Hi thank you ever so much for your help! I think that this logon entry GINA is a spy ?

I do not know where this came from : and I cant delete it as I am afraid I might cause damage to winlogon in registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

12156121571215812159

I also removed omniboxes in registry but it came back again and I cannot find it to remove. thanking you all so much for your help raymondo cheers

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Ray (administrator) on QOSMIO on 17-03-2015 12:14:03
Running from C:\Users\Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0W30TEX
Loaded Profiles: Ray (Available profiles: Ray)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
(Bandoo Media Inc.) C:\Users\Ray\AppData\Local\iLivid\iLivid.exe
(Desksware) C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDShred.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTools.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Dominik Reichl) C:\Program Files\KEEPASS\KeePass.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\files\vss_start.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_32.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\files\vss_pause.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [8216048 2015-03-10] ()
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Run: [iLivid] => C:\Users\Ray\AppData\Local\iLivid\iLivid.exe [6827008 2013-09-09] (Bandoo Media Inc.)
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Run: [Desktop iCalendar Lite.exe] => C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe [1087232 2013-07-06] (Desksware)
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-20] (Piriform Ltd)
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1298752 2015-02-23] (Lavasoft)
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Policies\Explorer: [NoSaveSettings] 1
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Policies\Explorer: [link] 0x00000000
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\MountPoints2: {c3f238a3-49f1-11e3-bfb8-001eec3fd11f} - E:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150302
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2577715357-3074203239-3946342261-1001 -> DefaultScope {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_150302&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2577715357-3074203239-3946342261-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D030215-AE491287838034FE996F&form=CONBDF&conlogo=CT3331986&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2577715357-3074203239-3946342261-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_150302&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 48 C:\Windows\system32\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\3er9z533.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150302
FF NewTab: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150302
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-02-18] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [670808 2015-03-10] ()
R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-02-23] (Lavasoft Limited)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-02-23] ()
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [57216 2011-07-11] (TOSHIBA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 PRESONUS_AUDIOBOX_MIDI; C:\Windows\System32\drivers\psabusbm.sys [31864 2009-12-07] (Ploytec GmbH)
S3 PRESONUS_AUDIOBOX_USB; C:\Windows\System32\Drivers\psabusbu.sys [401016 2009-12-07] (Ploytec GmbH)
S3 PRESONUS_AUDIOBOX_WDM; C:\Windows\System32\drivers\psabusba.sys [40568 2009-12-07] (Ploytec GmbH)
S3 RkHit; C:\Windows\system32\drivers\RKHit.sys [34736 2010-12-28] ()
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [408280 2015-01-22] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-17 12:11 - 2015-03-17 12:14 - 00000000 ____D () C:\FRST
2015-03-17 12:08 - 2015-03-17 12:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-QOSMIO-Windows-7-Home-Premium-(32-bit).dat
2015-03-17 12:07 - 2015-03-17 12:07 - 00000000 ____D () C:\RegBackup
2015-03-17 11:59 - 2015-03-17 11:59 - 00002185 _____ () C:\Users\Ray\Desktop\Tweaking.com - Registry Backup.lnk
2015-03-17 11:59 - 2015-03-17 11:59 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-17 11:59 - 2015-03-17 11:59 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-03-14 19:03 - 2015-03-17 09:32 - 00000280 _____ () C:\Windows\setupact.log
2015-03-14 19:03 - 2015-03-14 19:03 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-14 19:02 - 2015-03-15 10:01 - 00003270 _____ () C:\Windows\PFRO.log
2015-03-14 18:00 - 2015-03-14 18:00 - 00000000 ____D () C:\CrimeWatch
2015-03-14 16:51 - 2015-03-14 16:51 - 00000000 ____D () C:\Users\Ray\AppData\Local\CrimeWatch
2015-03-14 16:50 - 2015-03-14 16:50 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-14 16:50 - 2015-03-14 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-14 16:50 - 2015-03-14 16:50 - 00000000 ____D () C:\Program Files\VideoLAN
2015-03-14 16:40 - 2015-03-14 16:40 - 00000000 ____D () C:\ProgramData\EFaeZP
2015-03-14 16:37 - 2015-03-14 16:37 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\omniboxes
2015-03-14 08:24 - 2015-03-14 08:24 - 00000000 ____D () C:\Users\Ray\Documents\TagsRevisited
2015-03-13 18:26 - 2015-02-24 13:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-13 18:26 - 2015-02-21 11:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 18:26 - 2015-02-21 11:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-13 18:26 - 2015-02-21 11:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 18:26 - 2015-02-21 10:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 18:26 - 2015-02-20 13:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-13 18:26 - 2015-02-20 13:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-13 18:26 - 2015-02-20 13:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-13 18:26 - 2015-02-20 13:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-13 18:26 - 2015-02-20 13:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-13 18:26 - 2015-02-20 13:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 18:26 - 2015-02-20 13:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-13 18:26 - 2015-02-20 13:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-13 18:26 - 2015-02-20 12:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-13 18:26 - 2015-02-20 12:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-13 18:26 - 2015-02-20 12:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-13 18:26 - 2015-02-20 12:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-13 18:26 - 2015-02-20 12:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-13 18:26 - 2015-02-20 12:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-13 18:26 - 2015-02-20 12:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-13 18:26 - 2015-02-20 12:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 18:26 - 2015-02-20 12:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 18:26 - 2015-02-20 12:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-13 18:26 - 2015-02-20 12:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-13 18:26 - 2015-02-20 12:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 18:26 - 2015-02-20 11:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 18:26 - 2015-02-20 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-13 18:25 - 2015-02-21 11:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 18:25 - 2015-02-20 13:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 18:25 - 2015-02-20 12:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 18:22 - 2015-02-13 16:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 18:22 - 2015-02-03 14:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 18:22 - 2015-01-17 13:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 18:21 - 2015-02-26 14:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 18:17 - 2015-02-03 14:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 18:16 - 2015-03-06 16:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-13 18:16 - 2015-03-06 16:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-13 18:16 - 2015-03-06 16:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-13 18:16 - 2015-03-06 16:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-13 18:16 - 2015-03-06 16:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-13 18:16 - 2015-03-06 16:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-13 18:16 - 2015-03-06 16:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-13 18:16 - 2015-03-06 16:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-13 18:16 - 2015-02-20 15:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-13 18:16 - 2015-02-20 15:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 18:16 - 2015-02-20 15:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-13 18:16 - 2015-02-20 15:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-13 18:16 - 2015-02-20 14:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 18:16 - 2015-02-04 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 18:15 - 2015-02-03 14:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-13 18:15 - 2015-02-03 14:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 18:15 - 2015-02-03 14:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-13 18:15 - 2015-02-03 14:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 18:15 - 2015-02-03 14:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-13 18:15 - 2015-02-03 14:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-13 18:15 - 2015-02-03 14:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-13 18:15 - 2015-02-03 14:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-13 18:15 - 2015-02-03 14:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-13 18:15 - 2015-02-03 14:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-13 18:15 - 2015-02-03 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-13 18:15 - 2015-02-03 14:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-13 18:15 - 2015-02-03 13:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-13 18:15 - 2015-01-31 10:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-13 18:15 - 2014-11-01 09:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-13 18:15 - 2014-06-28 11:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-13 18:15 - 2014-06-28 11:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 07:52 - 2015-03-11 07:52 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-03-04 17:23 - 2015-03-14 18:24 - 00000000 ____D () C:\Users\Ray\Documents\CCleaner reg backup
2015-03-04 01:14 - 2015-03-04 01:14 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\InstallShield
2015-03-03 01:01 - 2015-03-03 01:01 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\LavasoftStatistics
2015-03-03 01:00 - 2015-03-03 01:00 - 00000000 ____D () C:\Users\Ray\AppData\Local\Lavasoft
2015-03-03 01:00 - 2015-02-23 13:03 - 00325944 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-03-03 00:55 - 2015-03-03 01:13 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Lavasoft
2015-03-03 00:53 - 2015-03-17 09:34 - 00002321 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-03-03 00:53 - 2015-03-11 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-03-03 00:40 - 2015-03-03 00:58 - 00000000 ____D () C:\Program Files\Lavasoft
2015-03-03 00:29 - 2015-03-03 00:55 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-03-02 23:50 - 2015-03-02 23:50 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Safer Networking
2015-03-02 21:53 - 2015-03-02 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
2015-03-02 21:53 - 2015-03-02 21:55 - 00000000 ____D () C:\Program Files\Safer Networking
2015-02-21 22:36 - 2015-03-14 17:57 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-21 22:36 - 2015-03-14 17:57 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-21 22:36 - 2015-02-21 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-21 22:20 - 2015-02-24 22:16 - 00000000 __SHD () C:\Users\Ray\AppData\Local\EmieUserList
2015-02-21 22:20 - 2015-02-24 22:16 - 00000000 __SHD () C:\Users\Ray\AppData\Local\EmieBrowserModeList
2015-02-21 22:20 - 2015-02-21 22:31 - 00000000 __SHD () C:\Users\Ray\AppData\Local\EmieSiteList
2015-02-18 22:51 - 2015-02-18 22:51 - 00000000 ____D () C:\Users\Ray\Documents\ProcAlyzer Dumps
2015-02-18 22:32 - 2015-02-18 22:32 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-18 22:32 - 2015-02-18 22:32 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-18 22:32 - 2015-02-18 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-18 22:31 - 2015-02-22 13:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-18 22:31 - 2015-02-19 22:24 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-18 22:31 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-02-17 23:15 - 2015-02-28 17:03 - 00000000 ____D () C:\ProgramData\Sophos
2015-02-17 23:12 - 2015-03-17 11:00 - 00000000 ____D () C:\Users\Ray\Documents\VViruuus info
2015-02-17 20:45 - 2015-03-17 11:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2015-02-16 12:12 - 2015-02-16 12:17 - 00000000 ____D () C:\AdwCleaner
2015-02-16 00:47 - 2015-02-17 01:42 - 00000508 _____ () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\msn, with Outlook.com, Skype, and news.website
2015-02-15 19:07 - 2015-03-01 13:16 - 00000000 ____D () C:\Windows\pss
2015-02-15 16:06 - 2015-02-19 23:21 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\6642AC94-1424016394-DD11-A354-001EEC3FD11F

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-17 11:38 - 2013-11-23 23:37 - 00000000 ____D () C:\Program Files\KEEPASS
2015-03-17 11:05 - 2013-11-11 15:55 - 01736856 _____ () C:\Windows\WindowsUpdate.log
2015-03-17 09:41 - 2009-07-14 15:34 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 09:41 - 2009-07-14 15:34 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-17 09:38 - 2010-11-21 08:01 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-17 09:32 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 13:24 - 2009-07-14 15:53 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-15 13:03 - 2013-11-10 23:28 - 00000000 ____D () C:\Plus19
2015-03-15 10:03 - 2013-11-10 23:00 - 00000204 _____ () C:\Windows\MYOBP.INI
2015-03-15 10:03 - 2013-11-10 23:00 - 00000039 _____ () C:\Windows\MYOB.INI
2015-03-14 19:30 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\rescache
2015-03-14 18:53 - 2014-11-11 02:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-14 17:47 - 2013-11-27 22:42 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\vlc
2015-03-14 16:37 - 2013-11-10 20:58 - 00001306 _____ () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-14 16:31 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\Resources
2015-03-14 16:12 - 2015-02-09 12:34 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-14 16:11 - 2013-11-18 23:19 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Audacity
2015-03-14 08:45 - 2009-07-14 15:33 - 00406048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-14 08:16 - 2013-11-12 23:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-13 21:11 - 2013-11-12 23:34 - 00000000 ____D () C:\Users\Ray\Documents\Netbank receipts Bank Statements
2015-03-09 20:20 - 2013-01-12 16:18 - 00000000 _____ () C:\sparkraw.log
2015-03-09 20:04 - 2013-11-19 11:29 - 00000000 ____D () C:\Users\Ray\Documents\SEA RAY INVOICES
2015-03-04 17:20 - 2014-08-17 18:47 - 00000000 ____D () C:\Windows\Minidump
2015-03-04 17:12 - 2013-11-27 22:23 - 00000000 ____D () C:\Users\Ray\AppData\Local\iLivid
2015-03-04 01:15 - 2015-01-04 00:19 - 00000000 ____D () C:\ProgramData\TOSHIBA
2015-03-04 01:15 - 2015-01-03 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2015-03-04 01:15 - 2015-01-03 21:41 - 00000000 ____D () C:\Program Files\Toshiba
2015-03-04 01:15 - 2013-11-10 23:29 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-04 00:16 - 2013-11-10 22:02 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-28 13:19 - 2014-11-16 18:21 - 00001037 _____ () C:\Users\Public\Desktop\Recoveryer Ultimate Edition.lnk
2015-02-28 13:19 - 2014-11-16 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recoveryer Ultimate Edition
2015-02-28 13:19 - 2014-11-16 18:21 - 00000000 ____D () C:\Program Files\Recoveryer Ultimate Edition
2015-02-27 23:15 - 2014-09-14 17:38 - 00007667 _____ () C:\Users\Ray\AppData\Local\Resmon.ResmonCfg
2015-02-27 21:38 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-24 09:02 - 2014-10-31 09:18 - 00000000 ____D () C:\Users\Ray\Documents\ABORIGINAL INFORATION
2015-02-22 10:54 - 2014-05-17 20:19 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Skype
2015-02-22 10:54 - 2013-12-04 00:07 - 00000000 ____D () C:\Users\Ray\Documents\SEA RAY DOCS
2015-02-21 22:50 - 2013-11-11 15:38 - 00000000 ____D () C:\Windows\Panther
2015-02-20 01:16 - 2014-11-11 02:19 - 00000000 ____D () C:\Program Files\Registry Easy
2015-02-18 00:08 - 2013-11-10 20:58 - 00000000 ____D () C:\Users\Ray
2015-02-17 21:24 - 2013-11-11 13:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-17 21:24 - 2013-11-11 13:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-17 20:54 - 2013-12-10 23:30 - 00000000 ____D () C:\Users\Ray\Documents\Movie Studio Platinum 12.0 Projects
2015-02-17 20:26 - 2014-01-19 10:06 - 00000000 ____D () C:\Program Files\Google
2015-02-16 12:40 - 2014-01-19 10:06 - 00000000 ____D () C:\Users\Ray\AppData\Local\Google

==================== Files in the root of some directories =======

2014-09-22 12:46 - 2014-09-22 12:46 - 0004454 _____ () C:\Users\Ray\AppData\Local\recently-used.xbel
2014-09-14 17:38 - 2015-02-27 23:15 - 0007667 _____ () C:\Users\Ray\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 10:33

==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-03-17 12:19:14
-----------------------------
12:19:14.016 OS Version: Windows 6.1.7601 Service Pack 1
12:19:14.016 Number of processors: 2 586 0x1706
12:19:14.018 ComputerName: QOSMIO UserName: Ray
12:19:18.741 Initialize success
12:19:18.787 VM: initialized successfully
12:19:18.788 VM: Intel CPU virtualization not supported
12:48:43.023 The log file has been saved successfully to "C:\Users\Ray\Desktop\aswMBR.txt"

Bandoo Media
Please look for the above in your add/remove programs list. If found please uninstall/delete.
~~~~~~~~~~~~~~

Ad-Aware Antivirus and Microsoft Security Essentials?
Having more then 1 antivirus on your computer will cause a problem. Please uninstall one of your choice.

~~~~~~~~~~~~~~~~~~~~~~~~~
Please follow this tutorial to show all files and folders
http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/

Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:

C:\Windows\system32\drivers\RKHit.sys


Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

~~~~
We will need to download Farbar Recovery Scan Tool again.
You ran it out of a temp folder, wont allow us to do anything from there.

Running from C:\Users\Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0W30TEX



- Save ALL Tools to your Desktop-

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Chrome/Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Firefox/Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/IE/Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

~~~~~~~~~~~`
Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Don't run scan or other options for now, just need it on desktop to run the script.

NEXT

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CloseProcesses:
C:\Users\Ray\AppData\Local\iLivid
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Run: [iLivid] => C:\Users\Ray\AppData\Local\iLivid\iLivid.exe [6827008 2013-09-09] (Bandoo Media Inc.)
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
2015-03-04 17:12 - 2013-11-27 22:23 - 00000000 ____D () C:\Users\Ray\AppData\Local\iLivid
R2 serverjo; C:\Users\Kevin\AppData\Roaming\29AD3C80-1424083001-81E2-25E5-50465DE8C0E7\JOSrv.exe [127488 2015-02-16] () [File not signed]
C:\Users\Kevin\AppData\Roaming\29AD3C80-1424083001-81E2-25E5-50465DE8C0E7\JOSrv.exe
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~`

Please remove any usb or external drives from the computer before you run this scan!


Please download RogueKiller and save it to your desktop.

You can check here (http://support.microsoft.com/kb/827218) if you're not sure if your computer is 32-bit or 64-bit

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.


please post
file requested scanned
Fixlog.txt
RogueKiller

Still need help?

:crowned:

:D::devil::bigthumb::confused:

Still need help?


SHA256: 68d49671e0d34960ac99a92f74cebffe51007458f1098c0e6dd6ae774d1b8d5f
File name: RKHit.sys
Detection ratio: 10 / 57
Analysis date: 2015-03-24 10:43:03 UTC ( 24 minutes ago )






0




0



 Analysis


 File detail


 Additional information


 Comments 0


 Votes










Antivirus

Result

Update


Agnitum PUA.SpywareCease! 20150322
Antiy-AVL Trojan/Win32.TSGeneric 20150324
ByteHero Trojan.Win32.Native.Heur.Gen 20150324
ClamAV Trojan.Rootkit-2922 20150324
Comodo UnclassifiedMalware 20150324
DrWeb Trojan.Fakealert.20721 20150324
ESET-NOD32 Win32/Adware.SpywareCease 20150324
Fortinet Riskware/PUP_z 20150324
NANO-Antivirus Trojan.Win32.Fakealert.deefof 20150324
Zillya Trojan.FakeAV.Win32.59154 20150323
ALYac  20150324
AVG  20150324
AVware  20150324
Ad-Aware  20150324
AegisLab  20150324
AhnLab-V3  20150324
Alibaba  20150324
Avast  20150324
Avira  20150324
Baidu-International  20150324
BitDefender  20150324
Bkav  20150323
CAT-QuickHeal  20150324
CMC  20150324
Cyren  20150324
Emsisoft  20150324
F-Prot  20150324
F-Secure  20150324
GData  20150324
Ikarus  20150324
Jiangmin  20150323
K7AntiVirus  20150324
K7GW  20150324
Kaspersky  20150324
Kingsoft  20150324
Malwarebytes  20150324
McAfee  20150324
McAfee-GW-Edition  20150323
MicroWorld-eScan  20150324
Microsoft  20150324
Norman  20150324
Panda  20150323
Qihoo-360  20150324
Rising  20150323
SUPERAntiSpyware  20150323
Sophos  20150324
Symantec  20150324
Tencent  20150324
TheHacker  20150323
TotalDefense  20150324
TrendMicro  20150324
TrendMicro-HouseCall  20150324
VBA32  20150322
VIPRE  20150324
ViRobot  20150324
Zoner  20150323
nProtect  20150324

Still need help?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Ray at 2015-03-24 22:36:24 Run:1
Running from C:\Users\Ray\Desktop
Loaded Profiles: Ray (Available profiles: Ray)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\Ray\AppData\Local\iLivid
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Run: [iLivid] => C:\Users\Ray\AppData\Local\iLivid\iLivid.exe [6827008 2013-09-09] (Bandoo Media Inc.)
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
2015-03-04 17:12 - 2013-11-27 22:23 - 00000000 ____D () C:\Users\Ray\AppData\Local\iLivid
R2 serverjo; C:\Users\Kevin\AppData\Roaming\29AD3C80-1424083001-81E2-25E5-50465DE8C0E7\JOSrv.exe [127488 2015-02-16] () [File not signed]
C:\Users\Kevin\AppData\Roaming\29AD3C80-1424083001-81E2-25E5-50465DE8C0E7\JOSrv.exe
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
C:\Users\Ray\AppData\Local\iLivid => Moved successfully.
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => value deleted successfully.
"HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
"C:\Users\Ray\AppData\Local\iLivid" => File/Directory not found.
serverjo => Service not found.
"C:\Users\Kevin\AppData\Roaming\29AD3C80-1424083001-81E2-25E5-50465DE8C0E7\JOSrv.exe" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 424.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:36:40 ====

Bandoo Media
Please look for the above in your add/remove programs list. If found please uninstall/delete.
~~~~~~~~~~~~~~

Ad-Aware Antivirus and Microsoft Security Essentials?
Having more then 1 antivirus on your computer will cause a problem. Please uninstall one of your choice.

~~~~~~~~~~~~~~~~~~~~~~~~~
Please follow this tutorial to show all files and folders
http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/

Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:

C:\Windows\system32\drivers\RKHit.sys


Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

~~~~
We will need to download Farbar Recovery Scan Tool again.
You ran it out of a temp folder, wont allow us to do anything from there.

Running from C:\Users\Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0W30TEX



- Save ALL Tools to your Desktop-

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Chrome/Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Firefox/Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/IE/Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

~~~~~~~~~~~`
Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Don't run scan or other options for now, just need it on desktop to run the script.

NEXT

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~`

Please remove any usb or external drives from the computer before you run this scan!


Please download RogueKiller and save it to your desktop.

You can check here (http://support.microsoft.com/kb/827218) if you're not sure if your computer is 32-bit or 64-bit

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.


please post
file requested scanned
Fixlog.txt
RogueKiller


RogueKiller V10.5.7.0 [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Ray [Administrator]
Started from : C:\Users\Ray\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/24/2015 23:14:02

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B} ("C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe") -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-2577715357-3074203239-3946342261-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150302 -> Found
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2577715357-3074203239-3946342261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2577715357-3074203239-3946342261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 3er9z533.default : user_pref("browser.startup.homepage", "http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150302"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: LZT-128 ATA Device +++++
--- User ---
[MBR] 89459c5d4166289a81c8f79185aa802e
[BSP] 6c769be858a831c3a74394258cf29801 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Still need help?

Sorry this is all a mess all over the place but all the reports you requested are there amongst what you wrote as instructions I don't know how to get a clean page Ray

No problem.

I have an errand to run, be back in a couple of hours to sort this all out.

Did you remove Bandoo Media from add/remove programs list?


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CreateRestorePoint:
CloseProcesses:
S3 RkHit; C:\Windows\system32\drivers\RKHit.sys [34736 2010-12-28] ()
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


~~~~~~~~~~~~~~~~~~~~

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.


Please run a free online scan with the ESET Online Scanner

US Link: http://www.eset.com/us/online-scanner/
EU Link: http://www.eset.eu/online-scanner/

Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.

Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Under "Current Scan Targets" > click "change" and ensure all your drives are selected
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Attach the log as a reply to your next reply..
Close the ESET online scan, and let me know how things are now.



Please post these 2 logs when finished.

How is your computer now?

Hi Juliet I replied to this already, so how can I read my reply? I'm lost! lol Do I delete all this stuff above for a fresh clean page? Put this reply message at the beginning or end of the page? thanks Juliet

If you had posted the results to the last instructions, I'm not seeing them.
The last one was to remove the file I asked scanned at virus total and to run the Eset online scan?

When you want to post your logs, please click on the reply button located at the left bottom of the page instead of reply with quote.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Ray at 2015-03-29 12:10:11 Run:2
Running from C:\Users\Ray\Desktop
Loaded Profiles: Ray (Available profiles: Ray)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
S3 RkHit; C:\Windows\system32\drivers\RKHit.sys [34736 2010-12-28] ()
End
*****************

Restore point was successfully created.
Processes closed successfully.
RkHit => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog 12:10:18 ====

------------------------------------------------------------------------------------------------------------------------------------------------

C:\FRST\Quarantine\C\Users\Ray\AppData\Local\iLivid\Uninstall.exe a variant of Win32/Toolbar.SearchSuite.G potentially unwanted application
C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftLSPInstaller.exe a variant of Win32/Komodia.A potentially unsafe application
C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application
C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe a variant of Win32/Komodia.A potentially unsafe application
C:\Program Files\Registry Easy\RECleaner.exe a variant of Win32/Adware.RegistryEasy application
C:\Program Files\Registry Easy\Recoveryer.dll Win32/Adware.RegistryEasy application
C:\Program Files\Registry Easy\RegEasyUpdate.exe Win32/Adware.RegistryEasy application
C:\Program FilesFormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\ProgramData\EFaeZP\fkhHTPTK.exe a variant of MSIL/Adware.PullUpdate.N.gen application
C:\ProgramData\EFaeZP\dat\bQqzKCsHX.exe a variant of MSIL/Adware.PullUpdate.N.gen application
C:\Users\All Users\EFaeZP\fkhHTPTK.exe a variant of MSIL/Adware.PullUpdate.N.gen application
C:\Users\All Users\EFaeZP\dat\bQqzKCsHX.exe a variant of MSIL/Adware.PullUpdate.N.gen application
C:\Users\Ray\Favorites\Downloads\cbsidlm-cbsi188-FormatFactory-BP-10968547.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Ray\Favorites\Downloads\RegistryEasy_Setup.exe a variant of Win32/Adware.RegistryEasy application
C:\Windows\Installer\1583720.msi a variant of Win32/Komodia.A potentially unsafe application
C:\Windows\System32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application
C:\Windows\System32\drivers\RKHit.sys Win32/Adware.SpywareCease application
Operating memory a variant of Win32/Komodia.A potentially unsafe application

Did you uninstall one of the antivirus programs off your computer?

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CloseProcesses:
C:\Program Files\Registry Easy\RECleaner.exe
C:\Program Files\Registry Easy\Recoveryer.dll
C:\Program Files\Registry Easy\RegEasyUpdate.exe
C:\Program FilesFormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe
C:\ProgramData\EFaeZP
C:\Users\Ray\Favorites\Downloads\cbsidlm-cbsi188-FormatFactory-BP-10968547.exe
C:\Users\Ray\Favorites\Downloads\RegistryEasy_Setup.exe
C:\Windows\Installer\1583720.msi
C:\Windows\System32\drivers\RKHit.sys
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

How is your computer now?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Ray at 2015-04-01 00:54:22 Run:3
Running from C:\Users\Ray\Desktop
Loaded Profiles: Ray (Available profiles: Ray)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Program Files\Registry Easy\RECleaner.exe
C:\Program Files\Registry Easy\Recoveryer.dll
C:\Program Files\Registry Easy\RegEasyUpdate.exe
C:\Program FilesFormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe
C:\ProgramData\EFaeZP
C:\Users\Ray\Favorites\Downloads\cbsidlm-cbsi188-FormatFactory-BP-10968547.exe
C:\Users\Ray\Favorites\Downloads\RegistryEasy_Setup.exe
C:\Windows\Installer\1583720.msi
C:\Windows\System32\drivers\RKHit.sys
End
*****************

Processes closed successfully.
C:\Program Files\Registry Easy\RECleaner.exe => Moved successfully.
C:\Program Files\Registry Easy\Recoveryer.dll => Moved successfully.
C:\Program Files\Registry Easy\RegEasyUpdate.exe => Moved successfully.
C:\Program FilesFormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe => Moved successfully.
C:\ProgramData\EFaeZP => Moved successfully.
C:\Users\Ray\Favorites\Downloads\cbsidlm-cbsi188-FormatFactory-BP-10968547.exe => Moved successfully.
C:\Users\Ray\Favorites\Downloads\RegistryEasy_Setup.exe => Moved successfully.
C:\Windows\Installer\1583720.msi => Moved successfully.
C:\Windows\System32\drivers\RKHit.sys => Moved successfully.


The system needed a reboot.

==== End of Fixlog 00:54:23 ====

-----------------------------------------------------------------------------------------==================+++++++++++++++++++++++++

RogueKiller V10.5.7.0 [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Ray [Administrator]
Started from : C:\Users\Ray\Desktop\RogueKiller.exe
Mode : Scan -- Date : 04/01/2015 01:11:25

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B} ("C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe") -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-2577715357-3074203239-3946342261-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150302 -> Found
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2577715357-3074203239-3946342261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2577715357-3074203239-3946342261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 9 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - CreateProcessW : C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll @ 0x65923310 (jmp 0xfffffffff3eb32da)
[IAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - CreateProcessA : C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll @ 0x659231a0 (jmp 0xfffffffff3e4316a)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - CreateProcessWithLogonW : C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll @ 0x659237a0 (jmp 0xfffffffff3f1376a)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) kernel32.dll - CreateProcessW : C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll @ 0x65923310 (jmp 0xfffffffff3ea32da)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) kernel32.dll - CreateProcessA : C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll @ 0x659231a0 (jmp 0xfffffffff3e3316a)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) advapi32.DLL - CreateProcessWithLogonW : C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll @ 0x659237a0 (jmp 0xfffffffff3f0376a)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) kernel32.dll - CreateProcessW : C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll @ 0x65923310 (jmp 0xfffffffff3ea32da)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) kernel32.dll - CreateProcessA : C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll @ 0x659231a0 (jmp 0xfffffffff3e3316a)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) advapi32.DLL - CreateProcessWithLogonW : C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll @ 0x659237a0 (jmp 0xfffffffff3f0376a)

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 3er9z533.default : user_pref("browser.startup.homepage", "http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150302"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: LZT-128 ATA Device +++++
--- User ---
[MBR] 89459c5d4166289a81c8f79185aa802e
[BSP] 6c769be858a831c3a74394258cf29801 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_03242015_231402.log

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

Ad-Aware Antivirus and Microsoft Security Essentials?
Having more then 1 antivirus on your computer will cause a problem. Please uninstall one of your choice.

Also, please tell me what the computer is doing now?

removed this last week (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

cheers thank you

How is the computer now?

Let's run one more FRST scan to see if all traces of MSE are gone.



Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

Still need help?

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Ray at 2015-04-04 21:54:52
Running from C:\Users\Ray\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Spybot - Search and Destroy (Disabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{35CC81F8-F385-4B79-91A8-3163420F5D01}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
Ad-Aware Web Companion (Version: 1.1.894.1779 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AudioBox USB driver (HKLM\...\USB_AUDIO_DEusb-audio.depresonusAudioBoxUSB) (Version: - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.40.00(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Convert Genius v3.0 (HKLM\...\Convert Genius_is1) (Version: 3.0 - ACAUtilities, Inc.)
Desktop iCalendar Lite (HKLM\...\Desktop iCalendar Lite_is1) (Version: - Desksware, Inc.)
DVD Architect Studio 5.0 (HKLM\...\{E3D1078F-9660-11E2-9E28-F04DA23A5C58}) (Version: 5.0.178 - Sony)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Evidence Smart v3.8 (HKLM\...\Evidence Smart_is1) (Version: 3.8 - ACAUtilities, Inc.)
FFmpeg v0.6.2 for Audacity (HKLM\...\FFmpeg for Audacity_is1) (Version: - )
FileAlyzer 2 (HKLM\...\{29D3773E-54F4-23C2-D523-236A4453B845}_is1) (Version: 2.0.5.57 - Safer Networking Limited)
FormatFactory 3.3.5.0 (HKLM\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
LavasoftTcpService (Version: 2.3.3.0 - Lavasoft) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Studio Platinum 12.0 (HKLM\...\{6880D25E-9588-11E2-946C-F04DA23A5C58}) (Version: 12.0.895 - Sony)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MYOB AccountRight Plus v19.7 (HKLM\...\InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}) (Version: 19.7 - MYOB Technology Pty Ltd)
MYOB AccountRight Plus v19.7 (Version: 19.7 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v10 AUS (HKLM\...\InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.1.0 - MYOB Technology Pty Ltd)
MYOB ODBC Direct v10 AUS (Version: 10.1.0 - MYOB Technology Pty Ltd) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
PreSonus Studio One 2 (HKLM\...\PreSonus Studio One 2) (Version: 2.6.0.24200 - PreSonus Audio Electronics)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Recoveryer Ultimate Edition 2.5 (HKLM\...\Recoveryer Ultimate Edition_is1) (Version: - http://www.acautilities.com/rc/)
RegAlyzer (HKLM\...\{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1) (Version: 1.6.2.16 - Safer-Networking Ltd.)
Registry Easy v5.6 (HKLM\...\Registry Easy_is1) (Version: 5.6 - ACAUtilities, Inc.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Vocal Eraser (HKLM\...\Sony Vocal Eraser_is1) (Version: 1.00 - iZotope, Inc.)
Sound Forge Audio Studio 10.0 (HKLM\...\{75648F62-925B-11E2-B9EF-F04DA23A5C58}) (Version: 10.0.245 - Sony)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.14 - TOSHIBA)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Video Download Capture version 4.9.0 (HKLM\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.0 - APOWERSOFT LIMITED)
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VSDC Free Video Editor version 2.1.8.150 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.1.8.150 - Flash-Integro LLC)
Web Companion (HKLM\...\{6531A1EB-1C55-4577-964C-9140D918CB29}_WebCompanion) (Version: 1.1.894.1779 - Lavasoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2577715357-3074203239-3946342261-1001_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtExt.dll (TOSHIBA)

==================== Restore Points =========================

23-03-2015 00:56:55 Windows Backup
23-03-2015 12:47:33 Windows Update
27-03-2015 23:09:06 Windows Update
29-03-2015 12:10:12 Restore Point Created by FRST
29-03-2015 19:00:03 Windows Backup
01-04-2015 00:16:43 Windows Update
04-04-2015 09:58:34 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:04 - 2015-03-24 22:36 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {19B32017-B8B4-4AE8-9F32-5DF479BBDDD1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {29A94A78-9989-4AA9-849C-D0549AD3CC1E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-20] (Piriform Ltd)
Task: {3C3A5F8F-392A-44D7-B463-4BD79FFD09BE} - System32\Tasks\{01A379E2-0855-4A20-BA7A-287AC744EEE8} => pcalua.exe -a "C:\Program Files\Toshiba\Bluetooth Toshiba Stack\As0.exe" -d "C:\Program Files\Toshiba\Bluetooth Toshiba Stack" -c /MODE=0 /q
Task: {4EF50C74-FF7A-4DB7-8C71-5D4EDE709195} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8EC26925-9073-49E1-8F5F-FDC9E3097D37} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-22] (Adobe Systems Incorporated)
Task: {909D7733-86EA-4E37-B023-BE1C49ECEFB9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {9B828AB8-FDB6-4A71-BA7E-C35E05B03E27} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {C39E7B09-1360-414A-ACE2-CAF6ADE6D412} - System32\Tasks\{81E40D9F-EC32-43C1-8BF0-2091D72D5A30} => pcalua.exe -a "G:\DRIVERS and SOFTWARE PROGRAMS\DocuPrint M205b\fxdpm205bhb110210w2kcien.EXE" -d "G:\DRIVERS and SOFTWARE PROGRAMS\DocuPrint M205b"
Task: {D1EB0593-7D7C-403C-97E4-9D44BBDED797} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-10 18:49 - 2015-03-10 18:49 - 02563592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareShellExtension.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02423264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00110104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00022032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-02-18 22:31 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-18 22:31 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-18 22:31 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-10 18:49 - 2015-03-10 18:49 - 08216048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:49 - 2015-03-10 18:49 - 00048152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00090128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00029712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00405520 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 01632248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00870408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2015-02-23 13:02 - 2015-02-23 13:02 - 00072512 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-02-23 13:02 - 2015-02-23 13:02 - 00176488 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-02-23 13:02 - 2015-02-23 13:02 - 00046408 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-02-23 13:03 - 2015-02-23 13:03 - 00120152 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-02-18 22:31 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-10 18:47 - 2015-03-10 18:47 - 00670808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:49 - 2015-03-10 18:49 - 10575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00634896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00592896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00415760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00640512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00087536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00104944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00770064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00692768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00866304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00217600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00806408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00182280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00873480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 01019896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00030224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00769544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00897040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00194048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00711672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00677376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02370056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02667008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 01013768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00046616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00998408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00766960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00304632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02125840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00973304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00767480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00767480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00928280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2015-02-23 13:02 - 2015-02-23 13:02 - 00017768 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-02-23 13:02 - 2015-02-23 13:02 - 00012144 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-02-23 13:02 - 2015-02-23 13:02 - 00034152 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: IHProtect Service => 2
MSCONFIG\Services: nefuquko => 2
MSCONFIG\Services: serverjo => 2
MSCONFIG\Services: serversu => 2
MSCONFIG\Services: voxilyni => 2
MSCONFIG\Services: WindowsMangerProtect => 2

==================== Accounts: =============================

Administrator (S-1-5-21-2577715357-3074203239-3946342261-500 - Administrator - Disabled)
Guest (S-1-5-21-2577715357-3074203239-3946342261-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2577715357-3074203239-3946342261-1002 - Limited - Enabled)
Ray (S-1-5-21-2577715357-3074203239-3946342261-1001 - Administrator - Enabled) => C:\Users\Ray

==================== Faulty Device Manager Devices =============

Name: GT-N7000
Description: GT-N7000
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: SAMSUNG Electronics Co. Ltd.
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2015 09:53:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2015 09:22:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Desktop iCalendar Lite.exe, version: 2.0.0.290, time stamp: 0x51d7ac45
Faulting module name: mscorwks.dll, version: 2.0.50727.5485, time stamp: 0x53a121fa
Exception code: 0x80131506
Fault offset: 0x001c2812
Faulting process id: 0x%9
Faulting application start time: 0xDesktop iCalendar Lite.exe0
Faulting application path: Desktop iCalendar Lite.exe1
Faulting module path: Desktop iCalendar Lite.exe2
Report Id: Desktop iCalendar Lite.exe3

Error: (04/04/2015 09:22:52 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (6F032812) (80131506)

Error: (04/04/2015 09:52:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2015 00:30:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 08:36:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 00:57:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 00:11:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 09:49:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 06:28:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/04/2015 09:54:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (04/04/2015 09:54:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (04/04/2015 09:53:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (04/04/2015 09:53:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IE Search Set service to connect.

Error: (04/04/2015 09:53:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (04/04/2015 09:53:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (04/04/2015 09:52:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Media Center Extender Service service depends on the Remote Desktop Services service which failed to start because of the following error:
%%1058

Error: (04/04/2015 09:49:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/04/2015 09:52:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (04/04/2015 09:52:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.


Microsoft Office Sessions:
=========================
Error: (03/07/2015 00:32:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6428 seconds with 1080 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-04-01 01:11:52.273
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-30 11:00:01.639
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-30 10:00:00.988
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-29 19:00:01.541
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-28 00:00:01.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-27 23:43:38.049
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-27 23:11:25.689
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-27 22:58:52.533
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-27 22:33:38.430
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-26 18:19:01.801
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz
Percentage of memory in use: 34%
Total physical RAM: 3066.89 MB
Available physical RAM: 2017.8 MB
Total Pagefile: 6133.77 MB
Available Pagefile: 4954.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:39.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: D6B83A66)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Ray (administrator) on QOSMIO on 04-04-2015 21:54:25
Running from C:\Users\Ray\Desktop
Loaded Profiles: Ray (Available profiles: Ray)
Platform: Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Desksware) C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [8216048 2015-03-10] ()
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Run: [Desktop iCalendar Lite.exe] => C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe [1087232 2013-07-06] (Desksware)
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-20] (Piriform Ltd)
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1298752 2015-02-23] (Lavasoft)
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Policies\Explorer: [NoSaveSettings] 1
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Policies\Explorer: [link] 0x00000000
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\MountPoints2: {c3f238a3-49f1-11e3-bfb8-001eec3fd11f} - E:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150302
SearchScopes: HKU\S-1-5-21-2577715357-3074203239-3946342261-1001 -> DefaultScope {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_150302&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2577715357-3074203239-3946342261-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D030215-AE491287838034FE996F&form=CONBDF&conlogo=CT3331986&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2577715357-3074203239-3946342261-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_150302&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 48 C:\Windows\system32\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\3er9z533.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150302
FF NewTab: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150302
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-02-18] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [670808 2015-03-10] ()
R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-02-23] (Lavasoft Limited)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-02-23] ()
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [57216 2011-07-11] (TOSHIBA Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
S3 PRESONUS_AUDIOBOX_MIDI; C:\Windows\System32\drivers\psabusbm.sys [31864 2009-12-07] (Ploytec GmbH)
S3 PRESONUS_AUDIOBOX_USB; C:\Windows\System32\Drivers\psabusbu.sys [401016 2009-12-07] (Ploytec GmbH)
S3 PRESONUS_AUDIOBOX_WDM; C:\Windows\System32\drivers\psabusba.sys [40568 2009-12-07] (Ploytec GmbH)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [408280 2015-01-22] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 21:54 - 2015-04-04 21:54 - 00011656 _____ () C:\Users\Ray\Desktop\FRST.txt
2015-03-29 13:05 - 2015-03-29 13:05 - 00001969 _____ () C:\Users\Ray\Desktop\EsetThreatFound.txt
2015-03-29 12:22 - 2015-03-29 12:22 - 00000000 ____D () C:\Program Files\ESET
2015-03-24 23:24 - 2015-03-24 23:24 - 00002703 _____ () C:\Users\Ray\Desktop\RKreport_SCN_03242015_231402.log
2015-03-24 23:05 - 2015-04-01 01:06 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-24 23:05 - 2015-03-24 23:06 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-24 22:58 - 2015-03-24 23:03 - 16727128 _____ () C:\Users\Ray\Desktop\RogueKiller.exe
2015-03-24 22:13 - 2015-03-24 22:13 - 01135104 _____ (Farbar) C:\Users\Ray\Desktop\FRST.exe
2015-03-22 12:19 - 2015-03-22 12:22 - 00000000 ____D () C:\Users\Ray\Documents\1FITNESS
2015-03-17 12:48 - 2015-03-17 12:48 - 00000529 _____ () C:\Users\Ray\Desktop\aswMBR.txt
2015-03-17 12:11 - 2015-04-04 21:54 - 00000000 ____D () C:\FRST
2015-03-17 12:08 - 2015-03-17 12:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-QOSMIO-Windows-7-Home-Premium-(32-bit).dat
2015-03-17 12:07 - 2015-03-17 12:07 - 00000000 ____D () C:\RegBackup
2015-03-17 11:59 - 2015-03-17 11:59 - 00002185 _____ () C:\Users\Ray\Desktop\Tweaking.com - Registry Backup.lnk
2015-03-17 11:59 - 2015-03-17 11:59 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-17 11:59 - 2015-03-17 11:59 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-03-14 19:03 - 2015-04-04 21:51 - 00001456 _____ () C:\Windows\setupact.log
2015-03-14 19:03 - 2015-03-14 19:03 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-14 19:02 - 2015-03-24 22:39 - 00004920 _____ () C:\Windows\PFRO.log
2015-03-14 18:00 - 2015-03-14 18:00 - 00000000 ____D () C:\CrimeWatch
2015-03-14 16:51 - 2015-03-14 16:51 - 00000000 ____D () C:\Users\Ray\AppData\Local\CrimeWatch
2015-03-14 16:50 - 2015-03-14 16:50 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-14 16:50 - 2015-03-14 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-14 16:50 - 2015-03-14 16:50 - 00000000 ____D () C:\Program Files\VideoLAN
2015-03-14 16:37 - 2015-03-14 16:37 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\omniboxes
2015-03-14 08:24 - 2015-03-14 08:24 - 00000000 ____D () C:\Users\Ray\Documents\TagsRevisited
2015-03-13 18:26 - 2015-02-24 13:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-13 18:26 - 2015-02-21 11:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 18:26 - 2015-02-21 11:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-13 18:26 - 2015-02-21 11:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 18:26 - 2015-02-21 10:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 18:26 - 2015-02-20 13:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-13 18:26 - 2015-02-20 13:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-13 18:26 - 2015-02-20 13:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-13 18:26 - 2015-02-20 13:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-13 18:26 - 2015-02-20 13:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-13 18:26 - 2015-02-20 13:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 18:26 - 2015-02-20 13:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-13 18:26 - 2015-02-20 13:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-13 18:26 - 2015-02-20 12:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-13 18:26 - 2015-02-20 12:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-13 18:26 - 2015-02-20 12:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-13 18:26 - 2015-02-20 12:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-13 18:26 - 2015-02-20 12:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-13 18:26 - 2015-02-20 12:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-13 18:26 - 2015-02-20 12:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-13 18:26 - 2015-02-20 12:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 18:26 - 2015-02-20 12:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 18:26 - 2015-02-20 12:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-13 18:26 - 2015-02-20 12:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-13 18:26 - 2015-02-20 12:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 18:26 - 2015-02-20 11:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 18:26 - 2015-02-20 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-13 18:25 - 2015-02-21 11:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 18:25 - 2015-02-20 13:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 18:25 - 2015-02-20 12:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 18:22 - 2015-02-13 16:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 18:22 - 2015-02-03 14:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 18:22 - 2015-01-17 13:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 18:21 - 2015-02-26 14:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 18:17 - 2015-02-03 14:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 18:16 - 2015-03-06 16:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-13 18:16 - 2015-03-06 16:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-13 18:16 - 2015-03-06 16:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-13 18:16 - 2015-03-06 16:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-13 18:16 - 2015-03-06 16:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-13 18:16 - 2015-03-06 16:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-13 18:16 - 2015-03-06 16:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-13 18:16 - 2015-03-06 16:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-13 18:16 - 2015-02-20 15:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-13 18:16 - 2015-02-20 15:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 18:16 - 2015-02-20 15:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-13 18:16 - 2015-02-20 15:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-13 18:16 - 2015-02-20 14:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 18:16 - 2015-02-04 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 18:15 - 2015-02-03 14:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-13 18:15 - 2015-02-03 14:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 18:15 - 2015-02-03 14:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-13 18:15 - 2015-02-03 14:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 18:15 - 2015-02-03 14:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-13 18:15 - 2015-02-03 14:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-13 18:15 - 2015-02-03 14:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-13 18:15 - 2015-02-03 14:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-13 18:15 - 2015-02-03 14:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-13 18:15 - 2015-02-03 14:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-13 18:15 - 2015-02-03 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-13 18:15 - 2015-02-03 14:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-13 18:15 - 2015-02-03 13:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-13 18:15 - 2015-01-31 10:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-13 18:15 - 2014-11-01 09:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-13 18:15 - 2014-06-28 11:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-13 18:15 - 2014-06-28 11:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 07:52 - 2015-03-11 07:52 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 21:53 - 2015-03-03 00:53 - 00002321 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-04-04 21:52 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 21:49 - 2013-11-11 15:55 - 01530301 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 21:44 - 2015-02-17 23:12 - 00000000 ____D () C:\Users\Ray\Documents\VViruuus info
2015-04-04 21:22 - 2015-02-17 20:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-04 10:00 - 2009-07-14 15:34 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 10:00 - 2009-07-14 15:34 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 09:59 - 2010-11-21 08:01 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 04:50 - 2014-10-31 09:18 - 00000000 ____D () C:\Users\Ray\Documents\ABORIGINAL INFORATION
2015-04-01 01:05 - 2013-11-27 22:42 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\vlc
2015-04-01 00:54 - 2014-11-11 02:19 - 00000000 ____D () C:\Program Files\Registry Easy
2015-03-30 11:15 - 2014-11-11 02:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-30 10:43 - 2013-11-10 23:28 - 00000000 ____D () C:\Plus19
2015-03-30 09:49 - 2013-11-10 23:00 - 00000204 _____ () C:\Windows\MYOBP.INI
2015-03-30 09:49 - 2013-11-10 23:00 - 00000039 _____ () C:\Windows\MYOB.INI
2015-03-29 17:34 - 2013-11-19 11:29 - 00000000 ____D () C:\Users\Ray\Documents\SEA RAY INVOICES
2015-03-29 12:01 - 2013-01-12 16:18 - 00000000 _____ () C:\sparkraw.log
2015-03-24 21:35 - 2013-11-23 23:37 - 00000000 ____D () C:\Program Files\KEEPASS
2015-03-24 21:03 - 2013-11-10 22:07 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-22 10:28 - 2014-06-17 01:25 - 00000000 ____D () C:\Users\Ray\AppData\Local\Adobe
2015-03-22 10:16 - 2013-11-11 13:10 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-22 10:16 - 2013-11-11 13:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-16 13:24 - 2009-07-14 15:53 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-14 19:30 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\rescache
2015-03-14 18:24 - 2015-03-04 17:23 - 00000000 ____D () C:\Users\Ray\Documents\CCleaner reg backup
2015-03-14 17:57 - 2015-02-21 22:36 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-14 17:57 - 2015-02-21 22:36 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-14 16:37 - 2013-11-10 20:58 - 00001306 _____ () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-14 16:31 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\Resources
2015-03-14 16:12 - 2015-02-09 12:34 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-14 16:11 - 2013-11-18 23:19 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Audacity
2015-03-14 08:45 - 2009-07-14 15:33 - 00406048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-14 08:16 - 2013-11-12 23:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-13 21:11 - 2013-11-12 23:34 - 00000000 ____D () C:\Users\Ray\Documents\Netbank receipts Bank Statements
2015-03-11 08:09 - 2015-03-03 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

==================== Files in the root of some directories =======

2014-09-22 12:46 - 2014-09-22 12:46 - 0004454 _____ () C:\Users\Ray\AppData\Local\recently-used.xbel
2014-09-14 17:38 - 2015-02-27 23:15 - 0007667 _____ () C:\Users\Ray\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Ray\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-29 10:19

==================== End Of Log ============================

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2577715357-3074203239-3946342261-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D030215-AE491287838034FE996F&form=CONBDF&conlogo=CT3331986&q={searchTerms}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
C:\Users\Ray\AppData\Roaming\omniboxes
C:\Users\Ray\AppData\Local\Temp\dllnt_dump.dll
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~`

Please open Malwarebytes Anti-Malware

Click on Update Now to download the current database definitions, then click the Scan Now >> button.
If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
You will be prompted to update Malwarebytes...click on the Update Now button.
The THREAT SCAN will automatically begin.
When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
After rebooting the computer, copy and paste the mbam.log in your next reply.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

Open Malwarebytes Anti-Malware.
Click the History Tab at the top and select Application Logs.
Select (check) the box next to Scan Log. Choose the most current scan.
Click the View button.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

Open Malwarebytes Anti-Malware.
Click the Scan Tab at the top.
Click the View detailed log link on the right.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

Please post these 2 logs when finished.

I need to know how your computer is now.

Hi Jules omniboxes is still the default browser toolbox when I open IE from the windows start menu other than that It is running :laugh:twice as fast as usual!
-----------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 07/04/2015
Scan Time: 10:53:32 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.04.07.02
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Ray

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304936
Time Elapsed: 4 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [01bd91d8b6d4171fd8bbb907f90aa060],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [fdc1a2c79ded7abc583ac9f7c63dff01],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [2599d5940d7df640ace4358bb94ad22e],
PUP.Optional.Iminent.A, HKU\S-1-5-21-2577715357-3074203239-3946342261-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [5569195032586bcbc40016a6857e9d63],
PUP.Optional.Iminent.A, HKU\S-1-5-21-2577715357-3074203239-3946342261-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [0eb0ea7f612939fda71e8933da29d030],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2577715357-3074203239-3946342261-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, Quarantined, [4e7075f4820806302b9b3f7da45fca36],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-2577715357-3074203239-3946342261-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarantined, [edd17aefaddd3bfb3592fac2dc27af51],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2577715357-3074203239-3946342261-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [f1cd58118bff58de9c2cdce0a063ab55],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2577715357-3074203239-3946342261-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, Quarantined, [378771f8fc8ef73fc3ce2d93fd06738d],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


-----------------------------------------------------------------------------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Ray at 2015-04-07 22:25:50 Run:4
Running from C:\Users\Ray\Desktop
Loaded Profiles: Ray (Available profiles: Ray)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2577715357-3074203239-3946342261-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D030215-AE491287838034FE996F&form=CONBDF&conlogo=CT3331986&q={searchTerms}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
C:\Users\Ray\AppData\Roaming\omniboxes
C:\Users\Ray\AppData\Local\Temp\dllnt_dump.dll
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
C:\Users\Ray\AppData\Roaming\omniboxes => Moved successfully.
C:\Users\Ray\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
EmptyTemp: => Removed 221.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:26:07 ====

Instructions on how to backup your Favorites/Bookmarks and other data can be found below.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Backup Internet Explorer Favorites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)

Proceed with the reset once done.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)

~~~~~~~~~~~~~~`

Shortcut Cleaner

Please download Shortcut Cleaner from the link below and save it to your Desktop.


Download Mirror #1 (http://www.bleepingcomputer.com/download/shortcut-cleaner/)

Double-click sc-cleaner.exe to run it.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Shortcut Cleaner 1.3.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 04/08/2015 10:54:57 AM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Great omniboxes is gone I have my favourites and IE IS DEFAULTED ***********************:):):):):) cheers all round thanks Jules

-----------------------------------------------------------------------------

Searching C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Ray\Desktop


0 bad shortcuts found.

Program finished at: 04/08/2015 10:54:58 AM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)

Thats good news.

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix)
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools


Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~~`


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.


Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.

:rolleyes: Heaven now Jules

Glad we could help :)

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.