (Microsoft Corporation) 85DAA09A98C9286D4EA2BA8D0E644377 [File is digitally signed]

====== End of Search ======

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by James (2016-01-18 15:35:13)
Running from C:\Users\James\Desktop\All Music
Windows 7 Home Premium Service Pack 1 (X64) (2012-05-12 23:16:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-964378446-540514427-2992831550-500 - Administrator - Disabled)
Guest (S-1-5-21-964378446-540514427-2992831550-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-964378446-540514427-2992831550-1275 - Limited - Enabled)
James (S-1-5-21-964378446-540514427-2992831550-1000 - Administrator - Enabled) => C:\Users\James

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
µTorrent (HKU\S-1-5-21-964378446-540514427-2992831550-1000\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{D2A53F8D-3924-E600-6023-883B255E3812}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2245 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)
Borderlands 2 GOTY version 1.8.2.0 (HKLM-x32\...\Borderlands 2 GOTY_is1) (Version: 1.8.2.0 - Mr DJ)
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - )
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)
Chessmaster 10th Edition (HKLM-x32\...\InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}) (Version: 1.00.0000 - Ubisoft)
Chessmaster 10th Edition (x32 Version: 1.00.0000 - Ubisoft) Hidden
Cockatrice (HKLM-x32\...\Cockatrice) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
ConvertXtoDVD 4.1.10.348 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.10.348 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Diablo (HKLM-x32\...\Diablo) (Version: - )
Diablo (HKU\S-1-5-21-964378446-540514427-2992831550-1000\...\Diablo) (Version: - )
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.03 - Electronic Arts, Inc.)
f.lux (HKU\S-1-5-21-964378446-540514427-2992831550-1000\...\Flux) (Version: - )
Fable - The Lost Chapters (HKLM-x32\...\InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}) (Version: 1.00.0000 - Microsoft Game Studios)
Fable - The Lost Chapters (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hellfire (HKLM-x32\...\Hellfire) (Version: - )
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.212.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.8.2.0 - QFX Software Corporation)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Magic The Gathering - Duels of the Planeswalkers 2012 (HKLM-x32\...\Magic The Gathering - Duels of the Planeswalkers 2012_is1) (Version: - )
Magic The Gathering - Duels of the Planeswalkers 2013 (HKLM-x32\...\Magic The Gathering - Duels of the Planeswalkers 2013_is1) (Version: - )
Magic The Gathering (HKLM-x32\...\InstallShield_{6463EA8A-08AE-48BB-A921-A570CA34F28B}) (Version: 3.201 - Wizards of the Coast)
Magic The Gathering (x32 Version: 3.201 - Wizards of the Coast) Hidden
MagicTG (HKLM-x32\...\{a517a98e-d5c2-41ea-a12d-47365cbd8813}.sdb) (Version: - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OpenMG Limited Patch 4.7-07-14-05-01 (HKLM-x32\...\OpenMG HotFix4.7-07-13-22-01) (Version: - )
OpenMG Secure Module 4.7.00 (HKLM-x32\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenMG Secure Module 4.7.00 (x32 Version: 4.7.00.12140 - Sony Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.3.1540.9 - AMD)
RAIDXpert (x32 Version: 3.3.1540.9 - AMD) Hidden
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.101 - Skype Technologies S.A.)
SonicStage 4.3 (HKLM-x32\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Street Fighter IV: Arcade Edition (HKLM-x32\...\Steam App 45760) (Version: - Capcom)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08424897-8C83-4C73-85F8-0E03540B8CC9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-964378446-540514427-2992831550-1000Core => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {30DFC1A1-C90A-4CA8-98AD-D28F85F2A955} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {37379823-7D07-41C3-A81B-4899A2801FDF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {3FDAB207-6AF2-4339-90CA-7F710FF69EA0} - System32\Tasks\{CCC21F55-552E-4CE6-A381-582EB5C5E525} => pcalua.exe -a C:\Users\James\Downloads\vcredist_x86.exe -d C:\Users\James\Downloads
Task: {43335C8B-F065-4E3F-B84B-392A2ADEC064} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software)
Task: {53943043-5E9E-4100-A3C8-8B0BFBA55304} - System32\Tasks\{8371E5EF-2D91-48EB-872C-CA5D9F33A15B} => pcalua.exe -a C:\Users\James\AppData\Local\Temp\afolder\BlackFaceBacks.pic.exe -d "C:\Users\James\Desktop\Manalink 3.0\Program"
Task: {59F8564B-6581-42B7-BA66-2B0435965A7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {681849CC-FEB2-4AD8-9AB8-26E04105CA66} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-04] (Adobe Systems Incorporated)
Task: {75AA7924-68F5-4291-8F24-0F45EC836852} - System32\Tasks\{A410CD07-1F17-4DE7-A655-DCADBDE9A460} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-12-01] (Skype Technologies S.A.)
Task: {8865C342-E94C-4A8A-8890-1F0040917C6E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {8F5DC00F-AE1E-4E26-9D8B-725B8FE6579E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {9B53494F-6ED4-4B30-A813-AF04FCB0AFAC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {9E131CC1-267C-4D95-A798-AB68A4EA2830} - System32\Tasks\{9FF699F0-7C23-47E6-965C-9378B745F930} => pcalua.exe -a C:\Users\James\AppData\Local\Temp\afolder\ML30.Default.ogg.exe -d "C:\Users\James\Desktop\Manalink 3.0\Program"
Task: {A279532C-7112-41C0-86CD-8F4204387E53} - System32\Tasks\{3237C05C-E2A5-4D70-AA1A-5A0FDC6BD97D} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.59.102/en/abandoninstall?page=tsProgressBar
Task: {AA8C9F06-1A13-4716-8F38-868292A05431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {AC457101-6B7D-4F41-9816-A34E79169F03} - System32\Tasks\{77C0AFE9-CFEF-46E7-BC0A-7AA480FCBA55} => pcalua.exe -a "C:\Users\James\Desktop\Shandalar 2012\SoundMod_Shandalar2012_Default.exe" -d "C:\Users\James\Desktop\Shandalar 2012"
Task: {AF3E4EAD-E71A-4B59-BF60-A496E1F61395} - System32\Tasks\{03F11D7E-6F40-4B7B-9D3E-81A253E369DF} => pcalua.exe -a "C:\Users\James\Desktop\Movies\Diablo (V1.09) and Hellfire (1.01) (Latest Versions)\Diablo and Hellfire\Diablo and Hellfire\phinstal\SETUP.EXE" -d "C:\Users\James\Desktop\Movies\Diablo (V1.09) and Hellfire (1.01) (Latest Versions)\Diablo and Hellfire\Diablo and Hellfire\phinstal"
Task: {D2F37D8E-4CAD-40F0-9829-9326854F977B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-964378446-540514427-2992831550-1000UA => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E33B2500-FCA5-4136-A28E-32E0E872CBC2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {E4BA8588-31BE-4C38-8FF2-AF28F0BCA781} - System32\Tasks\{D21FB8CF-806A-4D50-8C68-E6EBF26E83EA} => pcalua.exe -a J:\autorun.exe -d J:\
Task: {EA3A3D83-8B3B-4B0F-9513-8868849A8E22} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {F5248E44-5041-4288-9EC2-F8856C59960F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {F5363D8B-C9A8-4DD7-B672-C6FEC31DA9BA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {FCF80A88-3B13-49B5-9860-A679F13F28FA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-14] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-964378446-540514427-2992831550-1000Core.job => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-964378446-540514427-2992831550-1000UA.job => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\James\Desktop\diablo - Shortcut.lnk -> C:\Users\James\Desktop\diablo.bat ()

==================== Loaded Modules (Whitelisted) ==============

2011-10-24 02:16 - 2011-10-24 02:16 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-04-11 17:20 - 2011-04-11 17:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-11 17:20 - 2011-04-11 17:20 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2016-01-14 22:53 - 2016-01-14 22:53 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-14 22:53 - 2016-01-14 22:53 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-18 15:26 - 2016-01-18 15:26 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011800\algo.dll
2016-01-14 22:53 - 2016-01-14 22:53 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-04-12 13:43 - 2014-04-12 13:43 - 00000000 _____ () C:\Windows\system32\aticfx32.dll
2014-04-12 13:43 - 2014-04-12 13:43 - 00000000 _____ () C:\Windows\system32\atiu9pag.dll
2014-04-12 13:43 - 2014-04-12 13:43 - 00000000 _____ () C:\Windows\system32\atiumdag.dll
2014-04-12 13:43 - 2014-04-12 13:43 - 00000000 _____ () C:\Windows\system32\atiumdva.dll
2014-04-12 13:43 - 2014-04-12 13:43 - 00000000 _____ () C:\Windows\system32\MSVCR71.dll
2011-05-11 17:17 - 2011-05-11 17:17 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2014-04-12 13:43 - 2014-04-12 13:43 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2013-09-05 16:44 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-05 16:44 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-05 16:44 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-12 13:43 - 2014-04-12 13:43 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll
2014-04-12 13:43 - 2014-04-12 13:43 - 00000000 _____ () C:\Windows\system32\atidxx32.dll
2013-09-05 16:44 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-09-05 16:44 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-01-14 22:53 - 2016-01-14 22:53 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-964378446-540514427-2992831550-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\James\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A490180C-B0F2-49CF-B06A-DA0235027D02}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{9A29B33E-D999-4F3F-A074-B5719AF241A4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{D47359E7-EBC4-4A6A-915B-93764D1A7E6B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{D4091398-A4A3-4B4A-AB6B-6EF373EA4537}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{4E44F4B7-9212-4063-A5FA-C7E50C997DEB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{98EEF8E8-B2C8-41FD-BF2A-83E10C294B94}] => (Allow) LPort=2869
FirewallRules: [{38373A7F-EFA5-4FB5-80C8-6EBCF23F4442}] => (Allow) LPort=1900
FirewallRules: [{46D1528E-AAB5-40EF-9174-93EBC960B2BC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0D661158-4A73-45F7-9CFA-548B542D6683}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C5C289E9-492C-4CFF-B4A1-93ACF56F2977}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{86A98072-043F-41EB-8E06-D3D8A468603E}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{4F07D5C9-A89B-4E45-8C37-67F39BF0A72C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{084C9DAC-54D5-489C-A34D-9A4B7225E208}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7A448695-11E3-4DD6-91CD-394FFC136BD1}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
FirewallRules: [UDP Query User{07BAD68B-C515-437F-81D2-0136B517CEEB}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
FirewallRules: [TCP Query User{2D030DD1-C373-4B4F-BF55-758DDB0CCA9A}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe
FirewallRules: [UDP Query User{4BDEEF45-51F8-4737-8335-AC234EE49779}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe
FirewallRules: [{3A0213C1-E4CA-4F0E-BC6F-57D20B10D5AF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{DEFBE45C-4515-40F9-A8D3-E5E236FC4D91}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{2673BBF8-FAC6-49BD-A227-6C3FACC72636}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{3C3F4FC2-FF87-48C2-8DD9-08904AB40C8E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{A2B2DF88-92E6-4A4A-BCB4-B298F2B997AC}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{4A73441C-122D-4244-8E8F-9820B28B0D03}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{7BC2BA24-0267-4B60-B1CC-2938016795EF}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe
FirewallRules: [UDP Query User{7F1A0D31-E98A-48A3-8EDD-749FE4795F60}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe
FirewallRules: [TCP Query User{EB052F48-3AFD-49B4-A9B9-229C44B97E83}C:\users\james\desktop\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe] => (Allow) C:\users\james\desktop\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe
FirewallRules: [UDP Query User{DD3A46BE-0062-4223-A865-31EC81429577}C:\users\james\desktop\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe] => (Allow) C:\users\james\desktop\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe
FirewallRules: [TCP Query User{21777AA5-D815-48BA-9055-1C9C8E53E30B}C:\program files (x86)\magictg\manalink.exe] => (Allow) C:\program files (x86)\magictg\manalink.exe
FirewallRules: [UDP Query User{24B927A5-04E1-4583-A5C7-2BE11D9EE89D}C:\program files (x86)\magictg\manalink.exe] => (Allow) C:\program files (x86)\magictg\manalink.exe
FirewallRules: [TCP Query User{ACCBBB47-49A4-43B3-B842-1190804754E2}C:\programdata\battle.net\agent\agent.1675\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1675\agent.exe
FirewallRules: [UDP Query User{E9462866-3A89-41AB-BEF8-8E39C60148CC}C:\programdata\battle.net\agent\agent.1675\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1675\agent.exe
FirewallRules: [TCP Query User{BE5F88B6-5679-4F7D-BD51-02351EF22C58}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [UDP Query User{51ADBC7C-F4DD-4568-9B75-BA922D7C43B5}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [TCP Query User{869AE383-79C4-43E6-B1C6-A74E508D17BB}C:\mtg\manalink.exe] => (Block) C:\mtg\manalink.exe
FirewallRules: [UDP Query User{1C4F0674-4A16-468B-8DB9-3BDDBA25DD1A}C:\mtg\manalink.exe] => (Block) C:\mtg\manalink.exe
FirewallRules: [{5490DBC0-FC76-4AA1-9DE7-E05E0F542649}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{77052C3E-AF87-4C21-8486-B82996A4E56F}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{38548FC3-5476-47EF-97F6-D11173753802}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{20C0C098-0318-4619-885B-2634614158C4}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{2F544524-8E0C-4EB1-B52A-3A17CE382D3C}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [{0594F345-45CF-4BDD-BC37-0B9B41701D58}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [TCP Query User{3A01F574-CF3D-4B64-9B9C-FFBD02BF6D5F}C:\program files (x86)\diablo\diablo.exe] => (Block) C:\program files (x86)\diablo\diablo.exe
FirewallRules: [UDP Query User{DC70C139-EB41-43B6-9174-89373113F804}C:\program files (x86)\diablo\diablo.exe] => (Block) C:\program files (x86)\diablo\diablo.exe
FirewallRules: [TCP Query User{CC235457-2684-4623-95E7-5EC6A65771C1}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{8F18AFB3-178A-4F15-9BBC-DC5343859BCB}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [{4E26BF65-55D1-4BD9-BB53-489E09F7DD8B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C4C82215-031E-4240-82E7-735DE3F2471E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4D7E64CC-7312-4A73-9206-0670546488D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{7F930B63-0A03-4227-BBF8-DB3CA01A9908}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{59C87436-AE49-4DD3-9FF8-09FFE66E8024}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{27FEBAB2-714D-49A0-BD2F-5D719ADDBDE7}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{2808DBE6-A5DF-4D1E-A7ED-03CC1964C7A9}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [{962DD982-547F-4484-8579-9D8D7BF3EE7E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{2B7A705B-285D-4D43-9F44-245C25EA48B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{2FC85E5D-F0F1-40EE-B073-3A9473228384}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{90FF2AB9-6227-4B1D-9C7B-5EEB56D3360D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{56EEFB68-7C36-4485-A59A-EA2A2043B3E3}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{EE288341-590C-4C26-A652-9D8021F4EF02}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{F19F6C7F-B2E1-4E6D-9AEA-51B6D3B93DE6}E:\easysetupassistant\easysetupassistant.exe] => (Allow) E:\easysetupassistant\easysetupassistant.exe
FirewallRules: [UDP Query User{F631EE43-DFBF-47AF-A6A0-6AF97E6BF496}E:\easysetupassistant\easysetupassistant.exe] => (Allow) E:\easysetupassistant\easysetupassistant.exe
FirewallRules: [{F2936AE9-1690-442A-AE38-00EFCCBB8C32}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2820B2F9-B0FF-465C-B14C-B1A7876C70A3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3909EB66-9739-4FD4-A57B-15AD55F8D1E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E41F442-B367-4969-8D32-9D5A2357CA7E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF1D54E5-2B4B-4BB4-8484-477C489B5190}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{DBB651BA-03DD-467C-BC5E-74F1E676E391}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [TCP Query User{93CA5722-4F4E-4379-9832-9970DFDF184C}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{7F18C613-4ED9-46A0-88F5-DD2AA3EC4139}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{78D336A9-D6EA-4417-9486-BA6C338163C5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7E91964E-CC72-4575-90F3-B5DFF413C748}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{215A18B4-0065-4F80-BCE4-BA0A2EC8C310}C:\program files (x86)\wizards of the coast llc\magic the gathering - duels of the planeswalkers 2013\dotp_d13.exe] => (Block) C:\program files (x86)\wizards of the coast llc\magic the gathering - duels of the planeswalkers 2013\dotp_d13.exe
FirewallRules: [UDP Query User{F8D66D29-67C9-4244-89F2-C805808F333B}C:\program files (x86)\wizards of the coast llc\magic the gathering - duels of the planeswalkers 2013\dotp_d13.exe] => (Block) C:\program files (x86)\wizards of the coast llc\magic the gathering - duels of the planeswalkers 2013\dotp_d13.exe
FirewallRules: [{D0D2301D-7CF7-449F-B138-4D0657EA6ACB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{96528BE8-228E-486B-93A7-E89CFE81EE29}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{26DA8BA9-2155-4DD7-A778-1F1BD9487016}C:\users\james\desktop\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe] => (Block) C:\users\james\desktop\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe
FirewallRules: [UDP Query User{459913EE-7741-443D-8364-615A07CCA61F}C:\users\james\desktop\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe] => (Block) C:\users\james\desktop\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe
FirewallRules: [TCP Query User{3483BEFF-8675-41D7-A6A0-171C6F21E5F5}C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Block) C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{55E2F600-3CC5-4E31-AE4F-4571B1671AEB}C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Block) C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe
FirewallRules: [{BC04CA43-A89F-4074-A6B6-CBD03D72B838}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D951D4AD-96BD-4C8F-90B6-25F15189699F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

02-07-2015 19:15:35 Scheduled Checkpoint
03-07-2015 14:58:27 Windows Update
07-07-2015 12:24:02 Windows Update
10-07-2015 15:28:59 Windows Update
14-07-2015 14:49:23 Windows Update
14-07-2015 23:53:57 Windows Update
16-07-2015 00:42:07 Windows Update
20-07-2015 12:13:08 Windows Update
24-07-2015 14:28:06 Windows Update
28-07-2015 15:30:49 Windows Update
28-07-2015 23:57:45 Windows Update
29-07-2015 16:14:52 avast! antivirus system restore point
03-08-2015 17:42:37 Windows Update
09-08-2015 21:28:12 Windows Update
11-08-2015 23:14:07 Windows Update
16-08-2015 17:27:52 Windows Update
19-08-2015 00:16:23 Windows Update
22-08-2015 21:06:00 Windows Update
26-08-2015 14:49:57 Windows Update
29-08-2015 19:38:24 Windows Update
02-09-2015 15:05:15 Windows Update
06-09-2015 08:32:30 Windows Update
09-09-2015 00:18:19 Windows Update
15-09-2015 15:19:13 Windows Update
20-09-2015 17:33:03 Windows Update
25-09-2015 14:23:37 Windows Update
29-09-2015 14:29:54 Windows Update
02-10-2015 14:54:09 Windows Update
06-10-2015 14:48:58 Windows Update
08-10-2015 22:52:52 Windows Update
13-10-2015 14:50:28 Windows Update
13-10-2015 23:14:37 Windows Update
14-10-2015 23:58:31 Windows Update
20-10-2015 15:02:27 Windows Update
23-10-2015 15:49:29 Windows Update
27-10-2015 14:56:38 Windows Update
30-10-2015 16:09:50 Windows Update
03-11-2015 16:30:57 Windows Update
06-11-2015 16:54:54 Windows Update
10-11-2015 16:47:46 Windows Update
11-11-2015 02:03:40 Windows Update
13-11-2015 00:59:38 Windows Update
17-11-2015 16:33:40 Windows Update
20-11-2015 16:47:38 Windows Update
24-11-2015 19:10:43 Windows Update
01-12-2015 16:35:23 Windows Update
06-12-2015 18:09:55 Windows Update
08-12-2015 23:59:45 Windows Update
15-12-2015 17:45:22 Windows Update
03-01-2016 23:24:09 Windows Update
04-01-2016 02:09:28 Windows Update
10-01-2016 19:26:02 Windows Update
13-01-2016 01:08:13 Windows Update
14-01-2016 22:04:01 Windows Defender Checkpoint
14-01-2016 22:06:22 Restore Operation
14-01-2016 22:18:01 avast! antivirus system restore point
14-01-2016 22:33:30 Restore Operation
14-01-2016 22:50:05 avast! antivirus system restore point
14-01-2016 23:35:37 Windows Update
15-01-2016 03:00:13 Windows Update

==================== Faulty Device Manager Devices =============

Name: HP Bluetooth module
Description: HP Bluetooth module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VBoxAsw Support Driver
Description: VBoxAsw Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VBoxAswDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Broadcom WLAN Adapter
Description: Broadcom WLAN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2016 03:32:47 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/18/2016 03:25:12 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/17/2016 11:44:43 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/16/2016 10:06:10 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/15/2016 04:31:52 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/15/2016 03:27:55 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Ob

#7 nasdaq

Forum Deity

Global Moderator
49,267 posts

Posted 20 January 2016 - 07:06 AM

Press the windows key

+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> No File
Toolbar: HKU\S-1-5-21-964378446-540514427-2992831550-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-14]
R2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
R2 sppsvc; C:\Windows\SysWOW64\sppsvc.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {53943043-5E9E-4100-A3C8-8B0BFBA55304} - System32\Tasks\{8371E5EF-2D91-48EB-872C-CA5D9F33A15B} => pcalua.exe -a C:\Users\James\AppData\Local\Temp\afolder\BlackFaceBacks.pic.exe -d "C:\Users\James\Desktop\Manalink 3.0\Program"
Task: {9E131CC1-267C-4D95-A798-AB68A4EA2830} - System32\Tasks\{9FF699F0-7C23-47E6-965C-9378B745F930} => pcalua.exe -a C:\Users\James\AppData\Local\Temp\afolder\ML30.Default.ogg.exe -d "C:\Users\James\Desktop\Manalink 3.0\Program"
C:\Windows\SysWOW64\atiesrxx.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\sppsvc.exe

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com...d/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmic...java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.co...oads/index.html

How to disable Java in your browsers
http://www.infoworld...browsers-210882

If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)

Please post the log and let me know what problem persists.

#8 Computer Problems

Member

Full Member
14 posts

Posted 24 January 2016 - 11:40 PM

Hi Nasdaq,

Sorry for the late response!

Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by James (2016-01-24 22:29:51) Run:1
Running from C:\Users\James\Desktop\SLOT
Loaded Profiles: James (Available Profiles: James)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> No File
Toolbar: HKU\S-1-5-21-964378446-540514427-2992831550-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-14]
R2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
R2 sppsvc; C:\Windows\SysWOW64\sppsvc.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-09-04] () <==== ATTENTION (zero byte File/Folder)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {53943043-5E9E-4100-A3C8-8B0BFBA55304} - System32\Tasks\{8371E5EF-2D91-48EB-872C-CA5D9F33A15B} => pcalua.exe -a C:\Users\James\AppData\Local\Temp\afolder\BlackFaceBacks.pic.exe -d "C:\Users\James\Desktop\Manalink 3.0\Program"
Task: {9E131CC1-267C-4D95-A798-AB68A4EA2830} - System32\Tasks\{9FF699F0-7C23-47E6-965C-9378B745F930} => pcalua.exe -a C:\Users\James\AppData\Local\Temp\afolder\ML30.Default.ogg.exe -d "C:\Users\James\Desktop\Manalink 3.0\Program"
C:\Windows\SysWOW64\atiesrxx.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\sppsvc.exe

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} => key not found.
HKU\S-1-5-21-964378446-540514427-2992831550-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
AMD External Events Utility => service removed successfully
EFS => service removed successfully
KeyIso => Unable to stop service.
KeyIso => service removed successfully
Netlogon => service removed successfully
ProtectedStorage => Unable to stop service.
ProtectedStorage => service removed successfully
SamSs => Unable to stop service.
SamSs => service removed successfully
Spooler => service removed successfully
sppsvc => service removed successfully
VaultSvc => service removed successfully
AvastVBoxSvc => service could not remove
HP Support Assistant Service => service removed successfully
hpqwmiex => service removed successfully
esgiguard => service removed successfully
VBoxAswDrv => service could not remove
"HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-964378446-540514427-2992831550-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53943043-5E9E-4100-A3C8-8B0BFBA55304}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53943043-5E9E-4100-A3C8-8B0BFBA55304}" => key removed successfully
C:\Windows\System32\Tasks\{8371E5EF-2D91-48EB-872C-CA5D9F33A15B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8371E5EF-2D91-48EB-872C-CA5D9F33A15B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E131CC1-267C-4D95-A798-AB68A4EA2830}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E131CC1-267C-4D95-A798-AB68A4EA2830}" => key removed successfully
C:\Windows\System32\Tasks\{9FF699F0-7C23-47E6-965C-9378B745F930} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9FF699F0-7C23-47E6-965C-9378B745F930}" => key removed successfully
C:\Windows\SysWOW64\atiesrxx.exe => moved successfully
C:\Windows\SysWOW64\lsass.exe => moved successfully
C:\Windows\SysWOW64\spoolsv.exe => moved successfully
C:\Windows\SysWOW64\sppsvc.exe => moved successfully
EmptyTemp: => 17.1 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-01-24 22:38:09)

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 22:38:09 ====

#9 nasdaq

Forum Deity

Global Moderator
49,267 posts

Posted 25 January 2016 - 06:51 AM

Any improvement?

What are the remaining issues?

#10 Computer Problems

Member

Full Member
14 posts

Posted 25 January 2016 - 03:44 PM

Everything seems fine right now. Was there anything else on the log I submitted that might need attention or should I rerun a report?

If not, I think the thread can be closed.

Thanks again for all the help!

#11 nasdaq

Forum Deity

Global Moderator
49,267 posts

Posted 26 January 2016 - 07:03 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingc...best-practices/
===

#12 Computer Problems

Member

Full Member
14 posts

Posted 12 February 2016 - 05:58 PM

Hi Nasdaq,

Sorry for resurrecting this thread, but I did notice sometime odd afterwards. I can't print anymore. I keep getting this message that the print spooler is gone and I've looked online for solutions about "turning it back on" using services.msc, but the print spooler all together has disappeared. The only reason I thought to post this, is that I remember during the fixes, I did copy and paste a lot of "spooler" files, and wondered if maybe one of those fixes removed that necessary service? I could always print before...

Can you help me?

Thanks!

#13 nasdaq

Forum Deity

Global Moderator
49,267 posts

Posted 13 February 2016 - 06:35 AM

Just reinstall the printer.

#14 nasdaq

Forum Deity

Global Moderator
49,267 posts

Posted 21 February 2016 - 06:16 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Resolved or inactive Malware Removal

Malware - Video Converter Exe File

#1 Computer Problems

#2 nasdaq

#3 Computer Problems

#4 Computer Problems

#5 nasdaq

#6 Computer Problems

#7 nasdaq

#8 Computer Problems

#9 nasdaq

#10 Computer Problems

#11 nasdaq

#12 Computer Problems

#13 nasdaq

#14 nasdaq

Sign In