Spring files

Status
Not open for further replies.
R

rudebadger

New member
Hi I have managed to download spring files & wajam. My home page was changed & when opening a new tab my browser cycled through numerous pages before settling on one. I also find that when I click normally links on websites I normally a new tab opens which is then instantly blocked by firefox.

I have run superantispyware which a PUP, still had the same problems so ran it again but it came back with no results. Then ran malwarebytes which removed a second, but still had the same problems so ran it again with no results. Finally I have run ESET online scanner which removed wajam, but the problems are still unresolved.

I hope someone can help with resolving these problems, here are my FRST & aswMBR logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-10-2015
Ran by Ollie (administrator) on GAMING-PC (17-10-2015 04:19:40)
Running from C:\Springclean
Loaded Profiles: Ollie (Available Profiles: Ollie & Lisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(MY.COM B.V.) C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe
(Edimax Technology Co.) C:\Program Files (x86)\Edimax\Common\RaUI.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\CorsTra.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-08-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2014-08-05] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-06] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-22] (Apple Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-07-12] (Apple Inc.)
HKLM-x32\...\Run: [Corsair Duke] => C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe [1771520 2013-08-15] (Corsair Components Inc)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Corsair M65 Mouse] => C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe [1766912 2013-08-15] (Corsair Components Inc)
HKLM-x32\...\Run: [Corsair Gaming Headset Software] => C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe [2918152 2014-08-18] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2015-07-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7777560 2014-11-13] (SUPERAntiSpyware)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2901584 2015-10-16] (Valve Corporation)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-30] (Safer-Networking Ltd.)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [MyComGames] => C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe [4222408 2015-10-17] (MY.COM B.V.)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MountPoints2: {5eeb5042-52a5-11e3-9e7f-902b3498c9e3} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MountPoints2: {f8046c24-548b-11e4-a3ba-902b3498c9e3} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk [2012-11-09]
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3501653021-3640964384-1111194576-1000] => hxxp://get-access.me/wpad.dat?78a8af66cfad197e51123a91d81d7e43804347
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{023BED95-0A6C-4A68-8987-05741C533FF6}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://uk.yahoo.com?fr=fp-comodo
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\yv073wfk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-25] (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3501653021-3640964384-1111194576-1000: @my.com/Games -> C:\Users\Ollie\AppData\Local\MyComGames\NPMyComDetector.dll [2015-10-01] (My.com, Inc)
FF Extension: Avira Browser Safety - C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\yv073wfk.default\Extensions\abs@avira.com [2015-09-17]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-07-12] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-07] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-06] (COMODO)
S3 DAUpdaterSvc; C:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2015-07-02] () [File not signed] <==== ATTENTION
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-10-06] (Futuremark)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72280 2010-09-07] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-17] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-17] (Malwarebytes)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
R3 CORK70; C:\Windows\System32\drivers\CORK70.sys [25600 2012-10-31] ( )
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
S3 DUKEMS; C:\Windows\System32\drivers\DUKEMS.sys [25600 2012-08-16] ( )
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-02] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-17] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-17] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SnakeEyes; C:\Windows\System32\drivers\SnakeEyes.sys [25600 2012-09-05] ( )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-17 04:18 - 2015-10-17 04:19 - 00000000 ____D C:\FRST
2015-10-17 04:16 - 2015-10-17 04:19 - 00000000 ____D C:\Springclean
2015-10-17 04:15 - 2015-10-17 04:15 - 00000207 _____ C:\Windows\tweaking.com-regbackup-GAMING-PC-Windows-7-Home-Premium-(64-bit).dat
2015-10-17 04:15 - 2015-10-17 04:15 - 00000000 ____D C:\RegBackup
2015-10-17 04:14 - 2015-10-17 04:14 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-10-17 04:14 - 2015-10-17 04:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-17 04:14 - 2015-10-17 04:14 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-17 04:13 - 2015-10-17 04:13 - 04777232 _____ (Tweaking.com) C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe
2015-10-17 03:50 - 2015-10-17 03:50 - 10357568 _____ (SurfRight B.V.) C:\Users\Ollie\Downloads\HitmanPro.exe
2015-10-17 02:56 - 2015-10-17 02:56 - 02870984 _____ (ESET) C:\Users\Ollie\Downloads\esetsmartinstaller_enu.exe
2015-10-17 02:56 - 2015-10-17 02:56 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-17 02:22 - 2015-10-17 02:22 - 22908888 _____ (Malwarebytes ) C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-17 02:22 - 2015-10-17 02:22 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-17 02:22 - 2015-10-17 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-17 02:22 - 2015-10-17 02:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-17 02:15 - 2015-10-17 02:15 - 01682432 _____ C:\Users\Ollie\Downloads\adwcleaner_5.013.exe
2015-10-17 01:52 - 2015-10-17 01:53 - 00000874 _____ C:\AdwCleaner[S5].txt
2015-10-17 01:39 - 2015-10-17 01:39 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\SpringFiles
2015-10-16 00:26 - 2015-10-17 02:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-13 20:38 - 2015-10-13 20:38 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 20:38 - 2015-10-13 20:38 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-13 20:38 - 2015-10-13 20:38 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 20:38 - 2015-09-16 05:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-13 20:38 - 2015-09-16 05:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-13 20:38 - 2015-09-16 04:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-13 20:38 - 2015-09-16 04:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-13 20:37 - 2015-10-13 20:37 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-13 20:37 - 2015-10-13 20:37 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-13 20:37 - 2015-10-13 20:37 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 20:37 - 2015-10-13 20:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 20:37 - 2015-10-13 20:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 20:37 - 2015-10-13 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-10 12:33 - 2015-10-10 12:33 - 00000812 _____ C:\AdwCleaner[S4].txt
2015-10-06 18:23 - 2015-10-06 18:23 - 00000022 _____ C:\Windows\GPU-Z.INI
2015-10-06 18:22 - 2015-10-06 18:22 - 00000000 ____D C:\Program Files (x86)\Futuremark
2015-10-06 18:21 - 2015-10-06 18:23 - 00000000 ____D C:\Users\Ollie\Documents\3DMark 11
2015-10-06 18:21 - 2015-10-06 18:21 - 02883584 _____ C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi
2015-10-06 18:21 - 2015-10-06 18:21 - 00000000 ____D C:\Users\Ollie\AppData\Local\IsolatedStorage
2015-10-06 18:21 - 2015-10-06 18:21 - 00000000 ____D C:\Users\Ollie\AppData\Local\Futuremark
2015-10-06 18:11 - 2015-10-06 18:11 - 00001227 _____ C:\Users\Public\Desktop\3DMark 11.lnk
2015-10-06 18:11 - 2015-10-06 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2015-10-06 18:11 - 2015-10-06 18:11 - 00000000 ____D C:\Program Files\Futuremark
2015-10-06 18:05 - 2015-10-06 18:08 - 271860249 _____ C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip
2015-10-06 18:04 - 2015-10-06 18:05 - 12261072 _____ (Novawave Inc. ) C:\Users\Ollie\Downloads\novabench3.exe
2015-10-05 23:30 - 2015-10-05 23:30 - 01199856 _____ ( ) C:\Users\Ollie\Downloads\hwmonitor_1.28.exe
2015-10-05 23:30 - 2015-10-05 23:30 - 00000930 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2015-10-05 23:30 - 2015-10-05 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-10-05 23:30 - 2015-10-05 23:30 - 00000000 ____D C:\Program Files\CPUID
2015-10-02 22:04 - 2015-10-02 22:06 - 300806184 _____ (AMD Inc.) C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe
2015-10-02 21:57 - 2015-10-02 21:57 - 04288048 _____ C:\Users\Ollie\Downloads\memtest86-iso.zip
2015-10-02 00:54 - 2015-10-02 06:50 - 00000137 _____ C:\Users\Ollie\Desktop\Armored Warfare Open Beta.url
2015-10-02 00:54 - 2015-10-02 00:54 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta
2015-10-01 00:06 - 2015-10-01 00:06 - 00002017 _____ C:\Users\Ollie\Desktop\My.com Game Center.lnk
2015-10-01 00:06 - 2015-10-01 00:06 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2015-10-01 00:05 - 2015-10-17 03:44 - 00000000 ____D C:\Users\Ollie\AppData\Local\MyComGames
2015-10-01 00:05 - 2015-10-01 00:05 - 05481456 _____ (MY.COM B.V.) C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe
2015-09-17 00:13 - 2015-09-17 01:31 - 00000000 ____D C:\Users\Ollie\Documents\Mount&Blade Warband Savegames
2015-09-17 00:12 - 2015-09-17 00:13 - 00000000 ____D C:\Users\Ollie\Documents\Mount&Blade Warband
2015-09-17 00:12 - 2015-09-17 00:13 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Mount&Blade Warband

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-17 04:17 - 2015-04-21 10:26 - 01820138 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-10-17 04:17 - 2014-04-12 13:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-17 04:14 - 2015-03-30 19:20 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2015-10-17 03:59 - 2013-06-02 23:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-17 03:52 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-17 03:52 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-17 03:50 - 2009-07-14 06:13 - 00159100 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-17 03:47 - 2012-11-09 17:45 - 01802332 _____ C:\Windows\WindowsUpdate.log
2015-10-17 03:45 - 2013-06-13 20:27 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-17 03:44 - 2015-05-02 00:44 - 00019461 _____ C:\Windows\setupact.log
2015-10-17 03:44 - 2013-08-03 00:23 - 00000000 ____D C:\Users\Ollie\AppData\Local\HTC MediaHub
2015-10-17 03:44 - 2012-11-10 18:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-17 03:44 - 2012-11-09 18:23 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-10-17 03:44 - 2012-11-09 17:55 - 00000144 _____ C:\service.log
2015-10-17 03:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-17 02:34 - 2010-11-21 04:47 - 00423058 _____ C:\Windows\PFRO.log
2015-10-17 02:15 - 2015-08-06 20:04 - 00000000 ____D C:\AdwCleaner
2015-10-17 02:12 - 2014-11-18 01:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 01:39 - 2014-11-18 01:21 - 00001255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-17 01:39 - 2014-11-18 01:21 - 00001243 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-17 01:39 - 2012-11-09 17:45 - 00001509 _____ C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-16 22:59 - 2013-06-02 23:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-16 22:59 - 2012-11-10 01:52 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-16 22:59 - 2012-11-10 01:52 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 00:05 - 2013-08-15 02:01 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 00:03 - 2012-11-10 17:17 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-13 20:29 - 2015-07-17 22:36 - 00066544 _____ C:\Users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-13 20:29 - 2015-07-17 22:36 - 00000000 ____D C:\Users\Lisa\AppData\Local\HTC MediaHub
2015-10-11 16:24 - 2015-04-25 19:58 - 00000057 _____ C:\Users\Ollie\Desktop\cooling.txt
2015-10-10 17:05 - 2014-10-21 22:37 - 00001664 _____ C:\Users\Ollie\Desktop\details.txt
2015-10-09 23:33 - 2015-02-21 17:55 - 00000000 ____D C:\Users\Ollie\AppData\Local\Steam
2015-10-06 18:11 - 2012-11-09 20:10 - 00496911 _____ C:\Windows\DirectX.log
2015-10-06 18:10 - 2014-08-05 15:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-05 21:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2012-12-19 23:21 - 2012-12-19 23:21 - 0000111 _____ () C:\Users\Ollie\AppData\Roaming\adu.xml
2014-08-05 17:40 - 2014-08-05 17:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Ollie\AppData\Local\Temp\rootsupd.exe
C:\Users\Ollie\AppData\Local\Temp\sqlite3.dll
C:\Users\Ollie\AppData\Local\Temp\_isD806.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-11 15:48

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-10-2015
Ran by Ollie (2015-10-17 04:20:19)
Running from C:\Springclean
Windows 7 Home Premium Service Pack 1 (X64) (2012-11-09 16:45:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3501653021-3640964384-1111194576-500 - Administrator - Disabled)
Guest (S-1-5-21-3501653021-3640964384-1111194576-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3501653021-3640964384-1111194576-1002 - Limited - Enabled)
Lisa (S-1-5-21-3501653021-3640964384-1111194576-1009 - Limited - Enabled) => C:\Users\Lisa
Ollie (S-1-5-21-3501653021-3640964384-1111194576-1000 - Administrator - Enabled) => C:\Users\Ollie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE)
3DMark 11 (HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
7-Zip 15.06 beta (HKLM-x32\...\7-Zip) (Version: 15.06 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Armored Warfare MyCom Beta (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Armored Warfare MyCom Beta) (Version: 1.45 - My.com B.V.)
Aslain's XVM WoT Modpack version 4.6.8 (HKLM-x32\...\ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1) (Version: 4.6.8 - Aslain)
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)
Corsair Gaming Headset Software (HKLM-x32\...\{6118E939-08B6-4180-8B5B-97836617813B}) (Version: 2.0.35 - Corsair)
Corsair K70 Firmware Update Application (HKLM-x32\...\{8C9DA353-2101-4658-BAA7-53F88EA0D3AB}_is1) (Version: - )
Corsair M65 Firmware Update Application (HKLM-x32\...\{29484F2D-404A-4EF6-B774-DF5EC5BDF481}_is1) (Version: - )
Corsair M65 Gaming Mouse Driver V1.0 (HKLM-x32\...\{62CC0366-207F-4BC3-97B1-4D4615B5BF0B}_is1) (Version: 1.00.00.11 - )
Corsair M95 Firmware Update Application (HKLM-x32\...\{4E44154D-0699-4D6C-996F-66D47B9A40D2}_is1) (Version: - )
Corsair M95 Gaming Mouse Driver V1.0 (HKLM-x32\...\{9C9EA6B0-2138-4111-BF26-9D0D40D12C0F}_is1) (Version: 1.00.00.14 - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox Development Studio)
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version: - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
Easy Tune 6 B12.0509.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.0509.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.1214.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Edimax RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.5.0 - Edimax)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{185D7B00-8600-4716-A619-D8CBE689974B}) (Version: 4.40.560.0 - Futuremark)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.63.1 - GIGABYTE Technologies, Inc.)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.46.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
Mount & Blade (HKLM-x32\...\Steam App 22100) (Version: - TaleWorlds Entertainment)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version: - TaleWorlds Entertainment)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My.com Game Center (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MyComGames) (Version: 3.147 - My.com B.V.)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version: - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic Entertainment)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
World of Tanks (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warships (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

11-10-2015 21:07:35 Windows Backup
14-10-2015 00:00:31 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-07-30 20:46 - 00450892 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 15469 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21FD3B25-29C2-447F-93CA-F418B38D494D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
Task: {2AE452DD-7663-4C08-86D9-150C6FD9B29D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {3FACD55F-1894-47BD-ADAA-04DFE5A5BCFD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {4DA682FB-99CB-4AEA-AF79-8060720E11A4} - System32\Tasks\{F792DE50-AA36-4F10-8148-9E7EF9D76636} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {73C1E663-DBDF-45F2-BAE0-A9C921E39E62} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {99146579-3923-4B7C-B229-3DA59088957D} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {B3390CAB-97E0-4E55-B694-1DEB10AD59E3} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-06] (COMODO)
Task: {C1F54412-F95F-4A06-B8BF-CEA4B74277EE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-10 13:49 - 2011-01-10 13:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2012-11-09 17:55 - 2009-08-24 15:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2015-07-02 22:54 - 2015-07-02 22:54 - 01048576 _____ () C:\Program Files (x86)\Everything\Everything.exe
2012-11-09 18:01 - 2010-09-07 10:46 - 00072280 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
2013-08-03 00:22 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-04-15 17:39 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2013-08-01 20:33 - 2013-08-01 20:33 - 00169312 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2012-11-09 17:55 - 2009-03-13 12:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2013-08-01 20:31 - 2013-08-01 20:31 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-08-01 20:33 - 2013-08-01 20:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-08-01 20:40 - 2013-08-01 20:40 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00144896 _____ () C:\Users\Ollie\AppData\Local\MyComGames\zlib1.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00062464 _____ () C:\Users\Ollie\AppData\Local\MyComGames\pxd.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00179144 _____ () C:\Users\Ollie\AppData\Local\MyComGames\LightUpdate.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 02419488 _____ () C:\Users\Ollie\AppData\Local\MyComGames\BigUp2.dll
2015-08-26 10:18 - 2015-08-26 10:18 - 50425344 _____ () C:\Users\Ollie\AppData\Local\MyComGames\Chrome\3.2454.1317\libcef.dll
2012-11-09 18:28 - 2009-10-07 02:35 - 00901120 _____ () C:\Program Files (x86)\Edimax\Common\RaWLAPI.dll
2013-11-14 23:51 - 2013-05-26 15:40 - 00054272 _____ () C:\Program Files (x86)\Corsair\M95 Mouse\hidGetKey.dll
2014-12-28 18:42 - 2012-05-14 13:41 - 00043008 _____ () C:\Program Files (x86)\Corsair\M65 Mouse\hidGetKey.dll
2013-05-06 17:05 - 2015-10-09 23:33 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-07-01 22:21 - 2015-10-16 22:34 - 02423376 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-06-06 14:06 - 2015-10-16 22:34 - 00705104 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 16:57 - 2015-10-16 22:34 - 00193024 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2013-03-26 16:16 - 2015-10-08 23:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-19 21:59 - 2015-10-09 23:33 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdave64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdhcp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdmantle64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdmmcl6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdocl_as64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdocl_ld64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdpcom64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiadlxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiapfxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atibtmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticalcl64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticaldd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticalrt64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticfx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atidemgy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atidxx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atieclxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiesrxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atig6pxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atig6txx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atimpc64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atimuixx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atio6axx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ATIODCLI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ATIODE.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atisamu64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atitmm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiu9p64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiumd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiumd6a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiuxp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clinfo.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\coinst_14.50.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mantle64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mantleaxl64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenVideo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OVDecode64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdave32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdhcp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdmantle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdmmcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl_as32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl_ld32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdpcom32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiadlxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticalcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticaldd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticalrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticfx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atidxx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atigktxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atimpc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atioglxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atisamu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiu9pag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiumdag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiumdva.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiuxpag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mantle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mantleaxl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenVideo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OVDecode.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\amdacpksd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ati2erec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys.bak:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys.bak:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\autodetectutility.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\autodetectutility.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\Display Driver Uninstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\11713829_1223641617661299_793691498209012780_o.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\11713829_1223641617661299_793691498209012780_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\7z1506.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\7z1506.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\adwcleaner_5.013.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\adwcleaner_5.013.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Aslains_XVM_WoT_Modpack_Installer_v.4.6.8_910.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Aslains_XVM_WoT_Modpack_Installer_v.4.6.8_910.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\esetsmartinstaller_enu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\esetsmartinstaller_enu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\HitmanPro.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\HitmanPro.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\hwmonitor_1.28.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\hwmonitor_1.28.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\memtest86-iso.zip:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\memtest86-iso.zip:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\novabench3.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\novabench3.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\template.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\template.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoT_internet_install_eu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoT_internet_install_eu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoWS_internet_install_eu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoWS_internet_install_eu.exe:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 15753 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{57693123-6D81-46F1-A29B-103A8316E953}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2D61947-CAAD-42E6-A1B8-CDF82AF738E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EBCF617F-C492-448B-999A-A3A5844F0E06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7F56CF5A-97AA-42E1-8D0D-1449B76DE4FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{073DFCF0-9ED0-4697-8575-3F8EF5288D1C}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{2BEFBC93-C3B9-4AE5-8B4A-8A3313F8E349}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{7BB94A60-90C9-42DD-B8CE-5BD16827DAE2}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{F515A6CB-144F-4EAE-AF36-D0AD592FB656}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{B98CEFF2-7C68-4FD7-BD29-3790DA99F7D8}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{A76D94D3-DAC7-434F-A912-06FDFF7FC774}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{0DA5898E-0431-4826-A40E-89F18F20D94D}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{DE42BB9A-911F-44F5-B4EE-E42122737169}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{9419282F-AAF2-477F-872B-79EC07E6036A}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{B8E732A2-36CC-4006-8AE7-333546D71017}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{B9DECAD9-B37A-4B88-BA9F-714FE6F5E80F}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{CB4DAA4C-C6F2-46B4-8507-95E95EAA86A2}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{5D2BFE37-EDB7-425E-BAB7-FACC4CB62731}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{CEB19D6D-7926-4B1A-BDC7-D004D0269E3B}] => (Allow) C:\Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{EB9C7AA2-1FB6-492F-A16A-79C7F8924DBD}] => (Allow) C:\Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{6C70A579-A7B5-4B3F-9F4B-3447D62338AA}] => (Allow) C:\Games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{7373ADBF-766D-4311-A551-A4394298A08A}] => (Allow) C:\Games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{B2FA87E4-B840-430B-AC2A-03AF545A3923}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{4A5985A9-48CC-4C5F-8375-B9994F4FB513}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{29484216-7ED3-43B7-8B33-491586C04BA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A4AD10BE-9F9D-4269-9512-A7D7BA8DB95E}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{4DB5D3D0-3D67-4366-8623-623D3546C952}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{99409EE6-9421-4ABF-9664-0EC0859783CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7D406204-5B22-458E-858D-C7932BE225EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C1552EF1-8A93-41E5-9971-B99AE37CFE43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{4ADE1AE1-853C-4DD5-B122-72766D01D087}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{1116679B-E214-4A35-9AEF-F20E714CDF90}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{457A1534-EC97-4D86-879B-D1CD6C063DB7}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{CA9F1D8F-3975-4FBC-A10C-06A235CAA980}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{5799148E-0D9D-492C-B727-C36BB7F3C1B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF29EA24-D5F9-404A-A9D0-2261D490EB42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{42EA9344-B558-4156-BF3F-61E2D8B6944D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6539B8FD-4C7E-466D-9B01-7DFACE2298C9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A737F16D-97CA-4E74-A822-1609AD4403B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{25D9FEB8-19DE-4EBA-9B82-F040D52A6FD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{373E1A11-BD53-4EE1-897B-208B88A47542}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{CBEBAAEA-FA68-4F34-A1A8-A6F72B81794A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{ABDB5590-65E8-48EE-A5CC-9B9551BDD2D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{56742189-4528-4262-89E7-32B844C978EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{089EE90C-4194-45C3-BC1C-30BEC35ED335}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F1F63541-C8CB-4EDD-A100-3A31C55BC1D7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{29F53783-B4AC-47A5-9AD7-77FC64CCC00E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{FE627920-BF0F-4AC9-A32D-6AF150A3C4C5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{0714BF63-3AC9-482C-A9C2-52A3417E87AB}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe
FirewallRules: [{F55318D7-4D13-4319-90DD-AC04F8C3B7D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{494014B9-8EA9-4541-9DD1-B13691A6FC01}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72EB2A00-0609-42CF-BE11-9E23C1EFEBD0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E27046DC-4BB7-40BA-A751-A177DECBB3D5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0F05D2A5-8D75-45E1-BDE8-60C36A04D5FC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D149B3BC-CB0A-4B9B-BB23-E74022673DD2}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{90C78A4E-7182-413F-8FC8-F38CC5B0A4C9}] => (Allow) E:\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{17C7B4BE-10DF-45D4-9C9D-563A864BBF61}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{96B1012E-C482-498B-BEF2-29361399D73C}] => (Allow) E:\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{FA4444DB-2D0B-420C-A84A-97E7E3D1D0EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{0BBB55CE-C27E-40B5-ADF0-CC8B2D5687A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{00511F78-33DB-4A77-9F3D-729BEC001482}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{FF2BB3D8-7FB3-47A9-BFC4-DF9D247154F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{23A3F365-2D78-4926-983C-BE1CEC56B3D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{D0C0D638-3339-4F3A-B85E-3CA9F6CE2D7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{A7968FAC-2277-4DB8-97E8-7C2BBA91DEB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{E3B34F64-938E-4087-A52B-CDC020F56CA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{DE6975F5-AA8C-4591-AC76-DF7B8FBC055D}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{32BEAC66-AE96-4761-AFC8-98ED94A53912}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{93CA2B2F-42A8-410B-9A4B-9434A2C656EA}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{640E0CCF-0CA2-40C3-89D8-3BA6AA576A6D}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2015 04:14:07 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/17/2015 03:44:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2015 02:56:48 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/17/2015 02:34:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2015 02:12:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2015 10:34:36 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to copy new service file to temp location

Error: (10/16/2015 10:32:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2015 09:55:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/14/2015 09:03:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 41.0.1.5750 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14e8

Start Time: 01d106b4f049beef

Termination Time: 137

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 8f4b2e1f-72ae-11e5-9051-902b3498c9e3

Error: (10/14/2015 08:16:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/17/2015 03:42:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/17/2015 03:42:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/17/2015 03:42:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/17/2015 03:42:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/17/2015 03:42:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/17/2015 03:42:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/17/2015 03:42:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/17/2015 03:42:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/17/2015 03:42:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/17/2015 03:42:10 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


==================== Memory info ===========================

Processor: AMD FX(tm)-8120 Eight-Core Processor
Percentage of memory in use: 32%
Total physical RAM: 8173.24 MB
Available physical RAM: 5488 MB
Total Virtual: 16344.69 MB
Available Virtual: 13268.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:167.58 GB) (Free:14.29 GB) NTFS
Drive e: (Data drive) (Fixed) (Total:931.51 GB) (Free:644.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DEAEFB8F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: B8A0EC17)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=167.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-10-17 04:36:25
-----------------------------
04:36:25.376 OS Version: Windows x64 6.1.7601 Service Pack 1
04:36:25.376 Number of processors: 8 586 0x102
04:36:25.392 ComputerName: GAMING-PC UserName: Ollie
04:36:25.751 Initialize success
04:36:25.797 VM: initialized successfully
04:36:25.797 VM: Amd CPU BiosDisabled
04:38:35.493 AVAST engine defs: 15101601
04:38:46.295 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:38:46.295 Disk 0 Vendor: ST1000DM003-9YN162 CC4B Size: 953869MB BusType: 3
04:38:46.295 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
04:38:46.295 Disk 1 Vendor: Corsair_Force_3_SSD 5.03 Size: 171705MB BusType: 3
04:38:46.310 Disk 1 MBR read successfully
04:38:46.310 Disk 1 MBR scan
04:38:46.310 Disk 1 Windows 7 default MBR code
04:38:46.326 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
04:38:46.326 Disk 1 default boot code
04:38:46.326 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 171603 MB offset 206848
04:38:46.342 Disk 1 scanning C:\Windows\system32\drivers
04:38:49.686 Service scanning
04:38:59.222 Modules scanning
04:38:59.222 Disk 1 trace - called modules:
04:38:59.222 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
04:38:59.238 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800725e060]
04:38:59.238 3 CLASSPNP.SYS[fffff88000c4543f] -> nt!IofCallDriver -> [0xfffffa8007009520]
04:38:59.238 5 ACPI.sys[fffff88000f737a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0xfffffa8007006680]
04:38:59.596 AVAST engine scan C:\Windows
04:39:01.974 AVAST engine scan C:\Windows\system32
04:40:56.820 AVAST engine scan C:\Windows\system32\drivers
04:41:01.011 AVAST engine scan C:\Users\Ollie
04:41:45.778 AVAST engine scan C:\ProgramData
04:42:11.977 Disk 1 statistics 3598783/0/0 @ 47.87 MB/s
04:42:11.977 Scan finished successfully
04:45:03.822 Disk 1 MBR has been saved successfully to "C:\Users\Ollie\Desktop\MBR.dat"
04:45:03.822 The log file has been saved successfully to "C:\Users\Ollie\Desktop\aswMBR.txt

Many thanks in advance for any help with this :)
 
Running from C:\Springclean

We really need to move FRST to desktop.

Go to C:\Springclean, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


FRSTfix.JPG



start
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2015-07-02] () [File not signed] <==== ATTENTION
2015-10-17 01:39 - 2015-10-17 01:39 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\SpringFiles
C:\Users\Ollie\AppData\Local\Temp\rootsupd.exe
C:\Users\Ollie\AppData\Local\Temp\sqlite3.dll
C:\Users\Ollie\AppData\Local\Temp\_isD806.exe
FirewallRules: [{DE6975F5-AA8C-4591-AC76-DF7B8FBC055D}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{32BEAC66-AE96-4761-AFC8-98ED94A53912}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{93CA2B2F-42A8-410B-9A4B-9434A2C656EA}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{640E0CCF-0CA2-40C3-89D8-3BA6AA576A6D}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
EmptyTemp:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
End
Click to expand...

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~`

BY4dvz9.png
AdwCleaner
  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select
    AVOiBNU.jpg
    Run as administrator     to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


thisisujrt.gif

Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

~~~~~~~~~~~~~~~`
please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt
 
Hi Juliet,

Thanks very much for the quick response, I followed your instructions here are the logs:

Fix result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by Ollie (2015-10-18 01:14:50) Run:1
Running from C:\Users\Ollie\Desktop
Loaded Profiles: Ollie (Available Profiles: Ollie & Lisa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2015-07-02] () [File not signed] <==== ATTENTION
2015-10-17 01:39 - 2015-10-17 01:39 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\SpringFiles
C:\Users\Ollie\AppData\Local\Temp\rootsupd.exe
C:\Users\Ollie\AppData\Local\Temp\sqlite3.dll
C:\Users\Ollie\AppData\Local\Temp\_isD806.exe
FirewallRules: [{DE6975F5-AA8C-4591-AC76-DF7B8FBC055D}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{32BEAC66-AE96-4761-AFC8-98ED94A53912}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{93CA2B2F-42A8-410B-9A4B-9434A2C656EA}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{640E0CCF-0CA2-40C3-89D8-3BA6AA576A6D}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
EmptyTemp:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
End
*****************

Restore point was successfully created.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Everything => Service stopped successfully.
Everything => service removed successfully
C:\Users\Ollie\AppData\Roaming\SpringFiles => moved successfully
C:\Users\Ollie\AppData\Local\Temp\rootsupd.exe => moved successfully
C:\Users\Ollie\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Ollie\AppData\Local\Temp\_isD806.exe => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE6975F5-AA8C-4591-AC76-DF7B8FBC055D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32BEAC66-AE96-4761-AFC8-98ED94A53912} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93CA2B2F-42A8-410B-9A4B-9434A2C656EA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{640E0CCF-0CA2-40C3-89D8-3BA6AA576A6D} => value removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 01:15:22 ====

# AdwCleaner v5.013 - Logfile created 18/10/2015 at 01:26:40
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ollie - GAMING-PC
# Running from : C:\Users\Ollie\Desktop\adwcleaner_5.013.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\yv073wfk.default\searchplugins\search-provided-by-bing.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[!] Key Not Deleted : [x64] HKCU\Software\PRODUCTSETUP

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

*************************

C:\AdwCleaner[C2].txt - [841 bytes] - [15/08/2015 14:39:36]
C:\AdwCleaner[S3].txt - [688 bytes] - [15/08/2015 14:30:10]
C:\AdwCleaner[S4].txt - [812 bytes] - [10/10/2015 12:33:14]
C:\AdwCleaner[S5].txt - [874 bytes] - [17/10/2015 01:52:51]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1162 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Ollie on 18/10/2015 at 1:32:35.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Ollie\AppData\Roaming\mozilla\firefox\profiles\yv073wfk.default\minidumps [8 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/10/2015 at 1:45:13.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Hi again, not sure if it is connected but have had 2 blue screen crashes. The most recent was on restarting my PC after posting my last response to you.
 
rudebadger said:
Hi again, not sure if it is connected but have had 2 blue screen crashes. The most recent was on restarting my PC after posting my last response to you.
Click to expand...

We can try to check that out later.

Open Malwarebytes

[*]On the Dashboard click on Update Now

[*]Go to the Setting Tab

[*]Under Setting go to Detection and Protection

[*]Under PUP and PUM make sure both are set to show Treat Detections as Malware

[*]Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

[*]Then on the Dashboard click on Scan

[*]Make sure to select THREAT SCAN

[*]Then click on Scan

[*]When the scan is finished and the log pops up...select Copy to Clipboard

[*]Please paste the log back into this thread for review

[*]Exit Malwarebytes

~~~~~~~~~~~~~~~~~~~~~~``



1. Open up Malwarebytes and you will be on the Dashboard
2. Click on the History Tab
3. Then click on Application Logs
4. Double click on the SCAN LOG (Not Protection Log ) you just ran
5. When it opens it will look like this





6. Then click on Export
7. On the drop down list click on Copy to Clipboard
8. Then paste the log back into this thread

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.


~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Hi, again I ran the Malwarebytes scan but did not get a log at the end of it, here is the scan log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18/10/2015
Scan Time: 11:18
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.10.18.01
Rootkit Database: v2015.10.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ollie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374499
Time Elapsed: 5 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
Tell me what the computer is doing now.


What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.



Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

GzlsbnV.png
ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme.
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click
    esetListThreats.png
    . If no threats were found, skip the next two bullet points.
  • Click
    esetExport.png
    and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to
    xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png
    and click
    SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png
    .
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
 
My computer still does not go to the correct home page when I open firefox, it goes to a page called esurf.biz. When I am surfing on sites I usually visit if I click a link it sometimes tries to open a new tab occasionally these go to a page but most of the time Avira blocks the page from opening.

Here are the results of the eset scan:

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Users\Ollie\Downloads\winzip19-lan.exe a variant of Win32/InstallCore.ACZ potentially unwanted application
C:\Windows\Installer\75a7f9.msi a variant of Win32/Systweak.L potentially unwanted application
 
Let's see if this next script can help.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


FRSTfix.JPG



start
CloseProcesses:
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe
C:\Users\Ollie\Downloads\winzip19-lan.exe
C:\Windows\Installer\75a7f9.msi
EmptyTemp:
Hosts:
End
Click to expand...

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Post this log when finished.
 
Ok here is the report:
Fix result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by Ollie (2015-10-18 20:46:36) Run:2
Running from C:\Users\Ollie\Desktop
Loaded Profiles: Ollie (Available Profiles: Ollie & Lisa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe
C:\Users\Ollie\Downloads\winzip19-lan.exe
C:\Windows\Installer\75a7f9.msi
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe => moved successfully
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll => moved successfully
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe => moved successfully
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe => moved successfully
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe => moved successfully
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe => moved successfully
C:\Users\Ollie\Downloads\winzip19-lan.exe => moved successfully
C:\Windows\Installer\75a7f9.msi => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 264.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:46:38 ====

When I ran firefox again I still got redirected to the page I mentioned in my last post, but my browser no longer tries to open new tabs when I click on links on websites. However I am now getting almost constant popups from malwarebytes saying that it has blocked a malicious website. The popup says that it is linked to C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe
 
let's see if we reset Firefox if we can get rid of it that way.

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
Backup Firefox Bookmarks

Proceed with the reset once done.

~~~~~~~~~~~~~
Also

  • Right-Click FRST.exe / FRST64.exe and select
    AVOiBNU.jpg
    Run as administrator to run the programme.
  • Click Yes to the disclaimer.

    Check Shortcut.txt
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

~~~~~~~~~~~~~~~~`

Did you install MyComGames ?


https://www.reddit.com/r/ArmoredWar...oes_this_game_hate_my_malwarebytes_antivuris/
probable false positive detections
game launcher provided by Skyforge

If the notifications are too frequent, and you wish to disable them while still allowing Malwarebytes Anti-Malware to continue protecting your PC by blocking the malicious websites, please follow the steps on this article:
https://support.malwarebytes.org/customer/portal/articles/1835324?b_id=6400

Alternatively, if you would like to stop Malwarebytes Anti-Malware from blocking the program entirely, you may follow the steps on this article:
https://support.malwarebytes.org/customer/portal/articles/1835326?b_id=6400
 
Last edited:
Ok I tried the reset but no joy, firefox still opens on the esurf.biz page.

Yes I did install MyComGames, but was just worried that it might have become infected. Looking at the reddit thread it seems to be a known issue, thanks for the help with that :)

Here are the scan reports:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-10-2015
Ran by Ollie (administrator) on GAMING-PC (19-10-2015 19:04:02)
Running from C:\Users\Ollie\Desktop
Loaded Profiles: Ollie (Available Profiles: Ollie & Lisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(MY.COM B.V.) C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Edimax Technology Co.) C:\Program Files (x86)\Edimax\Common\RaUI.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\CorsTra.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-08-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2014-08-05] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-06] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-17] (Apple Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-17] (Apple Inc.)
HKLM-x32\...\Run: [Corsair Duke] => C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe [1771520 2013-08-15] (Corsair Components Inc)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Corsair M65 Mouse] => C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe [1766912 2013-08-15] (Corsair Components Inc)
HKLM-x32\...\Run: [Corsair Gaming Headset Software] => C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe [2918152 2014-08-18] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2015-07-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7777560 2014-11-13] (SUPERAntiSpyware)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2901584 2015-10-16] (Valve Corporation)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-30] (Safer-Networking Ltd.)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [MyComGames] => C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe [4222408 2015-10-17] (MY.COM B.V.)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MountPoints2: {5eeb5042-52a5-11e3-9e7f-902b3498c9e3} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MountPoints2: {f8046c24-548b-11e4-a3ba-902b3498c9e3} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-10-17]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-10-17]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk [2012-11-09]
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3501653021-3640964384-1111194576-1000] => hxxp://get-access.me/wpad.dat?78a8af66cfad197e51123a91d81d7e43804347
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{023BED95-0A6C-4A68-8987-05741C533FF6}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9aca07fe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\utkgrewf.default-1445277530700
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-25] (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3501653021-3640964384-1111194576-1000: @my.com/Games -> C:\Users\Ollie\AppData\Local\MyComGames\NPMyComDetector.dll [2015-10-01] (My.com, Inc)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-17] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-07] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-06] (COMODO)
S3 DAUpdaterSvc; C:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-10-06] (Futuremark)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72280 2010-09-07] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-17] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-17] (Malwarebytes)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
R3 CORK70; C:\Windows\System32\drivers\CORK70.sys [25600 2012-10-31] ( )
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
S3 DUKEMS; C:\Windows\System32\drivers\DUKEMS.sys [25600 2012-08-16] ( )
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-02] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-17] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SnakeEyes; C:\Windows\System32\drivers\SnakeEyes.sys [25600 2012-09-05] ( )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-19 19:04 - 2015-10-19 19:04 - 00016897 _____ C:\Users\Ollie\Desktop\FRST.txt
2015-10-18 18:04 - 2015-10-18 18:04 - 00001936 _____ C:\Users\Ollie\Desktop\esetresults.txt
2015-10-18 11:37 - 2015-10-18 11:37 - 00001050 _____ C:\Users\Ollie\Desktop\mbam.txt
2015-10-18 01:53 - 2015-10-18 01:53 - 00319952 _____ C:\Windows\Minidump\101815-13088-01.dmp
2015-10-18 01:45 - 2015-10-18 01:45 - 00000736 _____ C:\Users\Ollie\Desktop\JRT.txt
2015-10-18 01:31 - 2015-10-18 01:31 - 01801288 _____ (Malwarebytes) C:\Users\Ollie\Downloads\JRT.exe
2015-10-18 01:28 - 2015-10-18 01:28 - 00001245 _____ C:\Users\Ollie\Desktop\AdwCleaner[C3].txt
2015-10-18 01:23 - 2015-10-17 02:15 - 01682432 _____ C:\Users\Ollie\Desktop\adwcleaner_5.013.exe
2015-10-18 01:14 - 2015-10-18 01:14 - 00000000 ____D C:\Users\Ollie\Desktop\FRST-OlderVersion
2015-10-17 17:05 - 2015-10-18 01:55 - 00001438 _____ C:\Users\Ollie\Desktop\bsod.txt
2015-10-17 17:03 - 2015-10-17 17:03 - 00276880 _____ C:\Windows\Minidump\101715-13603-01.dmp
2015-10-17 16:27 - 2015-10-17 16:27 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-17 16:27 - 2015-10-17 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-17 16:27 - 2015-10-17 16:27 - 00000000 ____D C:\Program Files\iTunes
2015-10-17 16:27 - 2015-10-17 16:27 - 00000000 ____D C:\Program Files\iPod
2015-10-17 16:26 - 2015-10-17 16:26 - 00000000 ____D C:\Program Files\Bonjour
2015-10-17 16:26 - 2015-10-17 16:26 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-17 16:25 - 2015-10-17 16:25 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-10-17 16:25 - 2015-10-17 16:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-17 12:34 - 2015-10-17 12:43 - 00000000 ____D C:\Users\Ollie\AppData\Local\WinZip
2015-10-17 12:34 - 2015-10-17 12:42 - 00000000 ____D C:\ProgramData\WinZip
2015-10-17 12:34 - 2015-10-17 12:34 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-10-17 12:34 - 2015-10-17 12:34 - 00002281 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-10-17 12:34 - 2015-10-17 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-10-17 12:34 - 2015-10-17 12:34 - 00000000 ____D C:\Program Files\WinZip
2015-10-17 04:45 - 2015-10-17 04:45 - 00002301 _____ C:\Users\Ollie\Desktop\aswMBR.txt
2015-10-17 04:45 - 2015-10-17 04:45 - 00000512 _____ C:\Users\Ollie\Desktop\MBR.dat
2015-10-17 04:20 - 2015-10-17 04:20 - 05198336 _____ (AVAST Software) C:\Users\Ollie\Desktop\aswMBR.exe
2015-10-17 04:18 - 2015-10-19 19:04 - 00000000 ____D C:\FRST
2015-10-17 04:18 - 2015-10-18 01:14 - 02196992 _____ (Farbar) C:\Users\Ollie\Desktop\FRST64.exe
2015-10-17 04:16 - 2015-10-18 01:12 - 00000000 ____D C:\Springclean
2015-10-17 04:15 - 2015-10-17 04:15 - 00000207 _____ C:\Windows\tweaking.com-regbackup-GAMING-PC-Windows-7-Home-Premium-(64-bit).dat
2015-10-17 04:15 - 2015-10-17 04:15 - 00000000 ____D C:\RegBackup
2015-10-17 04:14 - 2015-10-17 04:14 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-10-17 04:14 - 2015-10-17 04:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-17 04:14 - 2015-10-17 04:14 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-17 04:13 - 2015-10-17 04:13 - 04777232 _____ (Tweaking.com) C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe
2015-10-17 03:50 - 2015-10-17 03:50 - 10357568 _____ (SurfRight B.V.) C:\Users\Ollie\Downloads\HitmanPro.exe
2015-10-17 02:56 - 2015-10-17 02:56 - 02870984 _____ (ESET) C:\Users\Ollie\Desktop\esetsmartinstaller_enu.exe
2015-10-17 02:56 - 2015-10-17 02:56 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-17 02:22 - 2015-10-17 02:22 - 22908888 _____ (Malwarebytes ) C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-17 02:22 - 2015-10-17 02:22 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-17 02:22 - 2015-10-17 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-17 02:22 - 2015-10-17 02:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-17 02:15 - 2015-10-17 02:15 - 01682432 _____ C:\Users\Ollie\Downloads\adwcleaner_5.013.exe
2015-10-17 01:52 - 2015-10-17 01:53 - 00000874 _____ C:\AdwCleaner[S5].txt
2015-10-16 00:26 - 2015-10-17 02:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-13 20:38 - 2015-10-13 20:38 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 20:38 - 2015-10-13 20:38 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-13 20:38 - 2015-10-13 20:38 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 20:38 - 2015-09-16 05:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-13 20:38 - 2015-09-16 05:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-13 20:38 - 2015-09-16 04:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-13 20:38 - 2015-09-16 04:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-13 20:37 - 2015-10-13 20:37 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-13 20:37 - 2015-10-13 20:37 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-13 20:37 - 2015-10-13 20:37 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 20:37 - 2015-10-13 20:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 20:37 - 2015-10-13 20:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 20:37 - 2015-10-13 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-10 12:33 - 2015-10-10 12:33 - 00000812 _____ C:\AdwCleaner[S4].txt
2015-10-06 18:23 - 2015-10-06 18:23 - 00000022 _____ C:\Windows\GPU-Z.INI
2015-10-06 18:22 - 2015-10-06 18:22 - 00000000 ____D C:\Program Files (x86)\Futuremark
2015-10-06 18:21 - 2015-10-06 18:23 - 00000000 ____D C:\Users\Ollie\Documents\3DMark 11
2015-10-06 18:21 - 2015-10-06 18:21 - 02883584 _____ C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi
2015-10-06 18:21 - 2015-10-06 18:21 - 00000000 ____D C:\Users\Ollie\AppData\Local\IsolatedStorage
2015-10-06 18:21 - 2015-10-06 18:21 - 00000000 ____D C:\Users\Ollie\AppData\Local\Futuremark
2015-10-06 18:11 - 2015-10-06 18:11 - 00001227 _____ C:\Users\Public\Desktop\3DMark 11.lnk
2015-10-06 18:11 - 2015-10-06 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2015-10-06 18:11 - 2015-10-06 18:11 - 00000000 ____D C:\Program Files\Futuremark
2015-10-06 18:05 - 2015-10-06 18:08 - 271860249 _____ C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip
2015-10-06 18:04 - 2015-10-06 18:05 - 12261072 _____ (Novawave Inc. ) C:\Users\Ollie\Downloads\novabench3.exe
2015-10-05 23:30 - 2015-10-05 23:30 - 01199856 _____ ( ) C:\Users\Ollie\Downloads\hwmonitor_1.28.exe
2015-10-05 23:30 - 2015-10-05 23:30 - 00000930 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2015-10-05 23:30 - 2015-10-05 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-10-05 23:30 - 2015-10-05 23:30 - 00000000 ____D C:\Program Files\CPUID
2015-10-02 22:04 - 2015-10-02 22:06 - 300806184 _____ (AMD Inc.) C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe
2015-10-02 21:57 - 2015-10-02 21:57 - 04288048 _____ C:\Users\Ollie\Downloads\memtest86-iso.zip
2015-10-02 00:54 - 2015-10-02 06:50 - 00000137 _____ C:\Users\Ollie\Desktop\Armored Warfare Open Beta.url
2015-10-02 00:54 - 2015-10-02 00:54 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta
2015-10-01 00:06 - 2015-10-01 00:06 - 00002017 _____ C:\Users\Ollie\Desktop\My.com Game Center.lnk
2015-10-01 00:06 - 2015-10-01 00:06 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2015-10-01 00:05 - 2015-10-19 18:50 - 00000000 ____D C:\Users\Ollie\AppData\Local\MyComGames
2015-10-01 00:05 - 2015-10-01 00:05 - 05481456 _____ (MY.COM B.V.) C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-19 18:59 - 2015-03-30 19:20 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2015-10-19 18:59 - 2013-06-02 23:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-19 18:58 - 2012-11-09 17:45 - 01964383 _____ C:\Windows\WindowsUpdate.log
2015-10-19 18:57 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-19 18:57 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-19 18:55 - 2009-07-14 06:13 - 00159100 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-19 18:50 - 2014-04-12 13:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-19 18:50 - 2013-08-03 00:23 - 00000000 ____D C:\Users\Ollie\AppData\Local\HTC MediaHub
2015-10-19 18:50 - 2013-06-13 20:27 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-19 18:49 - 2015-05-02 00:44 - 00020301 _____ C:\Windows\setupact.log
2015-10-19 18:49 - 2012-11-09 18:23 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-10-19 18:49 - 2012-11-09 17:55 - 00000144 _____ C:\service.log
2015-10-19 18:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-18 20:47 - 2012-11-10 18:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-18 01:53 - 2013-06-01 01:41 - 00000000 ____D C:\Windows\Minidump
2015-10-18 01:26 - 2015-08-06 20:04 - 00000000 ____D C:\AdwCleaner
2015-10-18 01:21 - 2015-04-21 10:26 - 01819954 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-10-18 01:15 - 2014-02-23 22:55 - 00000000 ____D C:\Users\Ollie\AppData\LocalLow\Temp
2015-10-17 16:27 - 2013-06-08 17:23 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-17 16:27 - 2013-05-28 14:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-17 16:26 - 2015-08-12 16:03 - 00096528 _____ (Apple Inc.) C:\Windows\system32\dns-sd.exe
2015-10-17 16:26 - 2015-08-12 16:03 - 00084240 _____ (Apple Inc.) C:\Windows\SysWOW64\dns-sd.exe
2015-10-17 16:25 - 2013-05-28 14:09 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-17 11:33 - 2015-05-17 13:17 - 00000000 ____D C:\Windows\rescache
2015-10-17 04:35 - 2014-10-21 22:37 - 00001728 _____ C:\Users\Ollie\Desktop\details.txt
2015-10-17 02:34 - 2010-11-21 04:47 - 00423058 _____ C:\Windows\PFRO.log
2015-10-17 02:12 - 2014-11-18 01:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 01:39 - 2014-11-18 01:21 - 00001255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-17 01:39 - 2014-11-18 01:21 - 00001243 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-17 01:39 - 2012-11-09 17:45 - 00001509 _____ C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-16 22:59 - 2013-06-02 23:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-16 22:59 - 2012-11-10 01:52 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-16 22:59 - 2012-11-10 01:52 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 00:05 - 2013-08-15 02:01 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 00:03 - 2012-11-10 17:17 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-13 20:29 - 2015-07-17 22:36 - 00066544 _____ C:\Users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-13 20:29 - 2015-07-17 22:36 - 00000000 ____D C:\Users\Lisa\AppData\Local\HTC MediaHub
2015-10-11 16:24 - 2015-04-25 19:58 - 00000057 _____ C:\Users\Ollie\Desktop\cooling.txt
2015-10-09 23:33 - 2015-02-21 17:55 - 00000000 ____D C:\Users\Ollie\AppData\Local\Steam
2015-10-06 18:11 - 2012-11-09 20:10 - 00496911 _____ C:\Windows\DirectX.log
2015-10-06 18:10 - 2014-08-05 15:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-05 21:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2012-12-19 23:21 - 2012-12-19 23:21 - 0000111 _____ () C:\Users\Ollie\AppData\Roaming\adu.xml
2014-08-05 17:40 - 2014-08-05 17:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-11 15:48

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by Ollie (2015-10-19 19:04:36)
Running from C:\Users\Ollie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-11-09 16:45:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3501653021-3640964384-1111194576-500 - Administrator - Disabled)
Guest (S-1-5-21-3501653021-3640964384-1111194576-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3501653021-3640964384-1111194576-1002 - Limited - Enabled)
Lisa (S-1-5-21-3501653021-3640964384-1111194576-1009 - Limited - Enabled) => C:\Users\Lisa
Ollie (S-1-5-21-3501653021-3640964384-1111194576-1000 - Administrator - Enabled) => C:\Users\Ollie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE)
3DMark 11 (HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
7-Zip 15.06 beta (HKLM-x32\...\7-Zip) (Version: 15.06 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Armored Warfare MyCom Beta (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Armored Warfare MyCom Beta) (Version: 1.45 - My.com B.V.)
Aslain's XVM WoT Modpack version 4.6.8 (HKLM-x32\...\ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1) (Version: 4.6.8 - Aslain)
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)
Corsair Gaming Headset Software (HKLM-x32\...\{6118E939-08B6-4180-8B5B-97836617813B}) (Version: 2.0.35 - Corsair)
Corsair K70 Firmware Update Application (HKLM-x32\...\{8C9DA353-2101-4658-BAA7-53F88EA0D3AB}_is1) (Version: - )
Corsair M65 Firmware Update Application (HKLM-x32\...\{29484F2D-404A-4EF6-B774-DF5EC5BDF481}_is1) (Version: - )
Corsair M65 Gaming Mouse Driver V1.0 (HKLM-x32\...\{62CC0366-207F-4BC3-97B1-4D4615B5BF0B}_is1) (Version: 1.00.00.11 - )
Corsair M95 Firmware Update Application (HKLM-x32\...\{4E44154D-0699-4D6C-996F-66D47B9A40D2}_is1) (Version: - )
Corsair M95 Gaming Mouse Driver V1.0 (HKLM-x32\...\{9C9EA6B0-2138-4111-BF26-9D0D40D12C0F}_is1) (Version: 1.00.00.14 - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox Development Studio)
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version: - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
Easy Tune 6 B12.0509.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.0509.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.1214.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Edimax RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.5.0 - Edimax)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{185D7B00-8600-4716-A619-D8CBE689974B}) (Version: 4.40.560.0 - Futuremark)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.63.1 - GIGABYTE Technologies, Inc.)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.46.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
Mount & Blade (HKLM-x32\...\Steam App 22100) (Version: - TaleWorlds Entertainment)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version: - TaleWorlds Entertainment)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My.com Game Center (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MyComGames) (Version: 3.147 - My.com B.V.)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version: - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic Entertainment)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
World of Tanks (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warships (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-10-2015 01:14:52 Restore Point Created by FRST
18-10-2015 01:32:38 JRT Pre-Junkware Removal
18-10-2015 19:00:03 Windows Backup

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-10-18 20:46 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21FD3B25-29C2-447F-93CA-F418B38D494D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
Task: {2AE452DD-7663-4C08-86D9-150C6FD9B29D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {3FACD55F-1894-47BD-ADAA-04DFE5A5BCFD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {4DA682FB-99CB-4AEA-AF79-8060720E11A4} - System32\Tasks\{F792DE50-AA36-4F10-8148-9E7EF9D76636} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {633F2494-35E3-4DE2-A618-4E7E55AE10BB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-10-17] (Apple Inc.)
Task: {73C1E663-DBDF-45F2-BAE0-A9C921E39E62} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {99146579-3923-4B7C-B229-3DA59088957D} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {B3390CAB-97E0-4E55-B694-1DEB10AD59E3} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-06] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-10 13:49 - 2011-01-10 13:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2012-11-09 17:55 - 2009-08-24 15:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2012-11-09 18:01 - 2010-09-07 10:46 - 00072280 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
2013-08-03 00:22 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-01 20:33 - 2013-08-01 20:33 - 00169312 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-04-15 17:39 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2012-11-09 17:55 - 2009-03-13 12:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2013-08-01 20:31 - 2013-08-01 20:31 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-08-01 20:33 - 2013-08-01 20:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-08-01 20:40 - 2013-08-01 20:40 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-05-06 17:05 - 2015-10-09 23:33 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-07-01 22:21 - 2015-10-16 22:34 - 02423376 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-06-06 14:06 - 2015-10-16 22:34 - 00705104 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 16:57 - 2015-10-16 22:34 - 00193024 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00144896 _____ () C:\Users\Ollie\AppData\Local\MyComGames\zlib1.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00062464 _____ () C:\Users\Ollie\AppData\Local\MyComGames\pxd.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00179144 _____ () C:\Users\Ollie\AppData\Local\MyComGames\LightUpdate.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 02419488 _____ () C:\Users\Ollie\AppData\Local\MyComGames\BigUp2.dll
2015-08-26 10:18 - 2015-08-26 10:18 - 50425344 _____ () C:\Users\Ollie\AppData\Local\MyComGames\Chrome\3.2454.1317\libcef.dll
2012-11-09 18:28 - 2009-10-07 02:35 - 00901120 _____ () C:\Program Files (x86)\Edimax\Common\RaWLAPI.dll
2013-11-14 23:51 - 2013-05-26 15:40 - 00054272 _____ () C:\Program Files (x86)\Corsair\M95 Mouse\hidGetKey.dll
2014-12-28 18:42 - 2012-05-14 13:41 - 00043008 _____ () C:\Program Files (x86)\Corsair\M65 Mouse\hidGetKey.dll
2013-03-26 16:16 - 2015-10-08 23:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdave64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdhcp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdmantle64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdmmcl6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdocl_as64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdocl_ld64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdpcom64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiadlxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiapfxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atibtmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticalcl64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticaldd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticalrt64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticfx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atidemgy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atidxx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atieclxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiesrxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atig6pxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atig6txx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atimpc64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atimuixx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atio6axx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ATIODCLI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ATIODE.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atisamu64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atitmm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiu9p64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiumd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiumd6a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiuxp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clinfo.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\coinst_14.50.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mantle64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mantleaxl64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenVideo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OVDecode64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdave32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdhcp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdmantle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdmmcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl_as32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl_ld32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdpcom32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiadlxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticalcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticaldd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticalrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticfx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atidxx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atigktxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atimpc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atioglxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atisamu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiu9pag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiumdag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiumdva.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiuxpag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mantle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mantleaxl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenVideo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OVDecode.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\amdacpksd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ati2erec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys.bak:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys.bak:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\adwcleaner_5.013.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\adwcleaner_5.013.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\aswMBR.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\aswMBR.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\autodetectutility.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\autodetectutility.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\Display Driver Uninstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\esetsmartinstaller_enu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\esetsmartinstaller_enu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\11713829_1223641617661299_793691498209012780_o.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\11713829_1223641617661299_793691498209012780_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\7z1506.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\7z1506.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\adwcleaner_5.013.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\adwcleaner_5.013.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Aslains_XVM_WoT_Modpack_Installer_v.4.6.8_910.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Aslains_XVM_WoT_Modpack_Installer_v.4.6.8_910.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\HitmanPro.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\HitmanPro.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\hwmonitor_1.28.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\hwmonitor_1.28.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\memtest86-iso.zip:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\memtest86-iso.zip:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\novabench3.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\novabench3.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\template.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\template.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoT_internet_install_eu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoT_internet_install_eu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoWS_internet_install_eu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoWS_internet_install_eu.exe:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 15753 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{57693123-6D81-46F1-A29B-103A8316E953}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2D61947-CAAD-42E6-A1B8-CDF82AF738E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EBCF617F-C492-448B-999A-A3A5844F0E06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7F56CF5A-97AA-42E1-8D0D-1449B76DE4FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{073DFCF0-9ED0-4697-8575-3F8EF5288D1C}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{2BEFBC93-C3B9-4AE5-8B4A-8A3313F8E349}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{7BB94A60-90C9-42DD-B8CE-5BD16827DAE2}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{F515A6CB-144F-4EAE-AF36-D0AD592FB656}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{B98CEFF2-7C68-4FD7-BD29-3790DA99F7D8}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{A76D94D3-DAC7-434F-A912-06FDFF7FC774}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{0DA5898E-0431-4826-A40E-89F18F20D94D}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{DE42BB9A-911F-44F5-B4EE-E42122737169}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{9419282F-AAF2-477F-872B-79EC07E6036A}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{B8E732A2-36CC-4006-8AE7-333546D71017}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{B9DECAD9-B37A-4B88-BA9F-714FE6F5E80F}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{CB4DAA4C-C6F2-46B4-8507-95E95EAA86A2}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{5D2BFE37-EDB7-425E-BAB7-FACC4CB62731}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{CEB19D6D-7926-4B1A-BDC7-D004D0269E3B}] => (Allow) C:\Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{EB9C7AA2-1FB6-492F-A16A-79C7F8924DBD}] => (Allow) C:\Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{6C70A579-A7B5-4B3F-9F4B-3447D62338AA}] => (Allow) C:\Games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{7373ADBF-766D-4311-A551-A4394298A08A}] => (Allow) C:\Games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{B2FA87E4-B840-430B-AC2A-03AF545A3923}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{4A5985A9-48CC-4C5F-8375-B9994F4FB513}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{29484216-7ED3-43B7-8B33-491586C04BA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A4AD10BE-9F9D-4269-9512-A7D7BA8DB95E}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{4DB5D3D0-3D67-4366-8623-623D3546C952}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{99409EE6-9421-4ABF-9664-0EC0859783CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7D406204-5B22-458E-858D-C7932BE225EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C1552EF1-8A93-41E5-9971-B99AE37CFE43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{4ADE1AE1-853C-4DD5-B122-72766D01D087}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{1116679B-E214-4A35-9AEF-F20E714CDF90}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{457A1534-EC97-4D86-879B-D1CD6C063DB7}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{CA9F1D8F-3975-4FBC-A10C-06A235CAA980}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{5799148E-0D9D-492C-B727-C36BB7F3C1B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF29EA24-D5F9-404A-A9D0-2261D490EB42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{42EA9344-B558-4156-BF3F-61E2D8B6944D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6539B8FD-4C7E-466D-9B01-7DFACE2298C9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A737F16D-97CA-4E74-A822-1609AD4403B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{25D9FEB8-19DE-4EBA-9B82-F040D52A6FD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{373E1A11-BD53-4EE1-897B-208B88A47542}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{CBEBAAEA-FA68-4F34-A1A8-A6F72B81794A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{ABDB5590-65E8-48EE-A5CC-9B9551BDD2D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{56742189-4528-4262-89E7-32B844C978EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{089EE90C-4194-45C3-BC1C-30BEC35ED335}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F1F63541-C8CB-4EDD-A100-3A31C55BC1D7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{29F53783-B4AC-47A5-9AD7-77FC64CCC00E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{FE627920-BF0F-4AC9-A32D-6AF150A3C4C5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{0714BF63-3AC9-482C-A9C2-52A3417E87AB}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe
FirewallRules: [{D149B3BC-CB0A-4B9B-BB23-E74022673DD2}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{90C78A4E-7182-413F-8FC8-F38CC5B0A4C9}] => (Allow) E:\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{17C7B4BE-10DF-45D4-9C9D-563A864BBF61}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{96B1012E-C482-498B-BEF2-29361399D73C}] => (Allow) E:\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{FA4444DB-2D0B-420C-A84A-97E7E3D1D0EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{0BBB55CE-C27E-40B5-ADF0-CC8B2D5687A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{00511F78-33DB-4A77-9F3D-729BEC001482}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{FF2BB3D8-7FB3-47A9-BFC4-DF9D247154F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{23A3F365-2D78-4926-983C-BE1CEC56B3D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{D0C0D638-3339-4F3A-B85E-3CA9F6CE2D7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{A7968FAC-2277-4DB8-97E8-7C2BBA91DEB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{E3B34F64-938E-4087-A52B-CDC020F56CA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{AEA1C473-53E1-4111-8B6B-DAA9DE279F72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{08F133DF-B3AC-476E-BCA6-6CA3E4B95597}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5FA2A8C0-9FDA-40DB-8894-14F77A579E4B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC5ECE49-934D-4572-AF28-B65E6EC42A35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{42D7AE02-59D4-49B1-A4AC-5E61BBC7A955}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2015 06:49:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2015 07:34:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2015 08:47:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2015 08:42:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2015 02:49:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/18/2015 02:49:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/18/2015 02:49:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/18/2015 02:48:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/18/2015 11:04:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/18/2015 10:38:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/18/2015 08:46:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\RAIHV.dll

Error: (10/18/2015 08:46:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\RAIHV.dll

Error: (10/18/2015 08:46:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\RAIHV.dll

Error: (10/18/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/18/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/18/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/18/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/18/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (10/18/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/18/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: AMD FX(tm)-8120 Eight-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 8173.24 MB
Available physical RAM: 5812.68 MB
Total Virtual: 16344.69 MB
Available Virtual: 13706.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:167.58 GB) (Free:14.9 GB) NTFS
Drive e: (Data drive) (Fixed) (Total:931.51 GB) (Free:643.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DEAEFB8F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: B8A0EC17)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=167.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Users shortcut scan result (x64) Version:17-10-2015
Ran by Ollie (2015-10-19 19:06:16)
Running from C:\Users\Ollie\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk -> C:\Program Files\WinZip\WINZIP64.EXE (WinZip Computing, S.L.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\SIGNINOPTIONS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Encyclopedia.lnk -> E:\World_of_Tanks\wiki.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Game Manual.lnk -> E:\World_of_Tanks\game_manual.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Latest updates.lnk -> E:\World_of_Tanks\readme.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Official website.lnk -> E:\World_of_Tanks\website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Uninstall World of Tanks.lnk -> E:\World_of_Tanks\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\World of Tanks.lnk -> E:\World_of_Tanks\WoTLauncher.exe (Wargaming.net)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 19.5.lnk -> C:\Program Files\WinZip\WINZIP64.EXE (WinZip Computing, S.L.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Registry Backup\Tweaking.com - Registry Backup.lnk -> C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe (Tweaking.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk -> C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE (SUPERAdBlocker.com and SUPERAntiSpyware.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.lnk -> C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\Help and HOW-TO.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.chm (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\Release info.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\Uninstall SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Base.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sbase.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Calc.lnk -> C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Draw.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Impress.lnk -> C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Math.lnk -> C:\Program Files (x86)\OpenOffice 4\program\smath.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Writer.lnk -> C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\NVIDIA PhysX Properties.lnk -> C:\Windows\SysWOW64\PhysX.cpl (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\Riot Games\Play League of Legends.lnk -> C:\Games\League of Legends\lol.launcher.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en_GB.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC\HTC Sync Manager\HTC Sync Manager.lnk -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte Technology Corp\Gigabyte Raid Configurer.lnk -> C:\Windows\SysWOW64\xRaidSetup.exe (Gigabyte Technology Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\@BIOS.lnk -> C:\Program Files (x86)\Gigabyte\@BIOS\BIOS_Run.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\ET6\ET6.lnk -> C:\Windows\Installer\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}\ET6SC.exe_457D7505D6654F9591C3ECB8C56E9ACA.exe (InstallShield Software Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\ET6\Help.lnk -> C:\Program Files (x86)\Gigabyte\ET6\et6help.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\EasySaver\EasySaver.lnk -> C:\Program Files (x86)\Gigabyte\EasySaver\eslite.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\EasySaver\Uninstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{07300F01-89CA-4CF8-92BD-2A605EB83C95}\setup.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\AutoGreen\AutoGreen.lnk -> C:\Windows\Installer\{C75FAD21-EC08-42F3-92D6-C9C0AB355345}\CallAG.exe_C75FAD21EC0842F392D6C9C0AB355345.exe (InstallShield Software Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark\3DMark 11\3DMark 11.lnk -> C:\Program Files\Futuremark\3DMark 11\bin\x64\3DMark11.exe (Futuremark)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Edimax Wireless\Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby\Dolby Demo.lnk -> C:\Program Files (x86)\Dolby Home Theater v4\pcee4d.exe (Dolby Laboratories Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby\Dolby Profile.lnk -> C:\Program Files (x86)\Dolby Home Theater v4\pcee4e.exe (Dolby Laboratories Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\Uninstall HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair Gaming Headset Software.lnk -> C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe (Corsair Components, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\M95 Mouse\Corsair M95 Gaming Mouse Configuration.lnk -> C:\Program Files (x86)\Corsair\M95 Mouse\mainframe.exe (Corsair Components Inc)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\M95 Mouse\Uninstall .lnk -> C:\Windows\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\M65 Mouse\Corsair M65 Gaming Mouse Configuration.lnk -> C:\Program Files (x86)\Corsair\M65 Mouse\mainframe.exe (Corsair Components Inc)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\M65 Mouse\Uninstall .lnk -> C:\Windows\unins004.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair M95 Firmware Update Application\Start Corsair M95 Firmware Update Application.lnk -> C:\Program Files (x86)\Corsair\M95 firmware update\FWUpdate.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair M95 Firmware Update Application\Uninstall .lnk -> C:\Windows\unins001.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair M65 Firmware Update Application\Start Corsair M65 Firmware Update Application.lnk -> C:\Program Files (x86)\Corsair\M65 firmware update\FWUpdate.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair M65 Firmware Update Application\Uninstall .lnk -> C:\Windows\unins003.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair K70 Firmware Update Application\Start Corsair K70 Firmware Update Application.lnk -> C:\Program Files (x86)\Corsair\K70 firmware update\FWUpdate.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair K70 Firmware Update Application\Uninstall .lnk -> C:\Windows\unins002.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files (x86)\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files (x86)\7-Zip\7-zip.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{E9DFE522-FB0D-474B-8B05-F3913EE7319F}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe (Bethesda Softworks)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{C124BF7F-D91E-41C4-BA19-A28EDB147440}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe (Sega Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{7B961D6F-862E-4965-A6FB-2CF8702F77F3}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe (Sega Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\Links\Desktop.lnk -> C:\Users\Lisa\Desktop ()
Shortcut: C:\Users\Lisa\Links\Downloads.lnk -> C:\Users\Lisa\Downloads ()
Shortcut: C:\Users\Lisa\Desktop\World of Tanks 0.9.9 ProMod.lnk -> C:\Games\World_of_Tanks\WoTLauncher.exe (No File)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\Links\Desktop.lnk -> C:\Users\Ollie\Desktop ()
Shortcut: C:\Users\Ollie\Links\Downloads.lnk -> C:\Users\Ollie\Downloads ()
Shortcut: C:\Users\Ollie\Desktop\My.com Game Center.lnk -> C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe (MY.COM B.V.)
Shortcut: C:\Users\Ollie\Desktop\World of Warships.lnk -> E:\World_of_Warships\WoWSLauncher.exe (Wargaming.net)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships\Uninstall World of Warships.lnk -> E:\World_of_Warships\unins000.exe ()
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships\World of Warships.lnk -> E:\World_of_Warships\WoWSLauncher.exe (Wargaming.net)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games\My.com Game Center.lnk -> C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe (MY.COM B.V.)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything\Search Everything.lnk -> C:\Program Files (x86)\Everything\Everything.exe ()
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything\Uninstall Everything.lnk -> C:\Program Files (x86)\Everything\Uninstall.exe ()
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Dragon Age Origins.lnk -> C:\Games\Dragon Age\DAOriginsLauncher.exe (BioWare)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CPUID HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Dragon Age Origins.lnk -> C:\Games\Dragon Age\DAOriginsLauncher.exe (BioWare)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\My.com Game Center.lnk -> C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe (MY.COM B.V.)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OpenOffice 4.1.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\World of Tanks.lnk -> E:\World_of_Tanks\WoTLauncher.exe (Wargaming.net)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\World of Warships.lnk -> E:\World_of_Warships\WoWSLauncher.exe (Wargaming.net)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Local\Microsoft\Windows\GameExplorer\{A1C7461A-1AD3-4735-95A5-28567D7BBC45}\PlayTasks\0\Play.lnk -> C:\Games\Pirates!.exe (No File)
Shortcut: C:\Users\Ollie\AppData\Local\Microsoft\Windows\GameExplorer\{7B961D6F-862E-4965-A6FB-2CF8702F77F3}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe (Sega Corporation)
Shortcut: C:\Users\Public\Desktop\3DMark 11.lnk -> C:\Program Files\Futuremark\3DMark 11\bin\x64\3DMark11.exe (Futuremark)
Shortcut: C:\Users\Public\Desktop\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\CPUID HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\Users\Public\Desktop\Dragon Age Origins.lnk -> C:\Games\Dragon Age\DAOriginsLauncher.exe (BioWare)
Shortcut: C:\Users\Public\Desktop\ET6.lnk -> C:\Program Files (x86)\Gigabyte\ET6\ET6SC.exe ()
Shortcut: C:\Users\Public\Desktop\HTC Sync Manager.lnk -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe ()
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk -> C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe (Tweaking.com)
Shortcut: C:\Users\Public\Desktop\WinZip.lnk -> C:\Program Files\WinZip\WINZIP64.EXE (WinZip Computing, S.L.)
Shortcut: C:\Users\Public\Desktop\World of Tanks.lnk -> E:\World_of_Tanks\WoTLauncher.exe (Wargaming.net)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Registry Backup\Uninstall Tweaking.com - Registry Backup.lnk -> C:\Program Files (x86)\Tweaking.com\Registry Backup\uninstall.exe (Indigo Rose Corporation) -> "/U:C:\Program Files (x86)\Tweaking.com\Registry Backup\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware) -> /register
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co.) -> -s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC\HTC Sync Manager\Uninstall HTC Sync Manager.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {F838C3DD-5785-4F19-AD0F-BD532C8A31F4}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC\HTC Driver\Uninstall HTC Driver.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4CEEE5D0-F905-4688-B9F9-ECC710507796}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\ET6\UnInstall.lnk -> C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe (Macrovision Corporation) -> /M{457D7505-D665-4F95-91C3-ECB8C56E9ACA}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Edimax Wireless\Uninstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe (Macrovision Corporation) -> -runfromtemp -removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\COMODO Internet Security\Add and Remove components.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /I{68BE8BAB-5375-4C99-9116-1808F5968D40}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\COMODO Internet Security\COMODO Internet Security.lnk -> C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) -> --shortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Public\Desktop\COMODO Internet Security.lnk -> C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) -> --shortcut


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\World of Tanks on the Web.url -> hxxp://www.worldoftanks.eu
InternetURL: C:\Users\Lisa\Favorites\Links for United Kingdom\Business Link - the site for business.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129728
InternetURL: C:\Users\Lisa\Favorites\Links for United Kingdom\Directgov - the nation's official website.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129698
InternetURL: C:\Users\Lisa\Favorites\Links for United Kingdom\NHS Choices - for health and social care.url -> hxxp://go.microsoft.com/fwlink/?LinkId=143271
InternetURL: C:\Users\Lisa\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Ollie\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Ollie\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Ollie\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Ollie\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Ollie\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Ollie\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Ollie\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Ollie\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Ollie\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Ollie\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Ollie\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Ollie\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Ollie\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Ollie\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Ollie\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Ollie\Favorites\Links for United Kingdom\Business Link - the site for business.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129728
InternetURL: C:\Users\Ollie\Favorites\Links for United Kingdom\Directgov - the nation's official website.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129698
InternetURL: C:\Users\Ollie\Favorites\Links for United Kingdom\NHS Choices - for health and social care.url -> hxxp://go.microsoft.com/fwlink/?LinkId=143271
InternetURL: C:\Users\Ollie\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Ollie\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Ollie\Desktop\Armored Warfare Open Beta.url -> mycomgames://play/13.2000009
InternetURL: C:\Users\Ollie\Desktop\Crusader Kings II.url -> steam://rungameid/203770
InternetURL: C:\Users\Ollie\Desktop\Middle-earth Shadow of Mordor.url -> steam://rungameid/241930
InternetURL: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Crusader Kings II.url -> steam://rungameid/203770
InternetURL: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Middle-earth Shadow of Mordor.url -> steam://rungameid/241930
InternetURL: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta\Armored Warfare Open Beta.url -> mycomgames://play/13.2000009
InternetURL: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta\Uninstall Armored Warfare Open Beta.url -> mycomgames://uninstall/13.2000009

==================== End of Shortcut.txt =============================
 
MY.COM B.V.) C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe
https://www.virustotal.com/en/url/d...7a059ee3069640468305b969ff8aba7bed1/analysis/

The ADS files are created by COMODO software.You may uninstall it if you do not use it



Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about_:blank
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9aca07fe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
EmptyTemp:
End
Click to expand...

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


~~~~~~~~~~~~~~~``

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.



Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

GzlsbnV.png
ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme.
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click
    esetListThreats.png
    . If no threats were found, skip the next two bullet points.
  • Click
    esetExport.png
    and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to
    xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png
    and click
    SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png
    .
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.


Please let me know how the computer is now.
 
Awesome, my home page is back :)

Unfortunately firefox still opens new tabs when I click links on legitimate sites, sorry I thought this had resolved but it started happening again yesterday evening.

Here are the logs:

Eset:

C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe.xBAD a variant of Win32/Systweak.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll.xBAD a variant of Win32/Systweak.N potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe.xBAD a variant of Win32/Systweak.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe.xBAD a variant of Win32/Systweak potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe.xBAD a variant of Win32/Systweak.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe.xBAD a variant of Win32/Systweak.L potentially unwanted application
C:\FRST\Quarantine\C\Users\Ollie\Downloads\winzip19-lan.exe.xBAD a variant of Win32/InstallCore.ACZ potentially unwanted application
E:\GAMING-PC\Backup Set 2015-09-13 190004\Backup Files 2015-10-18 190001\Backup files 2.zip a variant of Win32/InstallCore.ACZ potentially unwanted application

Fix result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by Ollie (2015-10-19 22:34:22) Run:3
Running from C:\Users\Ollie\Desktop
Loaded Profiles: Ollie (Available Profiles: Ollie & Lisa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about_:blank
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9aca07fe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument restored successfully
C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully.
EmptyTemp: => 254.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:34:37 ====
 
E:\GAMING-PC\Backup Set 2015-09-13 190004\Backup Files 2015-10-18 190001\Backup files 2.zip
a variant of Win32/InstallCore.ACZ potentially unwanted application

Win32/InstallCore is a type of potentially unwanted program that may install other threats when run into the computer. In this case, PUA:Win32/InstallCore may install other adware, toolbars, browser redirect, and hijack the home page of affected browser. Meaning that additional software is bundled with it and may get installed along InstallCore unless you untick (if possible) the installation of the bundled software.(the PUA detection)

It's possible we have removed the infection, but the program came with unwanted little addons that had to be removed.
Future scans will probably show the same results. I'll leave it up to you rather to remove the backup.

~~~~~~~~~~~~~~~~~`
Let's save Firefox bookmarks, then uninstall, We will reinstall and see if that works here.

Are you connected through a router?
Which router are you using?


bullseye_zpse9eaf36e.gif
Flush the FireFox Cache
(these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)
  • In Firefox, Options
  • Select Options
  • Select Privacy tab
  • Find the section that reads: You might want to clear your recent history or remove individual cookies
  • Select clear your recent history
  • Click the Details drop-down arrow
  • Make sure a check mark is placed in the following boxes:
  • Cookies
  • Cache
  • Next select the Time Range to Clear drop-down menu
  • Select Everything (this will only delete all the cookies and cache, and will save the other items not selected)
  • Click Clear Now
=========================

~~~~~~~~~~~~~~~~~~~
Now, through your add/remove programs panel uninstall Firefox.
Reboot

Reinstall Firefox
https://www.mozilla.org/en-US/firefox/new/?utm_source=getfirefox-com&utm_medium=referral
 
Ok I reinstalled Firefox, but still get hijacked to other pages when I click on links on legitimate sites. It does not seem to be a frequent, on the other hand the 3 times it has happened twice I was taken to a page to update flash player, complete with handy little popup to click on to download the update and once to update java which also had the same helpful popup.

I do connect through a router, it was provided by my ISP (Plusnet) and is a Sagecom 2704N.
 
One easy way to refresh your router:
Turn off your computer.
There should be an on/off switch on your router. Turn your router off, leave it off for 5 minutes or so then turn it back om.
Most routers will have lights flash during the set up.
After all lights have stopped flashing, turn your computer back on and try to reconnect to the internet.
~~~~~~~~~~~~~~~`

Download Security Check by screen317 from here.
or these 2 other sites.
http://rocketgrannie.spywareinfoforum.org/SecurityCheck.exe
http://www.bleepingcomputer.com/download/securitycheck/

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~~~~~~~~~~~~~~~~`

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:
Link 1
Link 2
Link 3

Place ComboFix.exe on your Desktop <--Important
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
    ---------------------------------------------------------------------------------------------
  • If there are Internet issues after running ComboFix:
    Internet Explorer:
    Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
    Firefox:
    Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
    Chrome:
    Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
 
Ok I ran security check & combofix, here are the logs:

ComboFix 15-10-21.01 - Ollie 21/10/2015 18:44:23.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8173.6095 [GMT 1:00]
Running from: c:\users\Ollie\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
FW: COMODO Firewall *Enabled* {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
SP: Comodo Defense+ *Enabled/Updated* {493CE176-EB84-BC8D-9707-B3ACF7598648}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2015-09-21 to 2015-10-21 )))))))))))))))))))))))))))))))
.
.
2015-10-21 17:52 . 2015-10-21 17:52 -------- d-----w- c:\users\Lisa\AppData\Local\temp
2015-10-21 17:52 . 2015-10-21 17:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-17 15:27 . 2015-10-17 15:27 -------- d-----w- c:\program files\iTunes
2015-10-17 15:27 . 2015-10-17 15:27 -------- d-----w- c:\program files\iPod
2015-10-17 15:26 . 2015-10-17 15:26 -------- d-----w- c:\program files (x86)\Bonjour
2015-10-17 15:26 . 2015-10-17 15:26 -------- d-----w- c:\program files\Bonjour
2015-10-17 15:25 . 2015-10-17 15:25 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-10-17 11:34 . 2015-10-17 11:43 -------- d-----w- c:\users\Ollie\AppData\Local\WinZip
2015-10-17 11:34 . 2015-10-17 11:42 -------- d-----w- c:\programdata\WinZip
2015-10-17 11:34 . 2015-10-17 11:34 -------- d-----w- c:\program files\WinZip
2015-10-17 03:18 . 2015-10-19 21:35 -------- d-----w- C:\FRST
2015-10-17 03:16 . 2015-10-18 00:12 -------- d-----w- C:\Springclean
2015-10-17 03:15 . 2015-10-17 03:15 -------- d-----w- C:\RegBackup
2015-10-17 03:14 . 2015-10-17 03:14 -------- d-----w- c:\program files (x86)\Tweaking.com
2015-10-17 01:22 . 2015-10-17 01:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-10-17 01:22 . 2015-10-17 01:22 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-17 01:22 . 2015-10-17 01:22 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-17 01:22 . 2015-10-17 01:22 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-13 19:37 . 2015-10-13 19:37 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2015-10-06 17:22 . 2015-10-06 17:22 -------- d-----w- c:\program files (x86)\Futuremark
2015-10-06 17:21 . 2015-10-06 17:21 -------- d-----w- c:\users\Ollie\AppData\Local\IsolatedStorage
2015-10-06 17:21 . 2015-10-06 17:21 -------- d-----w- c:\users\Ollie\AppData\Local\Futuremark
2015-10-06 17:11 . 2015-10-06 17:11 -------- d-----w- c:\program files\Futuremark
2015-10-05 22:30 . 2015-10-05 22:30 -------- d-----w- c:\program files\CPUID
2015-09-30 23:05 . 2015-10-21 17:35 -------- d-----w- c:\users\Ollie\AppData\Local\MyComGames
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-21 17:35 . 2012-11-09 17:23 25640 ----a-w- c:\windows\gdrv.sys
2015-10-20 21:26 . 2014-04-12 12:03 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-17 15:26 . 2015-08-12 15:03 96528 ----a-w- c:\windows\system32\dns-sd.exe
2015-10-17 15:26 . 2015-08-12 15:03 84240 ----a-w- c:\windows\SysWow64\dns-sd.exe
2015-10-16 21:59 . 2012-11-10 00:52 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-16 21:59 . 2012-11-10 00:52 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-13 23:03 . 2012-11-10 16:17 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-10-13 19:38 . 2015-10-13 19:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-09 14:19 . 2015-09-09 14:19 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2015-09-09 14:19 . 2015-09-09 14:19 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-09-09 14:19 . 2015-09-09 14:19 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-09-09 14:19 . 2015-09-09 14:19 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-09-09 14:19 . 2015-09-09 14:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-09-09 14:19 . 2015-09-09 14:19 2048 ----a-w- c:\windows\system32\tzres.dll
2015-09-09 14:18 . 2015-09-09 14:18 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-09 14:18 . 2015-09-09 14:18 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-09 14:18 . 2015-09-09 14:18 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-09 14:18 . 2015-09-09 14:18 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-09 14:18 . 2015-09-09 14:18 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-09 14:18 . 2015-09-09 14:18 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-09 14:18 . 2015-09-09 14:18 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-09-09 14:18 . 2015-09-09 14:18 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-09 14:18 . 2015-09-09 14:18 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-09 14:18 . 2015-09-09 14:18 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-09 14:18 . 2015-09-09 14:18 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-03 11:52 . 2015-01-30 11:27 445472 ----a-w- c:\windows\SysWow64\guard32.dll
2015-09-03 11:52 . 2015-01-30 11:27 579408 ----a-w- c:\windows\system32\guard64.dll
2015-08-12 19:26 . 2015-08-12 19:26 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-12 19:26 . 2015-08-12 19:26 1743360 ----a-w- c:\windows\system32\sysmain.dll
2015-08-12 19:26 . 2015-08-12 19:26 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-12 19:26 . 2015-08-12 19:26 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-08-12 19:26 . 2015-08-12 19:26 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-08-12 19:26 . 2015-08-12 19:26 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-08-12 19:26 . 2015-08-12 19:26 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-08-12 19:26 . 2015-08-12 19:26 158720 ----a-w- c:\windows\system32\aaclient.dll
2015-08-12 19:26 . 2015-08-12 19:26 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-08-12 19:26 . 2015-08-12 19:26 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-12 19:24 . 2015-08-12 19:24 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2015-08-12 19:24 . 2015-08-12 19:24 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-12 19:24 . 2015-08-12 19:24 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2015-08-12 19:24 . 2015-08-12 19:24 102912 ----a-w- c:\windows\system32\davclnt.dll
2015-08-12 19:24 . 2015-08-12 19:24 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-12 19:24 . 2015-08-12 19:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-08-12 19:24 . 2015-08-12 19:24 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-12 19:24 . 2015-08-12 19:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-12 19:24 . 2015-08-12 19:24 2004992 ----a-w- c:\windows\system32\msxml6.dll
2015-08-12 19:24 . 2015-08-12 19:24 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-12 19:24 . 2015-08-12 19:24 1390592 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-12 19:24 . 2015-08-12 19:24 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-12 19:24 . 2015-08-12 19:24 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-08-12 19:24 . 2015-08-12 19:24 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-08-12 19:24 . 2015-08-12 19:24 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-08-12 19:24 . 2015-08-12 19:24 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-08-12 19:24 . 2015-08-12 19:24 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-08-12 19:24 . 2015-08-12 19:24 193536 ----a-w- c:\windows\system32\notepad.exe
2015-08-12 19:24 . 2015-08-12 19:24 193536 ----a-w- c:\windows\notepad.exe
2015-08-12 19:24 . 2015-08-12 19:24 179712 ----a-w- c:\windows\SysWow64\notepad.exe
2015-08-12 19:24 . 2015-08-12 19:24 493504 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-12 15:03 . 2015-08-12 15:03 86288 ----a-w- c:\windows\system32\dnssd.dll
2015-08-12 15:03 . 2015-08-12 15:03 61712 ----a-w- c:\windows\system32\jdns_sd.dll
2015-08-12 15:03 . 2015-08-12 15:03 213264 ----a-w- c:\windows\system32\dnssdX.dll
2015-08-12 15:03 . 2015-08-12 15:03 72976 ----a-w- c:\windows\SysWow64\dnssd.dll
2015-08-12 15:03 . 2015-08-12 15:03 50960 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2015-08-12 15:03 . 2015-08-12 15:03 178960 ----a-w- c:\windows\SysWow64\dnssdX.dll
2015-08-05 00:31 . 2015-01-30 11:27 105096 ----a-w- c:\windows\system32\drivers\inspect.sys
2015-08-05 00:31 . 2015-01-30 11:27 45856 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2015-08-05 00:31 . 2015-01-30 11:27 806032 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2015-08-05 00:31 . 2015-01-30 11:27 21184 ----a-w- c:\windows\system32\drivers\cmderd.sys
2015-08-05 00:29 . 2015-01-30 11:27 41224 ----a-w- c:\windows\system32\cmdcsr.dll
2015-08-05 00:28 . 2015-01-30 11:27 358080 ----a-w- c:\windows\system32\cmdvrt64.dll
2015-08-05 00:28 . 2015-01-30 11:27 45760 ----a-w- c:\windows\system32\cmdkbd64.dll
2015-08-05 00:27 . 2015-01-30 11:27 288448 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2015-08-05 00:26 . 2015-01-30 11:27 40640 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2015-07-30 13:13 . 2015-08-13 00:06 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-13 00:06 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-27 22:00 . 2014-12-02 23:44 155136 ----a-w- c:\windows\SysWow64\unrar.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-11-13 7777560]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2015-10-16 2901584]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-30 1011200]
"MyComGames"="c:\users\Ollie\AppData\Local\MyComGames\MyComGames.exe" [2015-10-17 4222408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-10-17 60688]
"Corsair Duke"="c:\program files (x86)\Corsair\M95 Mouse\M95Hid.exe" [2013-08-15 1771520]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-08-31 508656]
"Corsair M65 Mouse"="c:\program files (x86)\Corsair\M65 Mouse\M65Hid.exe" [2013-08-15 1766912]
"Corsair Gaming Headset Software"="c:\program files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe" [2014-08-18 2918152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-07-10 926896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FAH.lnk - c:\program files\WinZip\FAH\FAHConsole.exe [2015-6-22 434352]
WinZip Preloader.lnk - c:\program files\WinZip\WzPreloader.exe [2015-6-22 126176]
Wireless Utility.lnk - c:\program files (x86)\Edimax\Common\RaUI.exe -s [2012-11-9 1638400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 DUKEMS;Corsair M95 Gaming Mouse;c:\windows\system32\drivers\DUKEMS.sys;c:\windows\SYSNATIVE\drivers\DUKEMS.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Edimax\Common\RaRegistry64.exe;c:\program files (x86)\Edimax\Common\RaRegistry64.exe [x]
S3 CORK70;Corsair K70 Gaming Keyboard;c:\windows\system32\drivers\CORK70.sys;c:\windows\SYSNATIVE\drivers\CORK70.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SnakeEyes;Corsair M65 Gaming Mouse;c:\windows\system32\drivers\SnakeEyes.sys;c:\windows\SYSNATIVE\drivers\SnakeEyes.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-10 21:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-08-05 13662936]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-08-05 1368792]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-08-06 1427648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-10-17 170256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{023BED95-0A6C-4A68-8987-05741C533FF6}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}\245624F687: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\utkgrewf.default-1445277530700\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:18,1d,15,b1,a2,9e,99,a9,9b,3a,83,52,07,db,f0,2f,66,64,8b,54,29,c2,ba,
db,39,04,5a,2f,87,97,bd,8b,15,f4,77,86,6e,f8,3f,8f,24,c9,f4,1a,11,9d,f6,ee,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\SecuROM\License information*]
"datasecu"=hex:da,1d,e0,69,dc,6f,25,8c,ab,57,09,83,4b,61,64,53,f8,f1,66,a1,1b,
e3,7b,57,9f,77,4e,2e,c4,e8,fd,d5,2d,f9,cc,d0,d2,58,2a,88,82,fb,58,ab,11,d2,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2015-10-21 18:56:55
ComboFix-quarantined-files.txt 2015-10-21 17:56
.
Pre-Run: 15,670,272,000 bytes free
Post-Run: 15,237,644,288 bytes free
.
- - End Of File - - AFF25145B6A2DAE3B3D71D1F6829A742
A36C5E4F47E84449FF07ED3517B43A31

Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
COMODO Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Flash Player 19.0.0.226
Adobe Reader XI
Mozilla Firefox (41.0.2)
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Flash 19.0.0.226 released

For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_19_plugin.exe

Flash test site: https://www.adobe.com/software/flash/about/
___

Adobe Acrobat/Reader 11.0.13/10.1.16 released
To install Adobe Reader and Acrobat updates from Adobe Updater, do the following:

Launch Adobe Reader or Acrobat.
Choose Help > Check for Updates.
Follow the steps in the Updater window to download and install the latest updates.


Go to this page to verify which version of Java your using. If it says you need to update, please follow the instructions.
https://www.java.com/en/download/installed.jsp

~~~~~~~~~~~~~~~

bullseye_zpse9eaf36e.gif
Malwarebytes Anti-Rootkit
  • Download Malwarebytes Anti-Rootkit
  • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
  • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
  • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
  • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
  • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
  • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
  • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

    MBAMAnti-Rootkit1_zps4613be8c.png


  • Please click by the introduction screen on the Next button to continue.


    MBAMAnti-Rootkit2update_zpsf85fca28.png


  • Next you will see the Update Database screen.
  • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.


    MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png


  • When the update has finished, click on the Next button.

    MBAMAnti-Rootkitscan_zps9b346fe7.png


  • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
  • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.

    MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png


  • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
  • Make sure everything is selected and that the option to create a restore point is checked.
  • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
  • Click on Yes button to restart your computer.
  • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
  • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
  • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.

  • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
I ran MBAR but it did not find anything here are the logs:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18059

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.120000 GHz
Memory total: 8570265600, free: 6165397504

Downloaded database version: v2015.10.21.07
Downloaded database version: v2015.10.16.01
Downloaded database version: v2015.10.21.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
10/21/2015 22:55:14
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIVX.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\CORK70.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\SnakeEyes.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\dokan.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\gdrv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.10.21.07
rootkit: v2015.10.16.01

<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007253060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80072340a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007253060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80069e2450, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006ff6680, DeviceName: \Device\Ide\IdeDeviceP0T1L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007234790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80071369a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007234790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006ff9520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006ff2060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DEAEFB8F

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953519616
Partition is not bootable
Partition file system is NTFS

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B8A0EC17

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition is bootable
Partition file system is NTFS

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 351442944
Partition is not bootable
Partition file system is NTFS

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Disk Size: 180045766656 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18059

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.120000 GHz
Memory total: 8570265600, free: 6424834048

=======================================

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2015.10.21.07
rootkit: v2015.10.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18059
Ollie :: GAMING-PC [administrator]

21/10/2015 22:55:23
mbar-log-2015-10-21 (22-55-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 386084
Time elapsed: 9 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Unfortunately, I am still getting the redirects :(
 
Status
Not open for further replies.
Back
Top