Crime Watch Malware [Closed]

Well I did it at last !!
here are the files you asked for - now the magic begins?
Regards
Gerry
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Gerry (administrator) on GERRYSLAPTOP on 01-03-2015 12:59:06
Running from C:\Users\Gerry\Downloads
Loaded Profiles: mkathrv & Gerry (Available profiles: mkathrv & Gerry & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Telstra Broadband Assistant\1.0.2.45\ma\bin\MAHostService.exe
(Joyent, Inc) C:\Program Files (x86)\Telstra Broadband Assistant\1.0.2.45\ma\bin\node.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Telstra Corporation Ltd.) C:\Program Files\Telstra Broadband Assistant\1.0.2.45\ma\bin\pcTrayApp.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Telstra_McciTrayApp] => C:\Program Files\Telstra Broadband Assistant\1.0.2.45\ma\bin\pcTrayApp.exe [2835456 2014-09-11] (Telstra Corporation Ltd.)
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\wrex.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\System32\rstrui.exe [271872 2014-04-06] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4052331037-556818154-8592725-1001\...\Run: [Google Update] => C:\Users\mkathrv\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-22] (Google Inc.)
HKU\S-1-5-21-4052331037-556818154-8592725-1001\...\Run: [Google+ Auto Backup] => "C:\Users\mkathrv\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-4052331037-556818154-8592725-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-4052331037-556818154-8592725-1001\...\Run: [GoogleChromeAutoLaunch_0061D0EE4670C4D15318C72B3512D6E4] => C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-18] (Google Inc.)
HKU\S-1-5-21-4052331037-556818154-8592725-1001\...\MountPoints2: {8e46287e-f917-11e2-be8f-10bf489d29c1} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4052331037-556818154-8592725-1001\...\MountPoints2: {c2361e7c-bce2-11e4-bfa1-10bf489d29c1} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-4052331037-556818154-8592725-1004\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-02-12] (Glarysoft Ltd)
HKU\S-1-5-21-4052331037-556818154-8592725-1004\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S1].txt [2754 2015-02-28] ()
HKU\S-1-5-21-4052331037-556818154-8592725-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [131072 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #2] => C:\Program Files\Internet Explorer\iexplore.exe [813712 2014-10-31] (Microsoft Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes...EO2SXX621KFEO2S
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes...EO2SXX621KFEO2S
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes...EO2SXX621KFEO2S
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes...EO2SXX621KFEO2S
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes...q={searchTerms}
HKU\S-1-5-21-4052331037-556818154-8592725-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
HKU\S-1-5-21-4052331037-556818154-8592725-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-4052331037-556818154-8592725-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes...q={searchTerms}
HKU\S-1-5-21-4052331037-556818154-8592725-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes...EO2SXX621KFEO2S
HKU\S-1-5-21-4052331037-556818154-8592725-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes...EO2SXX621KFEO2S
HKU\S-1-5-21-4052331037-556818154-8592725-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes...q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff64.dll No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff32.dll No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.omniboxes...EO2SXX621KFEO2S

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Telstra Broadband Assistant\1.0.2.45\ma\bin\npMotive.dll (Telstra Corporation Ltd.)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Telstra Corporation Ltd.)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4052331037-556818154-8592725-1001: @tools.google.com/Google Update;version=3 -> C:\Users\mkathrv\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4052331037-556818154-8592725-1001: @tools.google.com/Google Update;version=9 -> C:\Users\mkathrv\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Profile: C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-01]
CHR Extension: (Google Drive) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-11]
CHR Extension: (YouTube) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-01]
CHR Extension: (Google Search) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-01]
CHR Extension: (Telstra Extension) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-07-13]
CHR Extension: (Google Wallet) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
CHR Extension: (Gmail) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-01]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2015-01-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1232880 2014-05-04] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-10-23] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2013-10-23] (Alcatel-Lucent) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 Telstra MAHostService; C:\Program Files (x86)\Telstra Broadband Assistant\1.0.2.45\ma\bin\MAHostService.exe [321024 2014-09-11] (Alcatel-Lucent) [File not signed]
S3 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 70F4EEDB-1367-4b4f-8247-3133551A7415; "C:\Program Files\shopperz\grunt.exe" [X]
S2 cae99edb; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll",ENT
S4 lxVHHY; "C:\ProgramData\EDwusour\lxVHHY.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2014-10-14] (Glarysoft Ltd)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA))
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-01 12:59 - 2015-03-01 12:59 - 00021362 _____ () C:\Users\Gerry\Downloads\FRST.txt
2015-03-01 12:58 - 2015-03-01 12:59 - 00000000 ____D () C:\FRST
2015-03-01 12:54 - 2015-03-01 12:54 - 02092544 _____ (Farbar) C:\Users\Gerry\Downloads\FRST64.exe
2015-02-28 12:53 - 2015-02-28 13:03 - 00016136 _____ () C:\Users\mkathrv\Desktop\offer on 28.odt
2015-02-28 12:44 - 2014-12-14 08:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-28 12:44 - 2014-12-14 08:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-28 12:44 - 2014-10-29 12:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-28 12:44 - 2014-10-29 12:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-28 12:44 - 2014-10-29 12:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-28 12:44 - 2014-10-29 12:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-28 09:58 - 2015-02-28 09:58 - 02126848 _____ () C:\Users\Gerry\Downloads\AdwCleaner (1).exe
2015-02-28 09:55 - 2015-02-28 09:55 - 02126848 _____ () C:\Users\Gerry\Downloads\AdwCleaner.exe
2015-02-28 09:51 - 2015-02-28 09:51 - 00001066 _____ () C:\Users\Gerry\Desktop\JRT.txt
2015-02-28 09:48 - 2015-02-28 09:48 - 01388274 _____ (Thisisu) C:\Users\Gerry\Downloads\JRT.exe
2015-02-27 17:01 - 2015-02-27 17:01 - 00001646 _____ () C:\Users\Gerry\Downloads\TDC - Superfoods for Superaging - Shortcut.lnk
2015-02-27 14:48 - 2015-02-27 14:48 - 00012754 _____ () C:\WINDOWS\system32\.crusader
2015-02-27 14:33 - 2015-02-28 15:23 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-27 14:33 - 2015-02-27 14:33 - 00001903 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-27 14:32 - 2015-02-27 14:48 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-27 14:31 - 2015-02-27 14:32 - 10995632 _____ (SurfRight B.V.) C:\Users\Gerry\Downloads\HitmanPro_x64.exe
2015-02-26 20:41 - 2015-02-26 20:41 - 00015365 _____ () C:\Users\mkathrv\Desktop\Ian Sales plan.odt
2015-02-26 16:43 - 2015-02-26 16:43 - 00000000 ____D () C:\Users\mkathrv\AppData\Local\CrimeWatch
2015-02-25 22:56 - 2015-02-25 22:56 - 00000000 ____D () C:\Users\Gerry\Documents\Reflect
2015-02-25 21:07 - 2015-03-01 12:29 - 00004486 _____ () C:\WINDOWS\setupact.log
2015-02-25 21:07 - 2015-02-25 21:07 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-25 21:06 - 2015-02-27 08:48 - 00005826 _____ () C:\WINDOWS\PFRO.log
2015-02-25 17:46 - 2015-02-25 17:46 - 00000045 _____ () C:\user.js
2015-02-25 17:46 - 2015-02-25 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-02-25 17:46 - 2015-02-25 17:46 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-02-25 17:43 - 2015-02-25 17:43 - 00666912 _____ () C:\Users\Gerry\Downloads\7zip-setup.exe
2015-02-25 17:41 - 2015-02-25 17:41 - 00055002 _____ () C:\Users\Gerry\Downloads\2015-monthly-calendar-blue-landscape.zip
2015-02-25 17:39 - 2015-02-25 17:39 - 06028880 _____ () C:\Users\Gerry\Downloads\dict-en (1).oxt
2015-02-25 17:38 - 2015-03-01 12:50 - 01542946 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-25 17:29 - 2015-02-25 17:30 - 69509120 _____ () C:\Users\Gerry\Downloads\calibre-64bit-2.20.0.msi
2015-02-25 17:27 - 2015-02-25 17:27 - 69439488 _____ () C:\Users\Gerry\Downloads\calibre-64bit-2.19.0.msi
2015-02-25 15:25 - 2015-02-25 15:25 - 00018643 _____ () C:\Users\mkathrv\Desktop\5 items per session !!!!.odt
2015-02-24 09:55 - 2015-02-24 09:55 - 00668290 _____ () C:\Users\mkathrv\Downloads\malware log.odt
2015-02-24 07:34 - 2015-02-24 07:34 - 00000000 _____ () C:\Recovery.txt
2015-02-23 15:04 - 2015-02-23 15:04 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-23 15:04 - 2015-02-23 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-23 15:03 - 2015-02-23 15:04 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-23 15:03 - 2015-02-23 15:04 - 00000000 ____D () C:\Program Files\iTunes
2015-02-23 14:56 - 2015-02-23 14:57 - 121343792 _____ (Apple Inc.) C:\Users\Gerry\Downloads\itunes64setup (2).exe
2015-02-23 14:50 - 2015-02-23 14:52 - 14952744 _____ () C:\Users\Gerry\Downloads\Glary_Utilities_v5.19.0.32.exe
2015-02-23 14:27 - 2015-02-23 14:28 - 00002499 _____ () C:\Users\Public\Desktop\Reflect.lnk
2015-02-23 14:27 - 2015-02-23 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2015-02-23 14:27 - 2015-02-23 14:27 - 00000000 ____D () C:\Program Files\Macrium
2015-02-23 14:25 - 2015-02-23 14:28 - 00308890 _____ () C:\Reflect_Install.log
2015-02-23 14:01 - 2015-02-23 14:13 - 00000000 ____D () C:\Users\Gerry\Downloads\Macrium
2015-02-23 14:00 - 2015-02-23 14:00 - 03537360 _____ (Paramount Software UK Ltd) C:\Users\mkathrv\Downloads\ReflectDL.exe
2015-02-22 22:46 - 2015-02-23 13:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-18 14:51 - 2015-02-18 14:51 - 00000000 ____D () C:\ProgramData\Auslogics
2015-02-18 14:50 - 2015-02-18 14:50 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2015-02-18 14:23 - 2015-02-28 09:36 - 00000000 ___RD () C:\Users\mkathrv\Downloads\DeviceDoctor.Opener_mkdtfchztkfbm!App
2015-02-14 09:48 - 2015-01-23 15:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-14 09:48 - 2015-01-23 14:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 20:21 - 2015-02-04 10:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 20:21 - 2015-02-04 10:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 20:21 - 2015-02-04 10:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 20:21 - 2015-02-03 10:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 20:21 - 2015-02-03 10:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 20:21 - 2015-02-03 10:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 20:21 - 2015-01-20 05:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 20:21 - 2014-12-19 19:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 20:21 - 2014-12-19 19:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 20:21 - 2014-12-09 10:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 13:40 - 2015-02-11 13:40 - 00000418 _____ () C:\Users\mkathrv\Desktop\Ian Job advert
2015-02-11 13:18 - 2015-02-11 13:19 - 00011804 _____ () C:\Users\mkathrv\Desktop\Ian Job advert.odt
2015-02-11 13:13 - 2015-01-16 09:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 13:13 - 2015-01-16 09:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 13:13 - 2015-01-14 15:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 13:13 - 2015-01-14 14:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 13:13 - 2015-01-14 09:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 13:13 - 2015-01-14 09:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 13:13 - 2015-01-10 20:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 13:13 - 2015-01-10 20:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 13:13 - 2015-01-10 19:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 13:13 - 2015-01-10 18:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 13:13 - 2015-01-10 17:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 13:13 - 2014-12-09 14:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 13:13 - 2014-12-09 12:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 13:13 - 2014-10-29 13:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 13:13 - 2014-10-29 13:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 13:13 - 2014-10-29 13:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 13:13 - 2014-10-29 13:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 13:13 - 2014-10-29 13:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 13:13 - 2014-10-29 13:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 13:13 - 2014-10-29 12:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 13:13 - 2014-10-29 12:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 13:13 - 2014-10-29 12:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 13:13 - 2014-10-29 12:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 13:13 - 2014-10-29 12:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 13:13 - 2014-10-29 12:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 13:13 - 2014-10-29 12:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 13:12 - 2015-01-12 14:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 13:12 - 2015-01-12 13:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 13:12 - 2015-01-12 13:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 13:12 - 2015-01-12 13:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 13:12 - 2015-01-12 13:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 13:12 - 2015-01-12 13:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 13:12 - 2015-01-12 13:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 13:12 - 2015-01-12 13:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 13:12 - 2015-01-12 13:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 13:12 - 2015-01-12 13:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 13:12 - 2015-01-12 13:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 13:12 - 2015-01-12 12:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 13:12 - 2015-01-12 12:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 13:12 - 2015-01-12 12:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 13:12 - 2015-01-12 12:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 13:12 - 2015-01-12 12:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 13:12 - 2015-01-12 12:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 13:12 - 2015-01-12 12:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 13:12 - 2015-01-12 12:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 13:12 - 2015-01-12 12:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 13:12 - 2015-01-12 12:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 13:12 - 2015-01-12 12:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 13:12 - 2015-01-12 12:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 13:12 - 2015-01-12 12:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 13:12 - 2015-01-12 12:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 13:12 - 2015-01-12 12:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 13:12 - 2015-01-12 12:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 13:12 - 2015-01-12 12:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 13:12 - 2015-01-12 12:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 13:12 - 2015-01-12 12:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 13:12 - 2015-01-12 12:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 13:12 - 2015-01-12 12:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 13:12 - 2015-01-12 11:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 13:12 - 2015-01-12 11:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 13:12 - 2015-01-10 19:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 11:49 - 2015-02-10 11:49 - 00279240 _____ (Auslogics) C:\Users\mkathrv\Downloads\Express_PC_scanner.exe
2015-02-10 10:06 - 2015-02-10 10:07 - 00000061 _____ () C:\Users\mkathrv\Desktop\google voucher.txt
2015-02-09 21:56 - 2015-02-09 21:56 - 14920448 _____ () C:\Users\Gerry\Downloads\Glary_Utilities_v5.18.0.31.exe
2015-02-09 21:48 - 2015-02-23 13:42 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
2015-02-09 21:48 - 2015-02-09 21:48 - 00002220 _____ () C:\Users\mkathrv\Desktop\NCH Suite.lnk
2015-02-09 21:48 - 2015-02-09 21:48 - 00001232 _____ () C:\Users\mkathrv\Desktop\Switch Sound File Converter.lnk
2015-02-09 21:48 - 2015-02-09 21:48 - 00001228 _____ () C:\Users\mkathrv\Desktop\WavePad Sound Editor.lnk
2015-02-09 21:48 - 2015-02-09 21:48 - 00001218 _____ () C:\Users\mkathrv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
2015-02-09 21:48 - 2015-02-09 21:48 - 00001214 _____ () C:\Users\mkathrv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2015-02-09 21:48 - 2015-02-09 21:48 - 00000000 ____D () C:\ProgramData\NCH Software
2015-02-09 21:47 - 2015-02-23 12:59 - 00000000 ____D () C:\Users\mkathrv\AppData\Roaming\NCH Software
2015-02-09 21:47 - 2015-02-09 21:47 - 00627776 _____ (NCH Software) C:\Users\Gerry\Downloads\switchsetup.exe
2015-02-09 14:21 - 2015-02-09 14:21 - 00000000 ____D () C:\Users\mkathrv\AppData\Roaming\AVS4YOU
2015-02-09 14:21 - 2015-02-09 14:21 - 00000000 ____D () C:\ProgramData\AVS4YOU
2015-02-09 14:20 - 2015-02-09 21:53 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-02-09 14:17 - 2015-02-09 14:17 - 42836192 _____ (Online Media Technologies Ltd. ) C:\Users\mkathrv\Downloads\AVSAudioConverter.exe
2015-02-04 20:14 - 2015-02-04 20:14 - 00001241 _____ () C:\Users\Public\Desktop\Leawo Blu-ray Creator.lnk
2015-02-04 20:14 - 2015-02-04 20:14 - 00000000 ____D () C:\Users\Gerry\AppData\Local\Leawo Blu-ray Creator
2015-02-04 20:12 - 2015-02-04 20:13 - 51202200 _____ (Leawo Software Co., Ltd. ) C:\Users\mkathrv\Downloads\bluraycreator_setup.exe
2015-02-03 19:23 - 2015-02-22 14:27 - 00000796 _____ () C:\Users\mkathrv\Desktop\Change of address List.txt
2015-02-02 14:49 - 2015-02-02 14:49 - 00170504 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\psmounterex.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-01 12:38 - 2013-07-02 17:53 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-01 12:30 - 2015-01-01 22:08 - 00000000 ____D () C:\Program Files (x86)\Telstra Broadband Assistant
2015-03-01 12:30 - 2014-05-14 22:51 - 00000358 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-03-01 12:29 - 2013-08-23 01:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-01 12:28 - 2013-08-23 00:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-01 12:18 - 2012-07-26 18:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-01 12:17 - 2013-05-24 15:54 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4052331037-556818154-8592725-1001
2015-03-01 12:00 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-01 11:29 - 2013-11-22 17:29 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4052331037-556818154-8592725-1001UA.job
2015-02-28 20:39 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-28 20:34 - 2013-05-24 15:45 - 00000000 ____D () C:\Users\mkathrv\AppData\Local\Packages
2015-02-28 19:29 - 2013-11-22 17:29 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4052331037-556818154-8592725-1001Core.job
2015-02-28 13:03 - 2014-03-17 21:57 - 00158208 ___SH () C:\Users\mkathrv\Desktop\Thumbs.db
2015-02-28 10:00 - 2015-01-22 17:02 - 00000000 ____D () C:\AdwCleaner
2015-02-26 19:15 - 2014-03-28 19:41 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-26 19:15 - 2014-03-28 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-26 19:15 - 2014-03-28 19:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-26 19:14 - 2014-03-28 19:41 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-26 16:16 - 2014-06-01 16:16 - 00151040 ___SH () C:\Users\mkathrv\Downloads\Thumbs.db
2015-02-26 14:34 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-25 22:12 - 2013-10-25 16:54 - 00000226 _____ () C:\Users\mkathrv\Desktop\Bing.url
2015-02-25 17:50 - 2013-06-23 21:57 - 00000000 ____D () C:\Users\Gerry\Documents\Calibre Library
2015-02-25 17:44 - 2014-02-03 17:20 - 00001312 _____ () C:\Users\Gerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-02-25 17:44 - 2013-10-21 17:22 - 00001219 _____ () C:\Users\Gerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-25 17:31 - 2014-02-20 20:51 - 00000944 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2015-02-25 17:31 - 2014-02-20 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-02-25 17:31 - 2014-02-20 20:51 - 00000000 ____D () C:\Program Files\Calibre2
2015-02-25 17:13 - 2014-05-14 22:50 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-02-23 16:20 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-23 15:15 - 2014-02-05 19:37 - 00000000 ____D () C:\ProgramData\Macrium
2015-02-23 15:04 - 2013-10-24 15:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-23 15:03 - 2013-10-24 15:27 - 00000000 ____D () C:\Program Files\iPod
2015-02-23 15:03 - 2013-10-24 15:25 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-23 14:54 - 2014-05-14 22:51 - 00002980 _____ () C:\WINDOWS\System32\Tasks\GU5SkipUAC
2015-02-23 14:54 - 2014-05-14 22:51 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-02-23 14:54 - 2014-05-14 22:51 - 00001090 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-02-23 14:54 - 2014-05-14 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-02-23 13:48 - 2013-10-21 16:56 - 00000000 ____D () C:\Users\mkathrv
2015-02-23 13:43 - 2014-07-02 11:20 - 00000000 ____D () C:\Users\Guest
2015-02-23 13:43 - 2013-10-21 16:55 - 00000000 ____D () C:\Users\Gerry
2015-02-23 13:42 - 2013-10-04 22:16 - 00000000 ____D () C:\Users\mkathrv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-23 13:42 - 2013-08-23 02:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-02-23 13:42 - 2013-08-23 00:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-02-23 13:37 - 2014-05-10 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-02-23 13:01 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-23 12:48 - 2014-05-10 22:00 - 00000000 ____D () C:\Program Files (x86)\Evernote
2015-02-18 14:09 - 2014-05-31 19:40 - 00823808 ___SH () C:\Users\Gerry\Downloads\Thumbs.db
2015-02-15 21:20 - 2014-05-10 22:01 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk
2015-02-14 21:59 - 2013-07-27 00:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-14 21:40 - 2013-05-24 17:22 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-14 18:25 - 2015-01-13 15:17 - 00000000 ____D () C:\Program Files (x86)\Wireless Wizard
2015-02-14 18:24 - 2013-05-30 00:44 - 00003590 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4052331037-556818154-8592725-1004
2015-02-14 18:09 - 2013-10-21 17:26 - 00000000 ___DO () C:\Users\Gerry\SkyDrive
2015-02-14 15:32 - 2013-09-30 15:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-13 15:44 - 2014-02-23 11:46 - 00000000 ____D () C:\Users\mkathrv\Documents\Gerry checklist
2015-02-12 22:36 - 2012-10-29 00:05 - 00002042 _____ () C:\Users\Public\Desktop\ASUS Vibe Fun Center.lnk
2015-02-12 22:36 - 2012-10-29 00:05 - 00000000 ____D () C:\AsusVibeData
2015-02-12 22:36 - 2012-08-05 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-02-12 21:27 - 2013-08-23 01:44 - 00362544 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-12 17:08 - 2014-12-11 17:30 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-12 17:08 - 2014-07-11 12:47 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-05 19:24 - 2013-11-22 17:29 - 00003892 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4052331037-556818154-8592725-1001UA
2015-02-05 19:24 - 2013-11-22 17:29 - 00003512 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4052331037-556818154-8592725-1001Core
2015-02-05 09:38 - 2013-07-02 17:53 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 20:14 - 2014-06-14 19:49 - 00000000 ____D () C:\ProgramData\Leawo
2015-02-04 20:14 - 2014-06-14 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
2015-02-04 06:31 - 2014-11-12 20:21 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-04 06:31 - 2014-11-12 20:21 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-08-11 15:57 - 2014-08-11 15:57 - 15000576 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-05-30 00:27 - 2014-03-21 08:02 - 0000380 _____ () C:\Users\Gerry\AppData\Roaming\sp_data.sys
2013-11-26 12:29 - 2015-01-01 23:30 - 0007656 _____ () C:\Users\Gerry\AppData\Local\Resmon.ResmonCfg
2012-08-05 12:42 - 2012-07-30 17:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-05 12:42 - 2009-07-22 21:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe

Some content of TEMP:
====================
C:\Users\Gerry\AppData\Local\Temp\Quarantine.exe
C:\Users\Gerry\AppData\Local\Temp\sqlite3.dll
C:\Users\mkathrv\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaoubs5.dll
C:\Users\mkathrv\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi_tawv.dll
C:\Users\mkathrv\AppData\Local\Temp\ICReinstall_SoftwareUpdateSetup.exe
C:\Users\mkathrv\AppData\Local\Temp\jre-8u11-windows-au.exe
C:\Users\mkathrv\AppData\Local\Temp\jre-8u20-windows-au.exe
C:\Users\mkathrv\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\mkathrv\AppData\Local\Temp\lpuninstall.exe
C:\Users\mkathrv\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\mkathrv\AppData\Local\Temp\PicasaCD.exe
C:\Users\mkathrv\AppData\Local\Temp\Procmon64.exe
C:\Users\mkathrv\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mkathrv\AppData\Local\Temp\SoftwareUpdateSetup.exe
C:\Users\mkathrv\AppData\Local\Temp\sprz.exe
C:\Users\mkathrv\AppData\Local\Temp\wpsetup.exe

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\igfxpers.exe
C:\Windows\SysWOW64\wpcmon.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-01 12:17

==================== End Of Log ============================

Attached Files

FRST LOG 1.txt 46.28KB 219 downloads
Addition.txt 37.68KB 180 downloads
aswMBR.txt 1.91KB 211 downloads

#1
gerrybnz

Posted 27 February 2015 - 06:01 PM

Advertisements

#2
Essexboy

Posted 28 February 2015 - 06:29 AM

#3
gerrybnz

Posted 28 February 2015 - 09:00 PM

Attached Files

#4
Essexboy

Posted 01 March 2015 - 04:07 AM

#5
Essexboy

Posted 05 March 2015 - 06:12 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Crime Watch Malware [Closed]

#1 gerrybnz Posted 27 February 2015 - 06:01 PM

Advertisements

#2 Essexboy Posted 28 February 2015 - 06:29 AM

#3 gerrybnz Posted 28 February 2015 - 09:00 PM

Attached Files

#4 Essexboy Posted 01 March 2015 - 04:07 AM

#5 Essexboy Posted 05 March 2015 - 06:12 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
gerrybnz

Posted 27 February 2015 - 06:01 PM

#2
Essexboy

Posted 28 February 2015 - 06:29 AM

#3
gerrybnz

Posted 28 February 2015 - 09:00 PM

#4
Essexboy

Posted 01 March 2015 - 04:07 AM

#5
Essexboy

Posted 05 March 2015 - 06:12 AM