Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

page redirect removal/correct repost

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

page redirect removal/correct repost

Unread postby Fishingforbytes » February 26th, 2016, 6:57 am

Repost got it wrong first time

Hi im new here and came across your site after spending all day and night trying to find a solution to my problem.my son has been using the computer while i have been away and now every time i open fire fox when i open a page and then after a couple of click on links i am redirected to adultx.top or something else comes up saying sponsored by plugrush.

i have windows defender running all the time as well as malwre bytes but these do not detect anything.

i also use super anti spyware but still nothing.

so i have spent all day lookig for solutions. i have reset firefox no good.downloaded hitman pro no good...tdss killer and jrt as well as avira anti virus but still nothing detected

i am not using these all at one lol.i make sure others are unistalled before another is used.

i have not got a clue to whats causing it.i have also done system restore and still the problem is there.

can anyone help please as ill hate to have to reinstal windows

i am running windows 10 pro with amd a8 and 16 gig ram

thanks again for all help im at my wits end
..............................................................................................................................................................................................................................................................................................................................

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Tony (administrator) on DESKTOP (26-02-2016 00:42:25)
Running from C:\Users\Tony\Desktop
Loaded Profiles: Tony (Available Profiles: Tony)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Oki Data Corporation) C:\Windows\System32\spool\drivers\x64\3\OKHSLDCS.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-07-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKLM-x32\...\RunOnce: [ClearDrive] => C:\Program Files (x86)\Hard Drive Powerwash\stwasher2.exe [26816 2013-03-12] ()
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\...\Run: [EPSON SX125 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0cd8e357-cc70-4bd6-b2a7-543f3422a1c2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkI ... id=UE01DHP
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.1.120:8020/codebase/DVM_IPCam2.ocx
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1001379508-1290023974-3518000192-1001 -> hxxp://google.co.uk/

FireFox:
========
FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\7cp2t7kw.default-1456434442731
FF Homepage: hxxps://www.google.co.uk/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-26] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\7cp2t7kw.default-1456434442731\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2016-02-25]
FF Extension: New Tab Homepage - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\7cp2t7kw.default-1456434442731\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-02-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 DCSLoader; C:\Windows\system32\spool\DRIVERS\x64\3\OKHSLDCS.EXE [20480 2011-11-14] (Oki Data Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2266160 2016-02-01] (IBM Corp.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R1 RapportCerberus_1507079; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507079.sys [961880 2015-12-06] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [514336 2016-02-01] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [152320 2016-02-01] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [407168 2016-02-01] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [507424 2016-02-01] (IBM Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 V0380Vid; C:\Windows\system32\DRIVERS\V0380Vid.sys [331008 2015-07-31] (Creative Technology Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-12-05] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-26 00:26 - 2016-02-26 00:27 - 00027541 _____ C:\Users\Tony\Desktop\Addition.txt
2016-02-26 00:25 - 2016-02-26 00:42 - 00010422 _____ C:\Users\Tony\Desktop\FRST.txt
2016-02-26 00:25 - 2016-02-26 00:42 - 00000000 ____D C:\FRST
2016-02-26 00:19 - 2016-02-26 00:25 - 02371072 _____ (Farbar) C:\Users\Tony\Desktop\FRST64.exe
2016-02-25 23:21 - 2016-02-25 23:28 - 00000000 ____D C:\Users\Tony\AppData\Local\NPE
2016-02-25 23:21 - 2016-02-25 23:21 - 00000000 ____D C:\ProgramData\Norton
2016-02-25 22:35 - 2016-02-25 22:35 - 00000000 ____D C:\Users\Tony\AppData\Local\Sophos
2016-02-25 22:27 - 2016-02-26 00:07 - 00000000 ____D C:\ProgramData\Sophos
2016-02-25 22:27 - 2016-02-26 00:07 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-02-25 22:27 - 2016-02-25 22:27 - 00161024 ____N (Sophos Limited) C:\WINDOWS\system32\Drivers\savonaccess.sys
2016-02-25 22:21 - 2016-02-25 22:25 - 196786040 _____ (Sophos Limited) C:\Users\Tony\Desktop\SophosInstall.exe
2016-02-25 22:01 - 2016-02-25 22:01 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-25 21:17 - 2016-02-25 21:34 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-25 20:27 - 2016-02-25 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-02-25 19:31 - 2016-02-25 19:31 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-25 19:31 - 2016-02-25 19:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-25 19:30 - 2016-02-25 19:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-25 19:28 - 2016-02-25 19:28 - 00242080 _____ C:\Users\Tony\Desktop\Firefox Setup Stub 44.0.2.exe
2016-02-25 19:01 - 2016-02-25 19:02 - 00076380 _____ C:\TDSSKiller.3.1.0.9_25.02.2016_19.01.29_log.txt
2016-02-25 18:20 - 2016-02-25 18:20 - 00023112 _____ C:\WINDOWS\system32\Drivers\hitmanpro35.sys
2016-02-25 18:19 - 2016-02-25 18:20 - 00000000 ____D C:\ProgramData\Hitman Pro
2016-02-25 18:19 - 2016-02-25 18:19 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-25 17:36 - 2016-02-25 17:37 - 00070060 _____ C:\TDSSKiller.3.1.0.9_25.02.2016_17.36.22_log.txt
2016-02-25 13:52 - 2016-02-25 13:52 - 00000000 ____D C:\Users\Tony\AppData\Roaming\LavasoftStatistics
2016-02-25 13:52 - 2016-02-25 13:52 - 00000000 ____D C:\Users\Tony\AppData\Roaming\Lavasoft
2016-02-25 13:51 - 2016-02-25 13:51 - 00000000 ____D C:\Program Files\Lavasoft
2016-02-25 13:48 - 2016-02-25 13:48 - 00000000 ____D C:\ProgramData\Lavasoft
2016-02-25 13:05 - 2016-02-25 13:05 - 00000000 ____D C:\Users\Tony\Documents\ProcAlyzer Dumps
2016-02-25 12:47 - 2016-02-25 12:47 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-25 12:45 - 2016-02-25 12:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-02-25 12:44 - 2016-02-25 14:57 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-25 11:55 - 2016-02-25 11:55 - 00000490 _____ C:\TDSSKiller.3.1.0.9_25.02.2016_11.55.43_log.txt
2016-02-25 11:52 - 2016-02-25 11:54 - 00131292 _____ C:\TDSSKiller.3.1.0.9_25.02.2016_11.52.47_log.txt
2016-02-24 20:21 - 2016-02-25 12:24 - 00000000 ____D C:\Users\Tony\Desktop\Rambo.Quadrilogy.1982-2008.Ultimate.Uncut.Remastered.Edition.720p.BluRay.x264.AAC-ETRG
2016-02-24 12:03 - 2016-02-24 17:32 - 00000000 ____D C:\Users\Tony\Desktop\In The Heart Of The Sea
2016-02-20 13:17 - 2016-02-20 13:22 - 00000000 ____D C:\Users\Tony\Desktop\The Hobbit Collection
2016-02-19 19:13 - 2016-02-20 10:31 - 00000000 ____D C:\Users\Tony\Desktop\Victor Frankenstein
2016-02-19 14:01 - 2016-02-20 10:31 - 00000000 ____D C:\Users\Tony\Desktop\The Nutty Professor Collection
2016-02-19 13:08 - 2016-02-19 13:08 - 00000000 ____D C:\Users\Tony\Desktop\Snowtime
2016-02-16 12:26 - 2016-02-16 16:26 - 00000000 ____D C:\Users\Tony\Desktop\The Forest
2016-02-15 15:11 - 2016-02-15 16:24 - 00000000 ____D C:\Users\Tony\Desktop\The Good Dinosaur
2016-02-15 09:35 - 2016-02-15 09:40 - 00000000 ____D C:\Users\Tony\Documents\Sound recordings
2016-02-14 14:56 - 2016-02-14 16:25 - 2040422598 _____ C:\Users\Tony\Desktop\Forrest Gump.mp4
2016-02-14 14:55 - 2016-02-14 18:14 - 00000000 ____D C:\Users\Tony\Desktop\Conan The Barbarian
2016-02-14 14:55 - 2016-02-14 17:40 - 00000000 ____D C:\Users\Tony\Desktop\Conan the Destroyer
2016-02-14 12:16 - 2016-01-29 06:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-14 12:16 - 2016-01-29 06:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-14 12:16 - 2016-01-27 06:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-14 12:16 - 2016-01-27 06:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-14 12:16 - 2016-01-27 06:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-14 12:16 - 2016-01-27 06:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-14 12:16 - 2016-01-27 06:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-14 12:16 - 2016-01-27 05:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-14 12:16 - 2016-01-27 05:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-14 12:16 - 2016-01-27 05:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-14 12:16 - 2016-01-27 05:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-14 12:16 - 2016-01-27 05:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-14 12:16 - 2016-01-27 05:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-14 12:16 - 2016-01-27 05:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-14 12:16 - 2016-01-27 05:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-14 12:16 - 2016-01-27 05:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-14 12:16 - 2016-01-27 05:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-14 12:16 - 2016-01-27 05:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-14 12:16 - 2016-01-27 05:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-14 12:16 - 2016-01-27 05:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-14 12:16 - 2016-01-27 05:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-14 12:16 - 2016-01-27 05:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-14 12:16 - 2016-01-27 05:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-14 12:16 - 2016-01-27 05:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-14 12:16 - 2016-01-27 05:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-14 12:16 - 2016-01-27 05:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-14 12:16 - 2016-01-27 05:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-14 12:16 - 2016-01-27 05:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-14 12:16 - 2016-01-27 05:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-14 12:16 - 2016-01-27 05:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-14 12:16 - 2016-01-27 05:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-14 12:16 - 2016-01-27 05:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-14 12:16 - 2016-01-27 05:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-14 12:16 - 2016-01-27 05:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-14 12:16 - 2016-01-27 05:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-14 12:16 - 2016-01-27 05:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-14 12:16 - 2016-01-27 05:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-14 12:16 - 2016-01-27 05:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-14 12:16 - 2016-01-27 05:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-14 12:16 - 2016-01-27 05:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-14 12:16 - 2016-01-27 05:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-14 12:16 - 2016-01-27 05:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-14 12:16 - 2016-01-27 05:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-14 12:16 - 2016-01-27 04:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-14 12:16 - 2016-01-27 04:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-14 12:16 - 2016-01-27 04:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-14 12:16 - 2016-01-27 04:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-14 12:16 - 2016-01-27 04:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-14 12:16 - 2016-01-27 04:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-14 12:16 - 2016-01-27 04:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-14 12:16 - 2016-01-27 04:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-14 12:16 - 2016-01-27 04:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-14 12:16 - 2016-01-27 04:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-14 12:16 - 2016-01-27 04:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-14 12:16 - 2016-01-27 04:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-14 12:16 - 2016-01-27 04:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-14 12:16 - 2016-01-27 04:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-14 12:16 - 2016-01-27 04:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-14 12:16 - 2016-01-27 04:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-14 12:16 - 2016-01-27 04:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-14 12:16 - 2016-01-27 04:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-14 12:16 - 2016-01-27 04:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-14 12:16 - 2016-01-27 04:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-14 12:16 - 2016-01-27 04:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-14 12:16 - 2016-01-27 04:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-12 19:47 - 2016-02-12 21:16 - 00000000 ____D C:\Users\Tony\Desktop\Monkey Up
2016-02-12 12:13 - 2016-02-12 12:14 - 00000000 ____D C:\Users\Tony\Desktop\Router Screen Shots
2016-02-12 11:50 - 2016-02-14 20:38 - 00000000 ____D C:\Users\Tony\Desktop\Walking Dead For Xbox
2016-02-11 16:50 - 2016-02-11 16:51 - 00000000 ____D C:\Users\Tony\Desktop\Jurassic Park Collection
2016-02-10 13:33 - 2016-02-14 16:13 - 00000000 ____D C:\Users\Tony\Desktop\The Night Before
2016-02-09 18:47 - 2016-02-22 15:11 - 00000000 ____D C:\Users\Tony\Desktop\Ebay Pictures
2016-02-09 12:38 - 2016-02-13 10:28 - 00000000 ____D C:\Users\Tony\Desktop\The Walking Dead
2016-02-08 14:52 - 2016-02-08 14:52 - 00000000 ____D C:\Users\Tony\Desktop\Camera Security Software
2016-02-07 16:35 - 2016-02-25 15:17 - 00000000 ____D C:\Users\Tony\Desktop\Security Camera Footage
2016-02-07 11:08 - 2016-02-08 13:56 - 00000000 ____D C:\Program Files (x86)\Aiseesoft Total Video Converter
2016-02-05 14:54 - 2016-02-05 14:54 - 00000000 ____D C:\ProgramData\ATI
2016-02-05 14:16 - 2016-02-25 14:46 - 00000000 ____D C:\Program Files\ATI Technologies
2016-02-05 14:16 - 2016-02-05 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-02-03 18:28 - 2016-02-07 11:05 - 00000000 ____D C:\Users\Tony\Desktop\The 100 Season 1-2
2016-02-03 12:20 - 2016-02-14 16:39 - 00000000 ____D C:\Users\Tony\Desktop\Backtrack
2016-01-31 11:03 - 2016-01-31 11:03 - 00000000 ____D C:\Users\Tony\Desktop\Ride.Along.2.2016.HC.HDRip.XViD.AC3-ETRG
2016-01-31 11:02 - 2016-02-14 16:29 - 00000000 ____D C:\Users\Tony\Desktop\Crimson Peak
2016-01-28 14:34 - 2016-01-16 06:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 14:34 - 2016-01-16 06:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 14:34 - 2016-01-16 06:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 14:34 - 2016-01-16 06:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 14:34 - 2016-01-16 06:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 14:34 - 2016-01-16 06:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 14:34 - 2016-01-16 06:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 14:34 - 2016-01-16 06:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 14:34 - 2016-01-16 06:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 14:34 - 2016-01-16 06:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 14:34 - 2016-01-16 06:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 14:34 - 2016-01-16 06:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 14:34 - 2016-01-16 06:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 14:34 - 2016-01-16 06:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 14:34 - 2016-01-16 06:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 14:34 - 2016-01-16 06:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 14:34 - 2016-01-16 06:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 14:34 - 2016-01-16 06:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 14:34 - 2016-01-16 06:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 14:34 - 2016-01-16 06:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 14:34 - 2016-01-16 06:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 14:34 - 2016-01-16 06:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 14:34 - 2016-01-16 05:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 14:34 - 2016-01-16 05:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 14:34 - 2016-01-16 05:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 14:34 - 2016-01-16 05:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 14:34 - 2016-01-16 05:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 14:34 - 2016-01-16 05:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 14:34 - 2016-01-16 05:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 14:34 - 2016-01-16 05:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 14:34 - 2016-01-16 05:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 14:34 - 2016-01-16 05:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 14:34 - 2016-01-16 05:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 14:34 - 2016-01-16 05:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 14:34 - 2016-01-16 05:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 14:34 - 2016-01-16 05:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 14:34 - 2016-01-16 05:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 14:34 - 2016-01-16 05:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 14:34 - 2016-01-16 05:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 14:34 - 2016-01-16 05:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 14:34 - 2016-01-16 05:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 14:34 - 2016-01-16 05:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 14:34 - 2016-01-16 05:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 14:34 - 2016-01-16 05:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 14:34 - 2016-01-16 05:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 14:34 - 2016-01-16 05:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 14:34 - 2016-01-16 05:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 14:34 - 2016-01-16 05:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 14:34 - 2016-01-16 05:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 14:34 - 2016-01-16 05:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 14:34 - 2016-01-16 05:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 14:34 - 2016-01-16 05:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 14:34 - 2016-01-16 05:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 14:34 - 2016-01-16 05:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 14:34 - 2016-01-16 05:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 14:34 - 2016-01-16 05:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 14:34 - 2016-01-16 05:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 14:34 - 2016-01-16 05:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 14:34 - 2016-01-16 05:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 14:34 - 2016-01-16 05:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 14:34 - 2016-01-16 05:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 14:34 - 2016-01-16 05:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 14:34 - 2016-01-16 05:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 14:34 - 2016-01-16 05:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 14:34 - 2016-01-16 05:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 14:34 - 2016-01-16 05:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 14:34 - 2016-01-16 05:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 14:34 - 2016-01-16 05:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 14:34 - 2016-01-16 05:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 14:34 - 2016-01-16 05:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 14:34 - 2016-01-16 05:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 14:34 - 2016-01-16 05:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 14:34 - 2016-01-16 05:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 14:34 - 2016-01-16 05:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 14:34 - 2016-01-16 05:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 14:34 - 2016-01-16 05:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 14:34 - 2016-01-16 05:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 14:34 - 2016-01-16 05:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 14:34 - 2016-01-16 05:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 14:34 - 2016-01-16 05:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 14:34 - 2016-01-16 05:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 14:34 - 2016-01-16 05:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 14:34 - 2016-01-16 05:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 14:34 - 2016-01-16 05:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 14:34 - 2016-01-16 05:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 14:34 - 2016-01-16 05:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 14:34 - 2016-01-16 05:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 14:34 - 2016-01-16 05:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 14:34 - 2016-01-16 05:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 14:34 - 2016-01-16 05:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 14:34 - 2016-01-16 05:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-28 14:33 - 2016-01-16 05:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 14:33 - 2016-01-16 05:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 14:33 - 2016-01-16 05:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 14:33 - 2016-01-16 05:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 14:33 - 2016-01-16 05:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 14:33 - 2016-01-16 05:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 14:33 - 2016-01-16 05:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 14:33 - 2016-01-16 05:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 14:33 - 2016-01-16 05:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 14:33 - 2016-01-16 05:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 14:33 - 2016-01-16 05:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 14:33 - 2016-01-16 05:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 14:33 - 2016-01-16 05:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 14:33 - 2016-01-16 05:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 14:33 - 2016-01-16 05:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 14:33 - 2016-01-16 05:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 14:33 - 2016-01-16 05:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-26 00:24 - 2015-08-01 22:51 - 00000000 ____D C:\Users\Tony\AppData\Local\Adobe
2016-02-25 22:11 - 2015-12-06 00:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-25 22:10 - 2015-10-30 06:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-25 22:06 - 2015-08-01 23:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-25 21:58 - 2015-08-01 11:45 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-02-25 21:33 - 2015-08-01 17:15 - 00000000 ____D C:\Users\Tony\AppData\Roaming\tixati
2016-02-25 21:30 - 2015-11-16 19:47 - 00000000 ____D C:\Users\Tony\.oracle_jre_usage
2016-02-25 21:29 - 2015-11-16 19:47 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-25 21:29 - 2015-11-16 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-25 21:29 - 2015-11-16 19:47 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-25 20:27 - 2015-08-19 14:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-02-25 20:17 - 2015-12-05 23:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-25 18:36 - 2015-08-11 22:44 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-25 15:27 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-25 15:27 - 2015-08-09 13:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-25 15:26 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-25 15:22 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-25 15:16 - 2015-08-12 19:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-25 15:11 - 2015-12-05 23:58 - 00000000 ____D C:\Users\Tony
2016-02-25 15:08 - 2015-10-30 18:09 - 00000000 ____D C:\WINDOWS\ShellNew
2016-02-25 15:08 - 2015-10-30 18:09 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-25 15:07 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-02-25 15:07 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-25 15:07 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-02-25 15:06 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-25 15:05 - 2015-08-14 23:39 - 00000000 ____D C:\Users\Tony\AppData\Roaming\vlc
2016-02-25 15:05 - 2015-08-01 13:40 - 00000000 ____D C:\Users\Tony\AppData\Roaming\IrfanView
2016-02-25 14:50 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\registration
2016-02-22 19:43 - 2015-08-01 13:13 - 00000000 ____D C:\Users\Tony\Desktop\Pirates of the Caribbean Collection
2016-02-20 13:20 - 2015-08-01 13:32 - 00000000 ____D C:\Users\Tony\Desktop\The Lord Of The Rings Collection
2016-02-20 10:29 - 2015-08-01 13:20 - 00000000 ____D C:\Users\Tony\Desktop\The Big Bang Theory
2016-02-15 14:18 - 2015-08-01 13:11 - 00000000 ____D C:\Users\Tony\Desktop\Movies
2016-02-15 09:25 - 2015-07-31 20:48 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-14 22:50 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-02-14 22:50 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-02-14 20:38 - 2015-07-31 20:51 - 00834360 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-14 18:49 - 2015-08-01 12:54 - 00000000 ____D C:\Users\Tony\Desktop\Folder
2016-02-14 17:44 - 2015-08-19 20:10 - 00000000 ____D C:\Users\Tony\Desktop\Converted Avi
2016-02-14 17:03 - 2016-01-26 14:31 - 00000000 ____D C:\Users\Tony\Desktop\Macbeth
2016-02-14 16:49 - 2015-12-27 14:41 - 00000000 ____D C:\Users\Tony\Desktop\BridgeOf Spies
2016-02-14 16:14 - 2015-12-07 16:51 - 00000000 ____D C:\Users\Tony\Desktop\Bad Roomies
2016-02-14 14:29 - 2015-08-01 14:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-14 14:27 - 2015-07-10 11:04 - 00000167 _____ C:\WINDOWS\win.ini
2016-02-13 11:51 - 2015-08-10 22:13 - 00000000 ____D C:\Users\Tony\AppData\Roaming\dvdcss
2016-02-13 09:09 - 2015-08-11 22:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-12 19:31 - 2015-10-18 10:01 - 00000000 ____D C:\Users\Tony\Desktop\Vacation
2016-02-12 17:21 - 2015-08-01 13:17 - 00000000 ____D C:\Users\Tony\Desktop\Rocky Collection
2016-02-12 16:54 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-02-12 14:06 - 2015-08-01 13:10 - 00000000 ____D C:\Users\Tony\Desktop\Mad Max Collection
2016-02-07 13:21 - 2015-08-01 17:15 - 00000000 ____D C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2016-02-07 13:21 - 2015-08-01 17:15 - 00000000 ____D C:\Program Files\tixati
2016-02-07 11:08 - 2015-08-19 20:32 - 00000000 ____D C:\Users\Tony\AppData\Local\Aiseesoft Studio
2016-02-06 13:24 - 2015-11-16 19:44 - 00000000 ____D C:\ProgramData\Oracle
2016-02-06 09:57 - 2015-07-31 20:48 - 00000000 ____D C:\Users\Tony\AppData\Local\Packages
2016-02-05 17:18 - 2015-10-28 17:58 - 00000000 ____D C:\Users\Tony\Desktop\James Bond Collection
2016-02-05 14:16 - 2015-12-05 23:55 - 00000000 ____D C:\ProgramData\AMD
2016-02-05 14:16 - 2015-12-05 23:55 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-02-05 14:15 - 2015-07-31 21:11 - 00000000 ____D C:\AMD
2016-02-05 13:55 - 2015-12-05 23:54 - 00000000 ____D C:\Program Files\AMD
2016-02-04 16:25 - 2015-08-01 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-02-03 19:01 - 2015-10-30 07:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 19:01 - 2015-10-30 07:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-01 10:39 - 2015-08-01 12:51 - 00407168 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2016-02-01 10:39 - 2015-08-01 12:51 - 00152320 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2016-01-29 16:26 - 2015-10-30 07:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 16:26 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 16:26 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 16:26 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-29 16:25 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 16:25 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 16:25 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-27 14:10 - 2015-08-10 20:13 - 00000000 ____D C:\Users\Tony\AppData\Roaming\Vso

==================== Files in the root of some directories =======

2015-08-10 20:13 - 2015-12-31 19:27 - 0001057 _____ () C:\Users\Tony\AppData\Roaming\vso_ts_preview.xml
2015-09-20 16:51 - 2015-12-27 11:14 - 0008704 _____ () C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-16 12:13 - 2015-12-16 12:13 - 0002675 _____ () C:\Users\Tony\AppData\Local\recently-used.xbel
2015-12-05 23:54 - 2015-12-05 23:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-22 13:09

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by Tony (2016-02-26 00:26:35)
Running from C:\Users\Tony\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-06 00:12:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1001379508-1290023974-3518000192-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1001379508-1290023974-3518000192-503 - Limited - Disabled)
Guest (S-1-5-21-1001379508-1290023974-3518000192-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1001379508-1290023974-3518000192-1009 - Limited - Enabled)
Tony (S-1-5-21-1001379508-1290023974-3518000192-1001 - Administrator - Enabled) => C:\Users\Tony

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Aiseesoft Total Video Converter 6.2.32 (HKLM-x32\...\{13C9CA1F-8D5A-4812-9FB4-434C9058BD77}_is1) (Version: 6.2.32 - Aiseesoft Studio)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Creative Live! Cam Optia Pro (VF0380) Driver (1.03.03.00) (HKLM\...\Creative VF0380) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX125 Series Printer Uninstall (HKLM\...\EPSON SX125 Series) (Version: - SEIKO EPSON Corporation)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Hard Drive Powerwash (Remove only) (HKLM-x32\...\Hard Drive Powerwash) (Version: - )
IP Camera (HKLM-x32\...\IP Camera) (Version: - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
OKI Network Extension (HKLM-x32\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Rapport (x32 Version: 3.5.1507.109 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Tixati (HKLM-x32\...\tixati) (Version: - )
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.109 - Trusteer)
UltraISO Premium V9.3 (HKLM-x32\...\UltraISO_is1) (Version: - )
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WinX DVD Ripper Platinum 7.5.11 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1001379508-1290023974-3518000192-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Tony\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BEB0D07-C301-4B55-B2C0-FDF508D44F80} - \AutoKMS -> No File <==== ATTENTION
Task: {273DBFFC-7A28-4981-9185-60001C03AEC2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {5C8A7D8C-76BB-4E84-A722-CA65D38B456B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-25] (Microsoft Corporation)
Task: {7C9748CD-1030-46A3-A32B-18957B073D0E} - System32\Tasks\{724EA1E0-DCFB-4776-94EE-D7FE98C8C386} => pcalua.exe -a C:\Users\Tony\Desktop\colorcubesviz.exe -d C:\Users\Tony\Desktop
Task: {7D97559F-96E4-4044-99D9-749F26F6F25B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C31F0E93-16FA-47D9-84ED-CDF483482E0F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CB4031CB-C08B-4619-A55B-6D64EC5E8E9F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D11D34F7-6C37-45CA-AD64-E0EDA1489491} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {F85DA0B9-16FF-48A1-ADA1-926B6C83998F} - System32\Tasks\{02B9F0AF-5000-406C-AAC6-B67AD0B37A10} => pcalua.exe -a C:\Users\Tony\Desktop\blazingcolorsviz.exe -d C:\Users\Tony\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-04 16:43 - 2015-11-04 16:43 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-12-05 23:47 - 2015-12-05 23:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-05 23:47 - 2015-12-05 23:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-08-01 13:40 - 2005-06-07 11:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-01-22 10:58 - 2016-01-22 10:59 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-19 10:27 - 2015-12-07 04:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-19 10:27 - 2015-12-07 04:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 11:49 - 2016-01-05 01:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 11:49 - 2016-01-05 01:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 14:34 - 2016-01-16 05:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 14:34 - 2016-01-16 05:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-22 10:58 - 2016-01-22 10:59 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 10:58 - 2016-01-22 10:59 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-07-21 16:02 - 2015-07-21 16:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 11:04 - 2015-07-10 11:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tony\Desktop\Pictures\Hulk.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\...\StartupApproved\Run: => "EPSON SX125 Series"
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\...\StartupApproved\Run: => "TomTomHOME.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{9423D670-EA2D-4963-89AE-287DF246E63A}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{23FEDAB7-BE47-4547-AC55-DCF1333BB4C5}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{7D0ABDBB-C7A7-4037-84FC-2D9BE6497DD8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8FECB20D-9D3A-45E7-B1C7-C655E1811A2C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E4620B51-0AC1-4C23-A6D2-C60DA21CA9CC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{FE599AA9-B531-4D19-BFAD-D157C6C34021}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{EAC6E7E8-04E0-4F75-BB0E-3B1CDC675ED4}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{22E48C59-C687-4830-B971-F34C9BB8F241}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [{C59BF30E-8C03-43BF-B194-76470E4319F7}] => (Block) C:\windows\syswow64\ipcamera.exe
FirewallRules: [{C8604CDE-7EB0-407D-82F3-6B5C3788D15D}] => (Block) C:\windows\syswow64\ipcamera.exe
FirewallRules: [UDP Query User{A23F0A37-FEE6-45E4-A4D2-63CD215CE542}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe
FirewallRules: [TCP Query User{EF5E9278-1340-43A5-80BA-0CF8F736DD48}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe
FirewallRules: [{0F0DCCD3-3F40-4BE9-B71A-A554B67C9F9A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8E8B4817-FD9E-4B1F-BABD-9A01E2A3323B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1E92A8E2-C1EE-46A0-80B1-89D56563BD51}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{555208E3-D303-43F5-9D74-DEC7AFA0D5E9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E78F9A0F-6DD0-402F-8CB2-8C26A1C3A21F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8CDD8021-F02E-47CC-B4A5-885582A4EC65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

25-02-2016 15:39:11 Rollback
25-02-2016 17:22:59 JRT Pre-Junkware Removal
25-02-2016 19:02:59 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2016 10:01:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP)
Description: Activation of application Microsoft.Getstarted_2.6.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/25/2016 08:12:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program avscan.exe version 15.0.15.133 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1a14

Start Time: 01d17002692b3fcb

Termination Time: 60000

Application Path: C:\Program Files (x86)\Avira\Antivirus\avscan.exe

Report Id: e61cd089-dbfa-11e5-9c92-fcaa14895a4b

Faulting package full name:

Faulting package-relative application ID:

Error: (02/25/2016 07:03:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/25/2016 07:00:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (6140) testing: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Tony\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (02/25/2016 07:00:27 PM) (Source: ESENT) (EventID: 490) (User: )
Description: CCleaner64 (6140) testing: An attempt to open the file "C:\Users\Tony\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/25/2016 05:23:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/25/2016 03:39:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/25/2016 03:31:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/25/2016 03:27:24 PM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (02/25/2016 03:22:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP)
Description: Activation of application Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (02/25/2016 10:33:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1

Error: (02/25/2016 10:11:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The APXACC service failed to start due to the following error:
%%31

Error: (02/25/2016 10:11:23 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (02/25/2016 10:10:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/25/2016 10:10:50 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/25/2016 10:10:49 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/25/2016 10:10:41 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/25/2016 10:10:41 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/25/2016 10:10:41 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/25/2016 10:10:41 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


CodeIntegrity:
===================================
Date: 2016-02-26 00:26:59.575
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-25 23:32:57.519
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-25 15:38:02.728
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-25 15:14:02.418
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-16 13:47:40.237
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-16 10:34:31.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-15 14:41:52.570
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-15 09:24:33.537
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-14 12:04:51.406
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-13 09:04:56.720
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A8-6600K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 16%
Total physical RAM: 15560.62 MB
Available physical RAM: 13004.11 MB
Total Virtual: 17864.62 MB
Available Virtual: 14985.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.53 GB) (Free:1222.86 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:931.39 GB) (Free:867.69 GB) NTFS
Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:167.14 GB) NTFS
Drive f: (Storage) (Fixed) (Total:931.51 GB) (Free:454.33 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3795030C)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: FCB43DFD)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A7167C54)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: ACA0D3A8)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Fishingforbytes
Active Member
 
Posts: 10
Joined: February 25th, 2016, 8:18 pm
Advertisement
Register to Remove

Re: page redirect removal/correct repost

Unread postby Fishingforbytes » February 27th, 2016, 9:19 am

Hi sorry for double post but after finishing previous tasks plus running FRST64 and switching the computer on the next day the the problem seems to have gone.now i am not sure if it has or just laying dormant so i have reposted a fresh FRST64 scan to be looked at. i thank you all once again for help.



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Tony (administrator) on DESKTOP (27-02-2016 13:04:10)
Running from C:\Users\Tony\Desktop\Adaware Removers\Farbar Recovery Scan Tool
Loaded Profiles: Tony (Available Profiles: Tony)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Oki Data Corporation) C:\Windows\System32\spool\drivers\x64\3\OKHSLDCS.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Perspective Software) C:\Program Files\Blue Iris 4\BlueIris.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-07-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKLM-x32\...\RunOnce: [ClearDrive] => C:\Program Files (x86)\Hard Drive Powerwash\stwasher2.exe [26816 2013-03-12] ()
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\...\Run: [EPSON SX125 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0cd8e357-cc70-4bd6-b2a7-543f3422a1c2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkI ... id=UE01DHP
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.1.120:8020/codebase/DVM_IPCam2.ocx
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1001379508-1290023974-3518000192-1001 -> hxxp://google.co.uk/

FireFox:
========
FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\7cp2t7kw.default-1456434442731
FF Homepage: hxxps://www.google.co.uk/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-26] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\7cp2t7kw.default-1456434442731\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2016-02-25]
FF Extension: New Tab Homepage - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\7cp2t7kw.default-1456434442731\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-02-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 DCSLoader; C:\Windows\system32\spool\DRIVERS\x64\3\OKHSLDCS.EXE [20480 2011-11-14] (Oki Data Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2266160 2016-02-01] (IBM Corp.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R1 RapportCerberus_1507079; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507079.sys [961880 2015-12-06] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [514336 2016-02-01] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [152320 2016-02-01] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [407168 2016-02-01] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [507424 2016-02-01] (IBM Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 V0380Vid; C:\Windows\system32\DRIVERS\V0380Vid.sys [331008 2015-07-31] (Creative Technology Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-12-05] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-26 22:10 - 2016-02-26 22:11 - 00000000 ____D C:\Users\Tony\Desktop\Adaware Removers
2016-02-26 12:43 - 2016-02-26 12:43 - 00000000 ____D C:\BlueIris
2016-02-26 12:42 - 2016-02-26 12:54 - 00000000 ____D C:\Program Files\Blue Iris 4
2016-02-26 12:42 - 2016-02-26 12:42 - 00001483 _____ C:\Users\Public\Desktop\Blue Iris 4.lnk
2016-02-26 12:42 - 2016-02-26 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Iris 4
2016-02-26 12:24 - 2016-02-26 21:19 - 00000000 ____D C:\Users\Tony\Desktop\Open Season Scared Silly
2016-02-26 12:21 - 2016-02-26 21:20 - 00000000 ____D C:\Users\Tony\Desktop\Krampus
2016-02-26 00:25 - 2016-02-27 13:04 - 00000000 ____D C:\FRST
2016-02-25 23:21 - 2016-02-25 23:28 - 00000000 ____D C:\Users\Tony\AppData\Local\NPE
2016-02-25 23:21 - 2016-02-25 23:21 - 00000000 ____D C:\ProgramData\Norton
2016-02-25 22:35 - 2016-02-25 22:35 - 00000000 ____D C:\Users\Tony\AppData\Local\Sophos
2016-02-25 22:27 - 2016-02-26 00:07 - 00000000 ____D C:\ProgramData\Sophos
2016-02-25 22:27 - 2016-02-25 22:27 - 00161024 ____N (Sophos Limited) C:\WINDOWS\system32\Drivers\savonaccess.sys
2016-02-25 22:01 - 2016-02-25 22:01 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-25 21:17 - 2016-02-25 21:34 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-25 20:27 - 2016-02-25 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-02-25 19:31 - 2016-02-25 19:31 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-25 19:31 - 2016-02-25 19:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-25 19:30 - 2016-02-25 19:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-25 19:01 - 2016-02-25 19:02 - 00076380 _____ C:\TDSSKiller.3.1.0.9_25.02.2016_19.01.29_log.txt
2016-02-25 18:20 - 2016-02-25 18:20 - 00023112 _____ C:\WINDOWS\system32\Drivers\hitmanpro35.sys
2016-02-25 18:19 - 2016-02-25 18:20 - 00000000 ____D C:\ProgramData\Hitman Pro
2016-02-25 18:19 - 2016-02-25 18:19 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-25 17:36 - 2016-02-25 17:37 - 00070060 _____ C:\TDSSKiller.3.1.0.9_25.02.2016_17.36.22_log.txt
2016-02-25 13:52 - 2016-02-25 13:52 - 00000000 ____D C:\Users\Tony\AppData\Roaming\LavasoftStatistics
2016-02-25 13:52 - 2016-02-25 13:52 - 00000000 ____D C:\Users\Tony\AppData\Roaming\Lavasoft
2016-02-25 13:51 - 2016-02-25 13:51 - 00000000 ____D C:\Program Files\Lavasoft
2016-02-25 13:48 - 2016-02-25 13:48 - 00000000 ____D C:\ProgramData\Lavasoft
2016-02-25 13:05 - 2016-02-25 13:05 - 00000000 ____D C:\Users\Tony\Documents\ProcAlyzer Dumps
2016-02-25 12:47 - 2016-02-25 12:47 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-25 12:45 - 2016-02-25 12:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-02-25 12:44 - 2016-02-25 14:57 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-25 11:55 - 2016-02-25 11:55 - 00000490 _____ C:\TDSSKiller.3.1.0.9_25.02.2016_11.55.43_log.txt
2016-02-25 11:52 - 2016-02-25 11:54 - 00131292 _____ C:\TDSSKiller.3.1.0.9_25.02.2016_11.52.47_log.txt
2016-02-24 20:21 - 2016-02-26 21:22 - 00000000 ____D C:\Users\Tony\Desktop\Rambo Collection
2016-02-24 12:03 - 2016-02-24 17:32 - 00000000 ____D C:\Users\Tony\Desktop\In The Heart Of The Sea
2016-02-20 13:17 - 2016-02-20 13:22 - 00000000 ____D C:\Users\Tony\Desktop\The Hobbit Collection
2016-02-19 19:13 - 2016-02-20 10:31 - 00000000 ____D C:\Users\Tony\Desktop\Victor Frankenstein
2016-02-19 14:01 - 2016-02-20 10:31 - 00000000 ____D C:\Users\Tony\Desktop\The Nutty Professor Collection
2016-02-19 13:08 - 2016-02-19 13:08 - 00000000 ____D C:\Users\Tony\Desktop\Snowtime
2016-02-16 12:26 - 2016-02-16 16:26 - 00000000 ____D C:\Users\Tony\Desktop\The Forest
2016-02-15 15:11 - 2016-02-15 16:24 - 00000000 ____D C:\Users\Tony\Desktop\The Good Dinosaur
2016-02-15 09:35 - 2016-02-15 09:40 - 00000000 ____D C:\Users\Tony\Documents\Sound recordings
2016-02-14 14:56 - 2016-02-14 16:25 - 2040422598 _____ C:\Users\Tony\Desktop\Forrest Gump.mp4
2016-02-14 14:55 - 2016-02-14 18:14 - 00000000 ____D C:\Users\Tony\Desktop\Conan The Barbarian
2016-02-14 14:55 - 2016-02-14 17:40 - 00000000 ____D C:\Users\Tony\Desktop\Conan the Destroyer
2016-02-14 12:16 - 2016-01-29 06:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-14 12:16 - 2016-01-29 06:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-14 12:16 - 2016-01-27 06:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-14 12:16 - 2016-01-27 06:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-14 12:16 - 2016-01-27 06:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-14 12:16 - 2016-01-27 06:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-14 12:16 - 2016-01-27 06:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-14 12:16 - 2016-01-27 05:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-14 12:16 - 2016-01-27 05:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-14 12:16 - 2016-01-27 05:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-14 12:16 - 2016-01-27 05:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-14 12:16 - 2016-01-27 05:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-14 12:16 - 2016-01-27 05:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-14 12:16 - 2016-01-27 05:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-14 12:16 - 2016-01-27 05:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-14 12:16 - 2016-01-27 05:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-14 12:16 - 2016-01-27 05:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-14 12:16 - 2016-01-27 05:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-14 12:16 - 2016-01-27 05:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-14 12:16 - 2016-01-27 05:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-14 12:16 - 2016-01-27 05:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-14 12:16 - 2016-01-27 05:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-14 12:16 - 2016-01-27 05:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-14 12:16 - 2016-01-27 05:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-14 12:16 - 2016-01-27 05:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-14 12:16 - 2016-01-27 05:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-14 12:16 - 2016-01-27 05:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-14 12:16 - 2016-01-27 05:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-14 12:16 - 2016-01-27 05:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-14 12:16 - 2016-01-27 05:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-14 12:16 - 2016-01-27 05:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-14 12:16 - 2016-01-27 05:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-14 12:16 - 2016-01-27 05:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-14 12:16 - 2016-01-27 05:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-14 12:16 - 2016-01-27 05:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-14 12:16 - 2016-01-27 05:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-14 12:16 - 2016-01-27 05:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-14 12:16 - 2016-01-27 05:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-14 12:16 - 2016-01-27 05:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-14 12:16 - 2016-01-27 05:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-14 12:16 - 2016-01-27 05:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-14 12:16 - 2016-01-27 05:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-14 12:16 - 2016-01-27 05:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-14 12:16 - 2016-01-27 04:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-14 12:16 - 2016-01-27 04:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-14 12:16 - 2016-01-27 04:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-14 12:16 - 2016-01-27 04:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-14 12:16 - 2016-01-27 04:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-14 12:16 - 2016-01-27 04:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-14 12:16 - 2016-01-27 04:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-14 12:16 - 2016-01-27 04:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-14 12:16 - 2016-01-27 04:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-14 12:16 - 2016-01-27 04:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-14 12:16 - 2016-01-27 04:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-14 12:16 - 2016-01-27 04:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-14 12:16 - 2016-01-27 04:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-14 12:16 - 2016-01-27 04:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-14 12:16 - 2016-01-27 04:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-14 12:16 - 2016-01-27 04:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-14 12:16 - 2016-01-27 04:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-14 12:16 - 2016-01-27 04:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-14 12:16 - 2016-01-27 04:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-14 12:16 - 2016-01-27 04:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-14 12:16 - 2016-01-27 04:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-14 12:16 - 2016-01-27 04:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-12 19:47 - 2016-02-12 21:16 - 00000000 ____D C:\Users\Tony\Desktop\Monkey Up
2016-02-12 12:13 - 2016-02-12 12:14 - 00000000 ____D C:\Users\Tony\Desktop\Router Screen Shots
2016-02-12 11:50 - 2016-02-14 20:38 - 00000000 ____D C:\Users\Tony\Desktop\Walking Dead For Xbox
2016-02-11 16:50 - 2016-02-11 16:51 - 00000000 ____D C:\Users\Tony\Desktop\Jurassic Park Collection
2016-02-10 13:33 - 2016-02-14 16:13 - 00000000 ____D C:\Users\Tony\Desktop\The Night Before
2016-02-09 18:47 - 2016-02-22 15:11 - 00000000 ____D C:\Users\Tony\Desktop\Ebay Pictures
2016-02-09 12:38 - 2016-02-13 10:28 - 00000000 ____D C:\Users\Tony\Desktop\The Walking Dead
2016-02-08 14:52 - 2016-02-26 20:41 - 00000000 ____D C:\Users\Tony\Desktop\Camera Security Software
2016-02-07 16:35 - 2016-02-27 13:00 - 00000000 ____D C:\Users\Tony\Desktop\Security Camera Footage
2016-02-07 11:08 - 2016-02-08 13:56 - 00000000 ____D C:\Program Files (x86)\Aiseesoft Total Video Converter
2016-02-05 14:54 - 2016-02-05 14:54 - 00000000 ____D C:\ProgramData\ATI
2016-02-05 14:16 - 2016-02-25 14:46 - 00000000 ____D C:\Program Files\ATI Technologies
2016-02-05 14:16 - 2016-02-05 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-02-03 18:28 - 2016-02-07 11:05 - 00000000 ____D C:\Users\Tony\Desktop\The 100 Season 1-2
2016-02-03 12:20 - 2016-02-14 16:39 - 00000000 ____D C:\Users\Tony\Desktop\Backtrack
2016-01-31 11:03 - 2016-01-31 11:03 - 00000000 ____D C:\Users\Tony\Desktop\Ride.Along.2.2016.HC.HDRip.XViD.AC3-ETRG
2016-01-31 11:02 - 2016-02-14 16:29 - 00000000 ____D C:\Users\Tony\Desktop\Crimson Peak
2016-01-28 14:34 - 2016-01-16 06:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 14:34 - 2016-01-16 06:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 14:34 - 2016-01-16 06:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 14:34 - 2016-01-16 06:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 14:34 - 2016-01-16 06:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 14:34 - 2016-01-16 06:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 14:34 - 2016-01-16 06:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 14:34 - 2016-01-16 06:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 14:34 - 2016-01-16 06:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 14:34 - 2016-01-16 06:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 14:34 - 2016-01-16 06:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 14:34 - 2016-01-16 06:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 14:34 - 2016-01-16 06:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 14:34 - 2016-01-16 06:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 14:34 - 2016-01-16 06:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 14:34 - 2016-01-16 06:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 14:34 - 2016-01-16 06:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 14:34 - 2016-01-16 06:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 14:34 - 2016-01-16 06:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 14:34 - 2016-01-16 06:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 14:34 - 2016-01-16 06:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 14:34 - 2016-01-16 06:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 14:34 - 2016-01-16 05:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 14:34 - 2016-01-16 05:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 14:34 - 2016-01-16 05:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 14:34 - 2016-01-16 05:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 14:34 - 2016-01-16 05:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 14:34 - 2016-01-16 05:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 14:34 - 2016-01-16 05:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 14:34 - 2016-01-16 05:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 14:34 - 2016-01-16 05:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 14:34 - 2016-01-16 05:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 14:34 - 2016-01-16 05:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 14:34 - 2016-01-16 05:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 14:34 - 2016-01-16 05:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 14:34 - 2016-01-16 05:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 14:34 - 2016-01-16 05:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 14:34 - 2016-01-16 05:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 14:34 - 2016-01-16 05:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 14:34 - 2016-01-16 05:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 14:34 - 2016-01-16 05:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 14:34 - 2016-01-16 05:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 14:34 - 2016-01-16 05:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 14:34 - 2016-01-16 05:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 14:34 - 2016-01-16 05:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 14:34 - 2016-01-16 05:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 14:34 - 2016-01-16 05:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 14:34 - 2016-01-16 05:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 14:34 - 2016-01-16 05:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 14:34 - 2016-01-16 05:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 14:34 - 2016-01-16 05:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 14:34 - 2016-01-16 05:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 14:34 - 2016-01-16 05:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 14:34 - 2016-01-16 05:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 14:34 - 2016-01-16 05:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 14:34 - 2016-01-16 05:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 14:34 - 2016-01-16 05:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 14:34 - 2016-01-16 05:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 14:34 - 2016-01-16 05:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 14:34 - 2016-01-16 05:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 14:34 - 2016-01-16 05:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 14:34 - 2016-01-16 05:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 14:34 - 2016-01-16 05:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 14:34 - 2016-01-16 05:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 14:34 - 2016-01-16 05:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 14:34 - 2016-01-16 05:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 14:34 - 2016-01-16 05:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 14:34 - 2016-01-16 05:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 14:34 - 2016-01-16 05:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 14:34 - 2016-01-16 05:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 14:34 - 2016-01-16 05:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 14:34 - 2016-01-16 05:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 14:34 - 2016-01-16 05:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 14:34 - 2016-01-16 05:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 14:34 - 2016-01-16 05:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 14:34 - 2016-01-16 05:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 14:34 - 2016-01-16 05:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 14:34 - 2016-01-16 05:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 14:34 - 2016-01-16 05:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 14:34 - 2016-01-16 05:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 14:34 - 2016-01-16 05:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 14:34 - 2016-01-16 05:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 14:34 - 2016-01-16 05:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 14:34 - 2016-01-16 05:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 14:34 - 2016-01-16 05:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 14:34 - 2016-01-16 05:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 14:34 - 2016-01-16 05:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 14:34 - 2016-01-16 05:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 14:34 - 2016-01-16 05:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 14:34 - 2016-01-16 05:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 14:34 - 2016-01-16 05:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-28 14:33 - 2016-01-16 05:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 14:33 - 2016-01-16 05:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 14:33 - 2016-01-16 05:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 14:33 - 2016-01-16 05:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 14:33 - 2016-01-16 05:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 14:33 - 2016-01-16 05:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 14:33 - 2016-01-16 05:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 14:33 - 2016-01-16 05:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 14:33 - 2016-01-16 05:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 14:33 - 2016-01-16 05:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 14:33 - 2016-01-16 05:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 14:33 - 2016-01-16 05:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 14:33 - 2016-01-16 05:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 14:33 - 2016-01-16 05:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 14:33 - 2016-01-16 05:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 14:33 - 2016-01-16 05:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 14:33 - 2016-01-16 05:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-26 22:16 - 2015-08-23 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2016-02-26 21:21 - 2015-08-14 23:39 - 00000000 ____D C:\Users\Tony\AppData\Roaming\vlc
2016-02-26 21:18 - 2015-08-01 23:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-26 21:09 - 2015-08-01 17:15 - 00000000 ____D C:\Users\Tony\AppData\Roaming\tixati
2016-02-26 19:10 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-26 18:54 - 2015-12-06 00:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-26 18:54 - 2015-10-30 06:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-26 18:54 - 2015-08-01 11:45 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-02-26 18:53 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-26 17:39 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-26 12:58 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-26 12:55 - 2015-10-30 07:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-26 12:42 - 2015-08-12 19:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-26 00:24 - 2015-08-01 22:51 - 00000000 ____D C:\Users\Tony\AppData\Local\Adobe
2016-02-25 21:30 - 2015-11-16 19:47 - 00000000 ____D C:\Users\Tony\.oracle_jre_usage
2016-02-25 21:29 - 2015-11-16 19:47 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-25 21:29 - 2015-11-16 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-25 21:29 - 2015-11-16 19:47 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-25 20:27 - 2015-08-19 14:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-02-25 20:17 - 2015-12-05 23:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-25 18:36 - 2015-08-11 22:44 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-25 15:27 - 2015-08-09 13:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-25 15:22 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-25 15:11 - 2015-12-05 23:58 - 00000000 ____D C:\Users\Tony
2016-02-25 15:08 - 2015-10-30 18:09 - 00000000 ____D C:\WINDOWS\ShellNew
2016-02-25 15:08 - 2015-10-30 18:09 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-25 15:07 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-02-25 15:07 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-02-25 15:05 - 2015-08-01 13:40 - 00000000 ____D C:\Users\Tony\AppData\Roaming\IrfanView
2016-02-25 14:50 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\registration
2016-02-22 19:43 - 2015-08-01 13:13 - 00000000 ____D C:\Users\Tony\Desktop\Pirates of the Caribbean Collection
2016-02-20 13:20 - 2015-08-01 13:32 - 00000000 ____D C:\Users\Tony\Desktop\The Lord Of The Rings Collection
2016-02-20 10:29 - 2015-08-01 13:20 - 00000000 ____D C:\Users\Tony\Desktop\The Big Bang Theory
2016-02-15 14:18 - 2015-08-01 13:11 - 00000000 ____D C:\Users\Tony\Desktop\Movies
2016-02-15 09:25 - 2015-07-31 20:48 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-14 22:50 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-02-14 22:50 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-02-14 20:38 - 2015-07-31 20:51 - 00834360 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-14 18:49 - 2015-08-01 12:54 - 00000000 ____D C:\Users\Tony\Desktop\Folder
2016-02-14 17:44 - 2015-08-19 20:10 - 00000000 ____D C:\Users\Tony\Desktop\Converted Avi
2016-02-14 17:03 - 2016-01-26 14:31 - 00000000 ____D C:\Users\Tony\Desktop\Macbeth
2016-02-14 16:49 - 2015-12-27 14:41 - 00000000 ____D C:\Users\Tony\Desktop\BridgeOf Spies
2016-02-14 16:14 - 2015-12-07 16:51 - 00000000 ____D C:\Users\Tony\Desktop\Bad Roomies
2016-02-14 14:29 - 2015-08-01 14:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-14 14:27 - 2015-07-10 11:04 - 00000167 _____ C:\WINDOWS\win.ini
2016-02-13 11:51 - 2015-08-10 22:13 - 00000000 ____D C:\Users\Tony\AppData\Roaming\dvdcss
2016-02-13 09:09 - 2015-08-11 22:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-12 19:31 - 2015-10-18 10:01 - 00000000 ____D C:\Users\Tony\Desktop\Vacation
2016-02-12 17:21 - 2015-08-01 13:17 - 00000000 ____D C:\Users\Tony\Desktop\Rocky Collection
2016-02-12 16:54 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-02-12 14:06 - 2015-08-01 13:10 - 00000000 ____D C:\Users\Tony\Desktop\Mad Max Collection
2016-02-07 13:21 - 2015-08-01 17:15 - 00000000 ____D C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2016-02-07 13:21 - 2015-08-01 17:15 - 00000000 ____D C:\Program Files\tixati
2016-02-07 11:08 - 2015-08-19 20:32 - 00000000 ____D C:\Users\Tony\AppData\Local\Aiseesoft Studio
2016-02-06 13:24 - 2015-11-16 19:44 - 00000000 ____D C:\ProgramData\Oracle
2016-02-06 09:57 - 2015-07-31 20:48 - 00000000 ____D C:\Users\Tony\AppData\Local\Packages
2016-02-05 17:18 - 2015-10-28 17:58 - 00000000 ____D C:\Users\Tony\Desktop\James Bond Collection
2016-02-05 14:16 - 2015-12-05 23:55 - 00000000 ____D C:\ProgramData\AMD
2016-02-05 14:16 - 2015-12-05 23:55 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-02-05 14:15 - 2015-07-31 21:11 - 00000000 ____D C:\AMD
2016-02-05 13:55 - 2015-12-05 23:54 - 00000000 ____D C:\Program Files\AMD
2016-02-04 16:25 - 2015-08-01 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-02-03 19:01 - 2015-10-30 07:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 19:01 - 2015-10-30 07:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-01 10:39 - 2015-08-01 12:51 - 00407168 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2016-02-01 10:39 - 2015-08-01 12:51 - 00152320 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2016-01-29 16:26 - 2015-10-30 07:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 16:26 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 16:26 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 16:26 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-29 16:25 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 16:25 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 16:25 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\bcastdvr

==================== Files in the root of some directories =======

2015-08-10 20:13 - 2015-12-31 19:27 - 0001057 _____ () C:\Users\Tony\AppData\Roaming\vso_ts_preview.xml
2015-09-20 16:51 - 2015-12-27 11:14 - 0008704 _____ () C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-16 12:13 - 2015-12-16 12:13 - 0002675 _____ () C:\Users\Tony\AppData\Local\recently-used.xbel
2015-12-05 23:54 - 2015-12-05 23:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-26 12:37

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by Tony (2016-02-27 13:05:08)
Running from C:\Users\Tony\Desktop\Adaware Removers\Farbar Recovery Scan Tool
Windows 10 Pro Version 1511 (X64) (2015-12-06 00:12:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1001379508-1290023974-3518000192-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1001379508-1290023974-3518000192-503 - Limited - Disabled)
Guest (S-1-5-21-1001379508-1290023974-3518000192-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1001379508-1290023974-3518000192-1009 - Limited - Enabled)
Tony (S-1-5-21-1001379508-1290023974-3518000192-1001 - Administrator - Enabled) => C:\Users\Tony

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Aiseesoft Total Video Converter 6.2.32 (HKLM-x32\...\{13C9CA1F-8D5A-4812-9FB4-434C9058BD77}_is1) (Version: 6.2.32 - Aiseesoft Studio)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Blue Iris 4 (HKLM-x32\...\{24DBFE51-243F-4538-BB28-2FD7EC8E7F16}) (Version: 4.0.3.1 - Perspective Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Creative Live! Cam Optia Pro (VF0380) Driver (1.03.03.00) (HKLM\...\Creative VF0380) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX125 Series Printer Uninstall (HKLM\...\EPSON SX125 Series) (Version: - SEIKO EPSON Corporation)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Hard Drive Powerwash (Remove only) (HKLM-x32\...\Hard Drive Powerwash) (Version: - )
IP Camera (HKLM-x32\...\IP Camera) (Version: - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
OKI Network Extension (HKLM-x32\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Rapport (x32 Version: 3.5.1507.109 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Tixati (HKLM-x32\...\tixati) (Version: - )
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.109 - Trusteer)
UltraISO Premium V9.3 (HKLM-x32\...\UltraISO_is1) (Version: - )
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WinX DVD Ripper Platinum 7.5.11 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1001379508-1290023974-3518000192-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Tony\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BEB0D07-C301-4B55-B2C0-FDF508D44F80} - \AutoKMS -> No File <==== ATTENTION
Task: {273DBFFC-7A28-4981-9185-60001C03AEC2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {38DDF141-F7B0-46C0-B756-DB69C587210F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-25] (Microsoft Corporation)
Task: {7C9748CD-1030-46A3-A32B-18957B073D0E} - System32\Tasks\{724EA1E0-DCFB-4776-94EE-D7FE98C8C386} => pcalua.exe -a C:\Users\Tony\Desktop\colorcubesviz.exe -d C:\Users\Tony\Desktop
Task: {7D97559F-96E4-4044-99D9-749F26F6F25B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C31F0E93-16FA-47D9-84ED-CDF483482E0F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CB4031CB-C08B-4619-A55B-6D64EC5E8E9F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D11D34F7-6C37-45CA-AD64-E0EDA1489491} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {F85DA0B9-16FF-48A1-ADA1-926B6C83998F} - System32\Tasks\{02B9F0AF-5000-406C-AAC6-B67AD0B37A10} => pcalua.exe -a C:\Users\Tony\Desktop\blazingcolorsviz.exe -d C:\Users\Tony\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-04 16:43 - 2015-11-04 16:43 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-05 23:47 - 2015-12-05 23:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-05 23:47 - 2015-12-05 23:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-19 10:27 - 2015-12-07 04:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-19 10:27 - 2015-12-07 04:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 11:49 - 2016-01-05 01:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 11:49 - 2016-01-05 01:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 14:34 - 2016-01-16 05:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 14:34 - 2016-01-16 05:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-22 10:58 - 2016-01-22 10:59 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-02-10 13:12 - 2015-02-10 13:12 - 02210480 _____ () C:\Program Files\Microsoft Office\Office15\tmpod.dll
2015-10-13 15:10 - 2015-10-13 15:10 - 01428648 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2016-02-26 12:42 - 2014-12-16 23:09 - 00260608 _____ () C:\Program Files\Blue Iris 4\libfaad2.dll
2015-07-21 16:02 - 2015-07-21 16:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2016-01-22 10:58 - 2016-01-22 10:59 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 10:58 - 2016-01-22 10:59 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 11:04 - 2015-07-10 11:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tony\Desktop\Pictures\Hulk.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\...\StartupApproved\Run: => "EPSON SX125 Series"
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-1001379508-1290023974-3518000192-1001\...\StartupApproved\Run: => "TomTomHOME.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{9423D670-EA2D-4963-89AE-287DF246E63A}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{23FEDAB7-BE47-4547-AC55-DCF1333BB4C5}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{7D0ABDBB-C7A7-4037-84FC-2D9BE6497DD8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8FECB20D-9D3A-45E7-B1C7-C655E1811A2C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E4620B51-0AC1-4C23-A6D2-C60DA21CA9CC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{FE599AA9-B531-4D19-BFAD-D157C6C34021}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{EAC6E7E8-04E0-4F75-BB0E-3B1CDC675ED4}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{22E48C59-C687-4830-B971-F34C9BB8F241}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [{C59BF30E-8C03-43BF-B194-76470E4319F7}] => (Block) C:\windows\syswow64\ipcamera.exe
FirewallRules: [{C8604CDE-7EB0-407D-82F3-6B5C3788D15D}] => (Block) C:\windows\syswow64\ipcamera.exe
FirewallRules: [UDP Query User{A23F0A37-FEE6-45E4-A4D2-63CD215CE542}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe
FirewallRules: [TCP Query User{EF5E9278-1340-43A5-80BA-0CF8F736DD48}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe
FirewallRules: [{0F0DCCD3-3F40-4BE9-B71A-A554B67C9F9A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8E8B4817-FD9E-4B1F-BABD-9A01E2A3323B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1E92A8E2-C1EE-46A0-80B1-89D56563BD51}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{555208E3-D303-43F5-9D74-DEC7AFA0D5E9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E78F9A0F-6DD0-402F-8CB2-8C26A1C3A21F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8CDD8021-F02E-47CC-B4A5-885582A4EC65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8B8D0CC3-0F9B-442B-866A-40A40370E17E}C:\program files\blue iris 4\blueiris.exe] => (Allow) C:\program files\blue iris 4\blueiris.exe
FirewallRules: [UDP Query User{6BD6D63C-DD75-461A-831B-8AD268165924}C:\program files\blue iris 4\blueiris.exe] => (Allow) C:\program files\blue iris 4\blueiris.exe

==================== Restore Points =========================

26-02-2016 22:09:26 Rollback

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2016 10:24:53 PM) (Source: TomTomHOMEService) (EventID: 10000) (User: )
Description: TomTomHOMEServiceStartServiceCtrlDispatcher failed with 0

Error: (02/26/2016 10:24:48 PM) (Source: TomTomHOMEService) (EventID: 10000) (User: )
Description: TomTomHOMEServiceStartServiceCtrlDispatcher failed with 0

Error: (02/26/2016 10:09:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/26/2016 05:38:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/26/2016 05:38:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/26/2016 05:38:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/26/2016 05:37:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/26/2016 05:37:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/26/2016 05:37:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/26/2016 10:58:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (02/26/2016 10:31:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_58572 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/26/2016 10:31:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_58572 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/26/2016 10:31:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_58572 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/26/2016 10:31:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_58572 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/26/2016 10:31:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/26/2016 10:16:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).

Error: (02/26/2016 09:24:52 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOPTonyS-1-5-21-1001379508-1290023974-3518000192-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (02/26/2016 08:57:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/26/2016 08:54:51 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOPTonyS-1-5-21-1001379508-1290023974-3518000192-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (02/26/2016 08:54:51 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOPTonyS-1-5-21-1001379508-1290023974-3518000192-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742


CodeIntegrity:
===================================
Date: 2016-02-27 12:44:14.415
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-26 18:07:49.583
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-26 17:52:02.431
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-26 12:38:47.640
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-26 00:26:59.575
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-25 23:32:57.519
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-25 15:38:02.728
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-25 15:14:02.418
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-16 13:47:40.237
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-16 10:34:31.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A8-6600K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 16%
Total physical RAM: 15560.62 MB
Available physical RAM: 13066.57 MB
Total Virtual: 17864.62 MB
Available Virtual: 15314.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.53 GB) (Free:1217.08 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:931.39 GB) (Free:867.44 GB) NTFS
Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:167.14 GB) NTFS
Drive f: (Storage) (Fixed) (Total:931.51 GB) (Free:454.33 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FCB43DFD)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3795030C)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A7167C54)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: ACA0D3A8)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Fishingforbytes
Active Member
 
Posts: 10
Joined: February 25th, 2016, 8:18 pm

Re: page redirect removal/correct repost

Unread postby Cypher » February 27th, 2016, 9:30 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


While i review your logs run the below scan for me please.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished click on Report.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: page redirect removal/correct repost

Unread postby Fishingforbytes » February 27th, 2016, 9:44 am

Thank you for contacting me.here is requested log

# AdwCleaner v5.036 - Logfile created 27/02/2016 at 13:37:04
# Updated 22/02/2016 by Xplode
# Database : 2016-02-27.1 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : Tony - DESKTOP
# Running from : C:\Users\Tony\Desktop\Adaware Removers\adwcleaner_5.036.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S2].txt - [611 bytes] - [27/02/2016 13:37:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [683 bytes] ##########
Fishingforbytes
Active Member
 
Posts: 10
Joined: February 25th, 2016, 8:18 pm

Re: page redirect removal/correct repost

Unread postby Cypher » February 27th, 2016, 10:06 am

Fishingforbytes wrote:Thank you for contacting me.

You're welcome.
Quick question, is this computer used for business purposes ?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: page redirect removal/correct repost

Unread postby Fishingforbytes » February 27th, 2016, 10:26 am

No my old computer died it had windows 7 pro on it and we got a free upgrade to windows 10 when we built this one.
Fishingforbytes
Active Member
 
Posts: 10
Joined: February 25th, 2016, 8:18 pm

Re: page redirect removal/correct repost

Unread postby Cypher » February 27th, 2016, 11:53 am

Fishingforbytes wrote:Hi sorry for double post but after finishing previous tasks plus running FRST64 and switching the computer on the next day the the problem seems to have gone.

Your logs appear to be clean.
You have run a lot of scans on your own, it looks like one of them took care of the problem.
As a final check run this scan for me.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: page redirect removal/correct repost

Unread postby Fishingforbytes » February 27th, 2016, 2:24 pm

Hi here is the results of ESET scan..i have a drive my son downloads rubbish to and backup software but i always do a custom install not a default install.

it has detected these but nothing else so i think if i delete these i am clean or is it ok to keep these as long as i dont install them with default install only a custom ?

D:\Backup\Programes\ccsetup510.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Backup\Programes\KeyFinderInstaller.exe a variant of Win32/OpenCandy.A potentially unsafe application
D:\Backup\Programes\CC Cleaner\ccsetup514.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Backup\Programes\Hard Drive Cleaner\ccsetup508.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Backup\Programes\Hard Drive Cleaner\harddrivepowerwash_free.exe Win32/InstallMonetizer.AN potentially unwanted application
D:\Backup\Windows 7 Programes\ccsetup510.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Backup\Windows 7 Programes\KeyFinderInstaller.exe a variant of Win32/OpenCandy.A potentially unsafe application
D:\Backup\Windows 7 Programes\spsetup128.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Backup\Windows 7 Programes\CC Cleaner\ccsetup504.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Backup\Windows 7 Programes\Hard Drive Cleaner\ccsetup419.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Backup\Windows 7 Programes\Hard Drive Cleaner\harddrivepowerwash_free.exe Win32/InstallMonetizer.AN potentially unwanted application
D:\Backup\Windows 7 Programes\Image Burn\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy potentially unsafe application
Fishingforbytes
Active Member
 
Posts: 10
Joined: February 25th, 2016, 8:18 pm

Re: page redirect removal/correct repost

Unread postby Cypher » February 28th, 2016, 7:49 am

it has detected these but nothing else so i think if i delete these i am clean or is it ok to keep these as long as i dont install them with default install only a custom ?
There is nothing there of real concern, and they wouldn't be the cause of the problems you described.

Your latest logs appear to be clean so you should be good to go.
Lets tidy up and remove the tools we used to check your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Remove disinfection tools
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: page redirect removal/correct repost

Unread postby Fishingforbytes » February 28th, 2016, 9:45 am

Id like to thank you for all your help over the last few days.

computer seems fine now and no redirections when i surf or page hijacks.

Thanks again and all the best
Fishingforbytes
Active Member
 
Posts: 10
Joined: February 25th, 2016, 8:18 pm

Re: page redirect removal/correct repost

Unread postby Cypher » February 28th, 2016, 10:35 am

Id like to thank you for all your help over the last few days.

You're most welcome :)
computer seems fine now and no redirections when i surf or page hijacks.

That's good to hear, As you report no problems i will close this topic.
Good luck.

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware