Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015 Ran by Andy (administrator) on H50 on 07-07-2015 17:04:17 Running from C:\Users\Andy\Desktop Loaded Profiles: Andy (Available Profiles: Andy & eManagerUser & Classic .NET AppPool & DefaultAppPool) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\bcc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\bccavsvc.exe (Realtek Semiconductor Corporation) C:\Program Files\REALTEK\Realtek Bluetooth\AvrcpService.exe (Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exe (Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Realtek Semiconductor) C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\REALTEK\Audio\HDA\RtHDVBg.exe () C:\Program Files\ClipX\clipx.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareTray.exe (XemiComputers ltd.) C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe (Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe (Famatech Corp.) C:\Windows\System32\rserver30\rserver3.exe () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe (Famatech Corp.) C:\Windows\System32\rserver30\FamItrfc.Exe (Famatech Corp.) C:\Windows\System32\rserver30\FamItrfc.Exe (Microsoft Corporation) C:\Windows\System32\snmp.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Poco Systems Inc) C:\Program Files\Pocomail4\Poco.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-06-30] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1011416 2014-06-30] (Realtek Semiconductor) HKLM\...\Run: [ClipX] => C:\Program Files\ClipX\clipx.exe [68608 2005-11-30] () HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-08-01] () HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5516008 2015-06-17] (Avast Software s.r.o.) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareTray.exe [7966192 2015-06-24] () HKU\S-1-5-21-363809082-620757088-3605342814-1000\...\Run: [Active Desktop Calendar] => C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [7608832 2011-11-23] (XemiComputers ltd.) HKU\S-1-5-21-363809082-620757088-3605342814-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1381648 2015-06-08] (Lavasoft) HKU\S-1-5-21-363809082-620757088-3605342814-1000\...\RunOnce: [Application Restart #0] => C:\Program Files\Google\Chrome\Application\chrome.exe [813896 2015-07-06] (Google Inc.) HKU\S-1-5-21-363809082-620757088-3605342814-1000\...\MountPoints2: {fcada96e-edf4-11e4-bd00-b8aeed2006a5} - J:\setup.exe HKU\S-1-5-21-363809082-620757088-3605342814-1000\...\MountPoints2: {fcadab8a-edf4-11e4-bd00-b8aeed2006a5} - I:\MotorolaDeviceManagerSetup.exe -a HKU\S-1-5-21-363809082-620757088-3605342814-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-17] (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-363809082-620757088-3605342814-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-363809082-620757088-3605342814-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.lavasoft.com?partner=WCYID10140&campaign=cnet&d=150707 HKU\S-1-5-21-363809082-620757088-3605342814-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-363809082-620757088-3605342814-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-363809082-620757088-3605342814-1000 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-363809082-620757088-3605342814-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://search.lavasoft.com/results.php?search={searchTerms}&category=web&partner=WCYID10140&campaign=cnet&d=150707 DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation) Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [348488 2015-07-07] (Lavasoft Limited) Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [348488 2015-07-07] (Lavasoft Limited) Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [348488 2015-07-07] (Lavasoft Limited) Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [348488 2015-07-07] (Lavasoft Limited) Winsock: Catalog9 46 C:\Windows\system32\LavasoftTcpService.dll [348488 2015-07-07] (Lavasoft Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{24155087-DEC7-4C5D-B480-25838857C56B}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{54C38067-B02E-41F6-A779-B67371426B75}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7824A7EF-01CA-4F47-8EE3-C252718D79FA}: [NameServer] 10.200.0.10,10.200.0.7 FireFox: ======== FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-03] (Intel Corporation) FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-03] (Intel Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-363809082-620757088-3605342814-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Andy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-08] (Citrix Online) FF HKU\.DEFAULT\...\Firefox\Extensions: [ninjaloader@mail.com] - C:\Program Files\Ninja Loader\FireFox Chrome: ======= CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Ebates Cash Back) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-05-12] CHR Extension: (Chrome Remote Desktop) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-05-12] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-14] CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AcfXAudioService; C:\Windows\system32\ACFXAU32.dll [410624 2009-04-29] (Conexant Systems, Inc.) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation) R2 aswBcc; C:\Program Files\AVAST Software\Avast\bcc.exe [633288 2015-06-17] (AVAST Software) R2 Avast Business Console Client Antivirus Service; C:\Program Files\AVAST Software\Avast\bccavsvc.exe [1313096 2015-06-17] (Avast Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-17] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3210384 2015-06-17] (Avast Software) R2 AvrcpService; C:\Program Files\REALTEK\Realtek Bluetooth\AvrcpService.exe [30720 2013-05-07] (Realtek Semiconductor Corporation) [File not signed] S4 BTDevManager; C:\Program Files\REALTEK\Realtek Bluetooth\BTDevMgr.exe [65536 2014-01-06] () [File not signed] R2 chromoting; C:\Program Files\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe [69448 2015-05-28] (Google Inc.) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280840 2015-03-19] (Intel Corporation) R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation) R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION) R2 FoxitCloudUpdateService; C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.) R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [310272 2012-06-01] (Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [293128 2015-03-19] (Intel Corporation) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2009-07-13] (Microsoft Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation) R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [166232 2014-06-24] (Juniper Networks, Inc.) R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exe [663592 2015-06-24] () R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-06-08] (Lavasoft Limited) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MSSQL$WLAUSERPROFILE; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation) S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation) R2 RServer3; C:\Windows\system32\rserver30\RServer3.exe [1154752 2012-12-19] (Famatech Corp.) R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [19816 2015-06-08] () R2 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [256800 2013-12-03] (Dell SonicWALL, Inc.) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 acfva; C:\Windows\System32\DRIVERS\ACFVA32.sys [87424 2009-09-02] (Conexant Systems Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-06-17] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-06-17] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-06-17] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-06-17] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-06-17] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-06-17] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-06-17] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-06-17] () R3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP32.sys [28928 2009-04-29] (Conexant Systems, Inc.) R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [108368 2013-10-03] (Citrix Systems, Inc.) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG) R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-12-20] (Intel Corporation) R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [363504 2013-12-20] (Intel Corporation) R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [799216 2013-12-20] (Intel Corporation) R3 jnprna; C:\Windows\System32\DRIVERS\jnprna6.sys [408944 2011-01-19] (Juniper Networks, Inc.) R1 jnprns; C:\Windows\System32\DRIVERS\jnprns.sys [412984 2014-06-16] (Juniper Networks) S4 jnprTdi_805_47721; C:\Windows\system32\Drivers\jnprTdi_805_47721.sys [92984 2014-06-24] (Juniper Networks, Inc.) S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [24952 2014-06-16] (Juniper Networks, Inc.) R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [36776 2014-06-16] (Juniper Networks, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-07] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK32.sys [12672 2007-03-15] (Conexant) R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [85976 2013-12-03] (Intel Corporation) R3 mf; C:\Windows\System32\DRIVERS\mf.sys [114176 2009-07-13] (Microsoft Corporation) R3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [3328 2012-12-18] (Famatech International Corp.) R3 Neo_IPSEC_VPN; C:\Windows\System32\DRIVERS\Neo_0107.sys [38144 2015-06-08] (SoftEther Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) R1 PCIESER; C:\Windows\System32\drivers\PCIESER.sys [67584 2013-07-22] (www.winchiphead.com) R1 raddrvv3; C:\Windows\system32\rserver30\raddrvv3.sys [48920 2012-12-19] (Famatech Corp.) R3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [232040 2012-03-19] (Realtek Semiconductor Corp.) S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [488152 2013-12-18] (Realtek Semiconductor Corporation) S3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2840792 2014-03-13] (Realtek Semiconductor Corporation ) S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [64512 1998-03-31] () [File not signed] R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2011-07-08] (Samsung Electronics) [File not signed] R2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [95120 2013-12-03] (Dell SonicWALL, Inc.) S3 SWVNIC; C:\Windows\System32\DRIVERS\swvnic.sys [21016 2013-08-26] (SonicWALL, Inc.) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [408280 2015-01-22] (BitDefender S.R.L.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-06-17] (Avast Software) S3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation) S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation) R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU32.sys [8704 2009-04-29] (Conexant Systems, Inc.) S1 mmi1m2f2nnnjbgj; system32\drivers\mmi1m2f2nnnjbgj.sys [X] S2 RELIANCE; \??\C:\Program Files\Datalight\Reliance Windows Driver\driver\win7\reliance.sys [X] S3 Winacusb; system32\DRIVERS\winacusb.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-07 17:04 - 2015-07-07 17:04 - 00021111 _____ C:\Users\Andy\Desktop\FRST.txt 2015-07-07 17:03 - 2015-07-07 17:04 - 00000000 ____D C:\FRST 2015-07-07 17:03 - 2015-07-07 17:03 - 01636352 _____ (Farbar) C:\Users\Andy\Desktop\FRST.exe 2015-07-07 16:54 - 2015-07-07 16:54 - 00000436 _____ C:\DelFix.txt 2015-07-07 16:51 - 2015-07-07 16:54 - 00000731 _____ C:\runcheck.txt 2015-07-07 16:45 - 2015-07-07 16:56 - 00002321 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2015-07-07 16:45 - 2015-07-07 16:45 - 00002872 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini 2015-07-07 16:45 - 2015-07-07 16:45 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Lavasoft 2015-07-07 16:45 - 2015-07-07 16:45 - 00000000 ____D C:\Users\Andy\AppData\Local\Lavasoft 2015-07-07 16:45 - 2015-07-07 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-07-07 16:45 - 2015-07-07 16:45 - 00000000 ____D C:\Program Files\Lavasoft 2015-07-07 16:45 - 2015-06-08 14:13 - 00348488 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll 2015-07-07 16:44 - 2015-07-07 16:45 - 00000000 ____D C:\ProgramData\Lavasoft 2015-07-07 16:44 - 2015-07-07 16:44 - 00000000 ____D C:\Program Files\Common Files\Lavasoft 2015-07-07 16:40 - 2015-07-07 16:43 - 00000000 ____D C:\ProgramData\HitmanPro 2015-07-07 16:35 - 2015-07-07 16:35 - 00070368 _____ C:\Users\Andy\AppData\Local\GDIPFONTCACHEV1.DAT 2015-07-07 16:21 - 2015-07-07 16:55 - 00001140 _____ C:\Windows\PFRO.log 2015-07-07 16:12 - 2015-07-07 16:55 - 00000224 _____ C:\Windows\setupact.log 2015-07-07 16:12 - 2015-07-07 16:12 - 00000000 _____ C:\Windows\setuperr.log 2015-07-07 16:10 - 2015-07-07 16:10 - 00001281 _____ C:\Users\Andy\Desktop\GP6.exe - Shortcut.lnk 2015-07-07 16:05 - 2015-07-07 16:05 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-07-07 14:56 - 2015-05-09 14:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-07-07 14:56 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-07-07 14:56 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-07-07 14:56 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-07-07 14:56 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-07-07 14:56 - 2014-12-05 16:33 - 00339968 _____ C:\Windows\system32\SaMinDrv.dll 2015-07-07 14:56 - 2014-12-05 16:32 - 00131072 _____ C:\Windows\system32\SaImgFlt.dll 2015-07-07 14:56 - 2014-12-05 16:32 - 00073728 _____ C:\Windows\system32\SaErHdlr.dll 2015-07-07 14:55 - 2015-05-08 23:14 - 02937344 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-07-07 14:55 - 2015-05-08 23:14 - 02045952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-07-07 14:55 - 2015-05-08 23:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-07-07 14:55 - 2015-05-08 23:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-07-07 14:55 - 2015-05-08 23:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-07-07 14:55 - 2015-05-08 23:14 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-07-07 14:55 - 2015-05-08 23:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-07-07 14:55 - 2015-05-08 23:13 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-07-07 14:55 - 2015-05-08 23:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-07-07 14:55 - 2015-05-08 23:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-07-07 14:55 - 2015-05-08 23:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-07-07 12:17 - 2015-07-07 12:17 - 00002146 _____ C:\Users\Andy\Desktop\Global VPN Client.lnk 2015-07-06 10:42 - 2015-07-06 10:42 - 00000020 ___SH C:\Users\TEMP.H50.006\ntuser.ini 2015-07-06 10:42 - 2015-07-06 10:42 - 00000000 ____D C:\Users\TEMP.H50.006 2015-07-06 10:42 - 2015-04-24 21:55 - 00000000 ___RD C:\Users\TEMP.H50.006\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-07-06 10:42 - 2015-04-24 21:55 - 00000000 ___RD C:\Users\TEMP.H50.006\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-07-01 17:33 - 2015-07-01 17:33 - 00000000 ____D C:\Users\Andy\Desktop\Recordings 2015-06-27 13:03 - 2015-06-27 13:03 - 00000048 _____ C:\Windows\TaxACT12.ini 2015-06-27 13:03 - 2015-06-27 13:03 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2nd Story Software 2015-06-27 13:03 - 2015-06-27 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2nd Story Software 2015-06-27 13:03 - 2015-06-27 13:03 - 00000000 ____D C:\2nd Story Software 2015-06-24 11:14 - 2015-06-24 11:14 - 00002715 _____ C:\Users\Public\Desktop\SL1100 PCPro.lnk 2015-06-24 11:14 - 2015-06-24 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SL1100 Application Suite 2015-06-23 20:08 - 2015-06-24 09:30 - 00000000 ____D C:\Users\TEMP.H50.005 2015-06-23 11:32 - 2015-06-23 20:08 - 00000000 ____D C:\Users\TEMP.H50.004 2015-06-22 16:05 - 2015-06-22 16:05 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Wireshark 2015-06-22 16:04 - 2015-06-22 16:04 - 00001694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk 2015-06-22 16:04 - 2015-06-22 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2015-06-22 16:04 - 2015-06-22 16:04 - 00000000 ____D C:\Program Files\Wireshark 2015-06-22 16:04 - 2015-06-22 16:04 - 00000000 ____D C:\Program Files\WinPcap 2015-06-17 16:09 - 2015-06-17 16:09 - 00000178 _____ C:\Users\Andy\Documents\Teleco Phone Numbers.txt 2015-06-17 14:39 - 2015-06-17 14:39 - 00697828 _____ C:\Users\Andy\AppData\Local\census.cache 2015-06-17 14:39 - 2015-06-17 14:39 - 00170470 _____ C:\Users\Andy\AppData\Local\ars.cache 2015-06-17 13:03 - 2015-06-17 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2015-06-17 13:03 - 2015-06-17 13:03 - 00000000 ____D C:\Program Files\Panda Security 2015-06-17 12:47 - 2015-06-17 12:47 - 00000010 _____ C:\Users\Andy\AppData\Local\sponge.last.runtime.cache 2015-06-17 12:33 - 2013-09-27 22:56 - 00289352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2015-06-17 12:32 - 2015-07-07 16:20 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-17 12:32 - 2015-07-07 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-17 12:32 - 2015-07-07 16:05 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-06-17 12:32 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-17 12:32 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-17 12:32 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-17 12:32 - 2015-06-17 12:32 - 00000036 _____ C:\Users\Andy\AppData\Local\housecall.guid.cache 2015-06-17 12:32 - 2015-06-17 12:32 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-17 12:29 - 2015-06-17 12:29 - 00000000 ____D C:\Users\Andy\AppData\Roaming\LavasoftStatistics 2015-06-17 11:29 - 2015-06-17 11:29 - 00020472 _____ C:\Users\Andy\Documents\cc_20150617_112935.reg 2015-06-17 11:12 - 2015-06-17 11:12 - 00001413 _____ C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-17 10:10 - 2015-06-17 10:10 - 00000000 ____D C:\Users\Andy\AppData\Roaming\AVAST Software 2015-06-17 10:09 - 2015-06-17 10:09 - 00000000 ___HD C:\ProgramData\qnl 2015-06-17 10:07 - 2015-06-17 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-06-17 10:06 - 2015-06-17 10:06 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-06-17 10:06 - 2015-06-17 10:06 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-06-17 10:06 - 2015-06-17 10:06 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-06-17 10:06 - 2015-06-17 10:06 - 00209048 _____ C:\Windows\system32\Drivers\aswVmm.sys 2015-06-17 10:06 - 2015-06-17 10:06 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-06-17 10:06 - 2015-06-17 10:06 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-06-17 10:06 - 2015-06-17 10:06 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-06-17 10:06 - 2015-06-17 10:06 - 00049904 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2015-06-17 10:06 - 2015-06-17 10:06 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-06-17 10:06 - 2015-06-17 10:06 - 00024144 _____ C:\Windows\system32\Drivers\aswHwid.sys 2015-06-17 10:05 - 2015-06-17 10:05 - 00631296 _____ C:\Windows\qnl.dat 2015-06-17 10:04 - 2015-06-17 10:04 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Macromedia 2015-06-17 10:02 - 2015-06-17 10:02 - 03451936 ____N (Avast Software s.r.o.) C:\Users\Public\Documents\aswOfferTool.exe 2015-06-17 10:02 - 2015-06-17 10:02 - 00000000 ____D C:\Program Files\AVAST Software 2015-06-17 09:56 - 2015-06-17 09:56 - 00000000 ____D C:\Windows\system32\Flash 2015-06-17 09:47 - 2015-06-17 09:47 - 00070368 _____ C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-17 09:47 - 2015-06-17 09:47 - 00070368 _____ C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-17 09:47 - 2015-06-17 09:47 - 00001044 _____ C:\Windows\Tasks\43UjIlbSW.job 2015-06-17 09:47 - 2015-06-17 09:47 - 00000064 _____ C:\Users\Andy\AppData\Local\993a711bd833e389ce0696959054f408 2015-06-17 09:47 - 2015-06-17 09:47 - 00000000 ____D C:\Users\Default\Documents\MaxComputerCleaner 2015-06-17 09:47 - 2015-06-17 09:47 - 00000000 ____D C:\Users\Default\AppData\Local\Max_Computer_Cleaner 2015-06-17 09:47 - 2015-06-17 09:47 - 00000000 ____D C:\Users\Default User\Documents\MaxComputerCleaner 2015-06-17 09:47 - 2015-06-17 09:47 - 00000000 ____D C:\Users\Default User\AppData\Local\Max_Computer_Cleaner 2015-06-17 09:47 - 2015-06-17 09:47 - 00000000 ____D C:\Users\Andy\AppData\Local\Chromium 2015-06-17 09:46 - 2015-06-17 09:46 - 00000045 _____ C:\user.js 2015-06-17 09:46 - 2015-06-17 09:46 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066 2015-06-17 09:45 - 2015-06-17 09:45 - 00000000 ____D C:\ProgramData\COMODO 2015-06-17 09:45 - 2015-06-17 09:45 - 00000000 ____D C:\Program Files\COMODO 2015-06-17 09:45 - 2015-06-11 16:08 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-06-17 09:43 - 2015-06-17 09:43 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 2015-06-17 09:24 - 2015-06-17 09:24 - 00000000 ____D C:\Users\Andy\Downloads\Inside Out 2015 HDRip XviD - AMIABLE 2015-06-17 09:20 - 2015-06-17 09:20 - 00000000 ____D C:\Users\Andy\Downloads\American.Girl.Grace.Stirs.Up.Success.2015.DVDRip.XviD-EVO 2015-06-17 09:19 - 2015-06-17 09:38 - 00000000 ____D C:\Users\Andy\Downloads\Strawberry Shortcake Berry Best Friends 2014 Dvdrip Xvid AC3 ACAB 2015-06-17 09:19 - 2015-06-17 09:20 - 00000000 ____D C:\Users\Andy\Downloads\Strawberry Shortcake Berry Big Help 2014 DVDRiP XViD-sC0rp 2015-06-17 09:18 - 2015-06-17 11:29 - 00000000 ____D C:\Users\Andy\AppData\Roaming\BitTorrent 2015-06-17 09:18 - 2015-06-17 09:18 - 00000845 _____ C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2015-06-17 09:13 - 2015-06-17 09:14 - 00000000 ____D C:\Program Files\LuckyWire 2015-06-15 11:56 - 2015-06-15 11:56 - 00000000 ____D C:\Windows\CheckSur 2015-06-15 11:19 - 2010-11-20 08:30 - 00172416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpchbus.sys 2015-06-15 11:19 - 2010-11-20 08:21 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\vpchbuspipe.dll 2015-06-15 11:19 - 2010-11-20 06:50 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcusb.sys 2015-06-15 09:19 - 2015-06-18 09:34 - 00000000 ____D C:\Users\TEMP.H50.003 2015-06-11 14:21 - 2015-06-11 14:21 - 00002767 _____ C:\Users\Public\Desktop\SL InMail CF Utility.lnk 2015-06-11 14:13 - 2015-07-01 15:00 - 00000000 ____D C:\Users\Andy\AppData\Roaming\vlc 2015-06-11 14:13 - 2015-06-11 14:13 - 00001024 _____ C:\Users\Public\Desktop\VLC media player.lnk 2015-06-11 14:13 - 2015-06-11 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-06-11 14:13 - 2015-06-11 14:13 - 00000000 ____D C:\Program Files\VideoLAN 2015-06-10 16:57 - 2015-06-10 16:57 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Mozilla 2015-06-10 16:57 - 2015-06-10 16:57 - 00000000 ____D C:\Users\Andy\AppData\Local\WebEx 2015-06-10 16:45 - 2015-06-10 16:45 - 00002597 _____ C:\Users\Public\Desktop\NEC SL DesktopSuite.lnk 2015-06-10 16:45 - 2015-06-10 16:45 - 00000000 ____D C:\Users\Andy\Documents\Add-in Express 2015-06-10 16:45 - 2014-02-25 13:55 - 01929216 _____ (Red Phoenix) C:\Windows\system32\RpCtiTsp2.tsp 2015-06-10 16:44 - 2015-06-10 16:45 - 00000000 ____D C:\ProgramData\RedPhoenix 2015-06-10 16:44 - 2015-06-10 16:45 - 00000000 ____D C:\ProgramData\NEC-i 2015-06-10 16:44 - 2015-06-10 16:44 - 00000000 ____D C:\Program Files\Common Files\Plantronics 2015-06-10 16:44 - 2015-06-10 16:44 - 00000000 ____D C:\Program Files\Common Files\NEC-i 2015-06-09 21:19 - 2015-06-02 15:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-06-09 21:19 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-09 21:19 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-06-09 21:19 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-09 21:19 - 2015-05-25 14:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-06-09 21:19 - 2015-05-25 14:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-06-09 21:19 - 2015-05-25 14:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-06-09 21:19 - 2015-05-25 14:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-06-09 21:19 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-06-09 21:19 - 2015-05-25 14:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-06-09 21:19 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-06-09 21:19 - 2015-05-25 14:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-06-09 21:19 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-06-09 21:19 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-06-09 21:19 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-06-09 21:19 - 2015-05-25 14:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-06-09 21:19 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-06-09 21:19 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-06-09 21:19 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-06-09 21:19 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-06-09 21:19 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-06-09 21:19 - 2015-05-25 13:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-09 21:19 - 2015-05-25 12:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-06-09 21:19 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-09 21:19 - 2015-05-22 23:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-09 21:19 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-09 21:19 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-09 21:19 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-09 21:19 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-09 21:19 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-09 21:19 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-09 21:19 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-09 21:19 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-09 21:19 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-09 21:19 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-09 21:19 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-09 21:19 - 2015-05-22 23:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-09 21:19 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-09 21:19 - 2015-05-22 23:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-09 21:19 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-09 21:19 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-09 21:19 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-09 21:19 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-09 21:19 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-09 21:19 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-09 21:19 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-09 21:19 - 2015-05-22 22:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-09 21:19 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-09 21:19 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-09 21:19 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-09 21:19 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-09 21:19 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-09 21:19 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-09 21:19 - 2015-05-08 23:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-06-09 21:19 - 2015-05-08 23:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-09 21:19 - 2015-05-08 23:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-06-09 21:19 - 2015-05-08 23:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-06-09 21:19 - 2015-05-08 23:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 21:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-09 21:19 - 2015-05-08 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-09 21:19 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-06-09 21:19 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-06-09 21:19 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-06-09 21:19 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-06-09 21:19 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-06-09 21:19 - 2015-04-10 23:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-09 21:18 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-08 16:00 - 2015-06-24 14:17 - 00000000 ____D C:\Users\Andy\AppData\Local\Citrix 2015-06-08 10:02 - 2015-07-07 16:55 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2015-06-08 09:48 - 2015-06-08 09:48 - 00038144 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\Neo_0107.sys 2015-06-08 09:47 - 2015-06-08 09:50 - 00000000 ____D C:\Program Files\SoftEther VPN Client 2015-06-08 09:47 - 2015-06-08 09:47 - 00142056 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-07 17:03 - 2009-07-14 00:34 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-07 17:03 - 2009-07-14 00:34 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-07 17:01 - 2010-11-20 17:01 - 00918572 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-07 16:58 - 2015-04-14 17:50 - 00781718 _____ C:\Windows\WindowsUpdate.log 2015-07-07 16:57 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\inetsrv 2015-07-07 16:55 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-07 16:12 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Registration 2015-07-07 16:10 - 2009-07-13 23:20 - 00000000 ___RD C:\Program Files (x86) 2015-07-07 16:04 - 2015-04-17 14:38 - 00000000 ____D C:\Users\Andy\AppData\Roaming\TeamViewer 2015-07-07 16:02 - 2015-04-24 23:02 - 00000000 ____D C:\Program Files\CCleaner 2015-07-07 15:50 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\tracing 2015-07-07 15:30 - 2015-04-15 10:00 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Pocomail 2015-07-07 12:10 - 2015-04-15 11:35 - 00000000 ___RD C:\Users\Andy\Documents\!Purchase Agreement 2015-07-07 11:39 - 2015-06-05 12:14 - 00000717 _____ C:\Users\Andy\Desktop\Working Copy of teleco.txt 2015-07-06 15:41 - 2015-04-15 11:36 - 00000000 ___RD C:\Users\Andy\Documents\Cablevision 2015-07-06 12:38 - 2015-04-17 12:53 - 00000000 ____D C:\UADMIN 2015-07-02 12:19 - 2015-04-15 10:27 - 00000000 ___RD C:\NEC Databases 2015-07-01 14:04 - 2015-05-01 14:23 - 00000000 ____D C:\Program Files\NCH Software 2015-07-01 13:59 - 2015-04-18 20:56 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Audacity 2015-06-28 05:51 - 2015-04-15 10:29 - 00000000 ____D C:\Program Files\TeamViewer 2015-06-27 13:03 - 2015-04-15 11:33 - 00000000 ____D C:\Users\Andy\Documents\TaxACT 2012 2015-06-26 09:49 - 2015-04-15 11:32 - 00000000 ___RD C:\Users\Andy\Documents\References 2015-06-24 18:19 - 2015-04-14 23:54 - 00000000 ____D C:\Program Files\Google 2015-06-24 11:55 - 2015-04-15 11:14 - 00000000 ____D C:\Users\Andy\Documents\MSA 2015-06-24 11:14 - 2015-04-15 09:16 - 00000000 ____D C:\Program Files\NEC 2015-06-23 13:27 - 2015-04-14 15:29 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-06-22 14:25 - 2015-04-15 10:29 - 00000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-06-18 14:36 - 2015-04-15 11:13 - 00000000 ___RD C:\Users\Andy\Documents\DK 2015-06-18 10:02 - 2015-04-15 11:33 - 00000000 ___RD C:\Users\Andy\Documents\Voice Mail 2015-06-17 11:41 - 2015-04-14 14:59 - 01002142 _____ C:\Users\Andy\AppData\Local\BTServer.log 2015-06-17 10:07 - 2015-04-17 17:30 - 00000000 ____D C:\Windows\system32\vbox 2015-06-17 10:02 - 2015-04-17 17:27 - 00000000 ____D C:\ProgramData\AVAST Software 2015-06-17 09:55 - 2015-04-24 14:14 - 00000000 ____D C:\Program Files\Adobe 2015-06-15 15:16 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache 2015-06-15 12:27 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\zh-CN 2015-06-15 12:27 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\th-TH 2015-06-15 12:27 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\sv-SE 2015-06-15 12:27 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\ru-RU 2015-06-15 12:27 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\pl-PL 2015-06-15 12:27 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\nb-NO 2015-06-15 12:27 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\ko-KR 2015-06-15 12:27 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\hu-HU 2015-06-15 12:27 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\he-IL 2015-06-15 12:27 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\ar-SA 2015-06-15 12:26 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\zh-TW 2015-06-15 12:26 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\tr-TR 2015-06-15 12:26 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\ro-RO 2015-06-15 12:26 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\pt-PT 2015-06-15 12:26 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\pt-BR 2015-06-15 12:26 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\nl-NL 2015-06-15 12:26 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\ja-JP 2015-06-15 12:26 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\it-IT 2015-06-15 12:26 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\fr-FR 2015-06-15 12:26 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\fi-FI 2015-06-15 12:26 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\el-GR 2015-06-15 12:26 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\de-DE 2015-06-15 11:21 - 2009-07-14 00:33 - 00310392 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-11 14:22 - 2015-04-15 11:21 - 00000000 ___RD C:\Users\Andy\Documents\NEC 2015-06-11 14:21 - 2015-04-17 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC 2015-06-10 03:04 - 2015-04-15 00:56 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 03:00 - 2015-04-15 00:56 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2015-04-24 17:40 - 2015-04-24 17:41 - 0558080 _____ () C:\Users\Andy\AppData\Roaming\SharedSettings.ccs 2015-06-17 09:47 - 2015-06-17 09:47 - 0000064 _____ () C:\Users\Andy\AppData\Local\993a711bd833e389ce0696959054f408 2015-06-17 14:39 - 2015-06-17 14:39 - 0170470 _____ () C:\Users\Andy\AppData\Local\ars.cache 2015-04-14 14:59 - 2015-06-17 11:41 - 1002142 _____ () C:\Users\Andy\AppData\Local\BTServer.log 2015-06-17 14:39 - 2015-06-17 14:39 - 0697828 _____ () C:\Users\Andy\AppData\Local\census.cache 2015-06-17 12:32 - 2015-06-17 12:32 - 0000036 _____ () C:\Users\Andy\AppData\Local\housecall.guid.cache 2015-06-17 12:47 - 2015-06-17 12:47 - 0000010 _____ () C:\Users\Andy\AppData\Local\sponge.last.runtime.cache 2015-04-14 15:01 - 2015-04-14 15:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Andy\AppData\Local\Temp\7za.exe C:\Users\Andy\AppData\Local\Temp\ca860c02-a41a-4dba-b74d-d93edd955fe9.exe C:\Users\Andy\AppData\Local\Temp\DaS_21.exe C:\Users\Andy\AppData\Local\Temp\hijackthis.exe C:\Users\Andy\AppData\Local\Temp\NirCmd.exe C:\Users\Andy\AppData\Local\Temp\PEVZ.EXE C:\Users\Andy\AppData\Local\Temp\Quarantine.exe C:\Users\Andy\AppData\Local\Temp\remove.exe C:\Users\Andy\AppData\Local\Temp\sed.exe C:\Users\Andy\AppData\Local\Temp\shortcut.exe C:\Users\Andy\AppData\Local\Temp\sqlite3.dll C:\Users\Andy\AppData\Local\Temp\swreg.exe C:\Users\Andy\AppData\Local\Temp\swxcacls.exe C:\Users\Andy\AppData\Local\Temp\wget.exe C:\Users\Andy\AppData\Local\Temp\zoek-delete.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-03 00:34 ==================== End of log ============================