1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cannot remove Lucksearches.com Malware

Discussion in 'Virus & Other Malware Removal' started by SiKPupE, Mar 24, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. SiKPupE

    SiKPupE Thread Starter

    Joined:
    Sep 19, 2007
    Messages:
    34
    Hi.

    I recently noticed my browser has been hijacked by Luckysearches.com. I've tried everything I can think of. I removed it from Internet Explorer Add-ons. I've run Malwarebytes which did not even pick it up. I downloaded and ran Spyhunter 4 which all the sites I looked at recommended, waste of money that was. It found it but did not or could not remove it properly. I've run Spybot which did not pick it up and also ran AVG twice still to no avail. I've run Spyhunter and Malwerbytes in both normal mode and safety mode. It's got to the point where I'm ready to do a clean install of Win7. I tried doing a system restore but cannot go back further than the 22nd March and I got the malware on the 20th so that didn't work either. Windows malicious software removal tool did not pickup anything. Can you please assist. Thanks.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, Intel64 Family 6 Model 42 Stepping 7
    Processor Count: 8
    RAM: 8109 Mb
    Graphics Card: Intel(R) HD Graphics 3000, -1988 Mb

    I actually run A sapphire 6970 Graphics card, not Intel.

    I've run AdwCleaner. Still no fix.

    # AdwCleaner v4.113 - Logfile created 24/03/2015 at 17:31:22
    # Updated 22/03/2015 by Xplode
    # Database : 2015-03-23.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : SiKPupE - STORM
    # Running from : C:\Users\SiKPupE\Downloads\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****

    [#] Service Deleted : WinRing0_1_2_0

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AVG Security Toolbar
    Folder Deleted : C:\Users\SiKPupE\AppData\Local\PackageAware

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\iijmpjamifmplbakhgikofogdfackici
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\TornTv Downloader
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17689


    -\\ Google Chrome v40.0.2214.115

    [C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    [C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    -\\ Chromium v

    [C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    [C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [2431 bytes] - [24/03/2015 17:26:09]
    AdwCleaner[S0].txt - [2676 bytes] - [24/03/2015 17:31:22]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2735 bytes] ##########

    Just ran Junkware Removal Tool. No change yet

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.6 (03.22.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by SiKPupE on Tue 24/03/2015 at 17:37:51.64
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services

    ~~~ Registry Values

    ~~~ Registry Keys

    ~~~ Files

    Successfully deleted: [File] C:\Windows\prefetch\TOOLBARUPDATER.EXE-5D621FC1.pf

    ~~~ Folders

    ~~~ Event Viewer Logs were cleared

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 24/03/2015 at 17:42:49.23
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Just run Rogue killer. No change.

    RogueKiller V10.5.7.0 (x64) [Mar 22 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : SiKPupE [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller.exe
    Mode : Delete -- Date : 03/24/2015 18:04:05

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 20 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\etdrv -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etdrv -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\etdrv -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 -> Deleted
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> Replaced (1)
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)

    ¤¤¤ Tasks : 1 ¤¤¤
    [Suspicious.Path] \\Origin -- C:\Users\SiKPupE\AppData\Roaming\Origin\update.vbe -> Deleted

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 7 (Driver: Loaded) ¤¤¤
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x69d82c0
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x69d82c0
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x69d82c0
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x69d82c0
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x69d82c0
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x69d82c0
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x69d82c0

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD20EARX-00PASB0 ATA Device +++++
    --- User ---
    [MBR] 7db7e93b416bcddb1eebb96619c3dd37
    [BSP] d389141ab2c5c7ad10472084c3d4880d : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953813 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1953615872 | Size: 953813 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_03242015_180216.log
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi SiKPupE,
    Please don't install, remove, or scan with anything else unless I ask, until we are through cleaning. Thanks.

    Let's get the FRST scans and see how to best address the issue.
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  3. SiKPupE

    SiKPupE Thread Starter

    Joined:
    Sep 19, 2007
    Messages:
    34
    Hi. Sorry I won't do anything until I here from you. here are the reports from FRST64.

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by SiKPupE at 2015-03-25 16:16:36
    Running from C:\Users\SiKPupE\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
    FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE)
    Adobe Flash Player 11 Plugin (HKLM-x32\...\{F83DD803-2467-4D07-9D6F-87AF0434410A}) (Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AlienFX for IskuFX (HKLM-x32\...\InstallShield_{2C3FC2CC-0A8B-409E-B487-8CD54F4DC1D4}) (Version: 1.02 - Roccat GmbH)
    AlienFX for IskuFX (Version: 1.02 - Roccat GmbH) Hidden
    AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
    Assetto Corsa Update v1.1 Incl. Dream Pack 1 (HKLM-x32\...\QXNzZXR0b0NvcnNh_is1) (Version: 1 - )
    ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.7.9.0 - ASUSTek COMPUTER INC.)
    ASUS GPU Tweak (x32 Version: 2.7.9.0 - ASUSTek COMPUTER INC.) Hidden
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5856 - AVG Technologies)
    AVG 2015 (Version: 15.0.4315 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5856 - AVG Technologies) Hidden
    AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
    AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.403 - AVG Technologies)
    AVG PC TuneUp 2015 (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
    AVS Video Converter 9.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.1.1.568 - Online Media Technologies Ltd.)
    Call of Duty Advanced Warfare Update 2 (HKLM-x32\...\Q2FsbG9mRHV0eUFkdmFuY2VkV2FyZmFyZQ==_is1) (Version: 1 - )
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
    Canon MG2400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2400_series) (Version: 1.00 - Canon Inc.)
    Canon MG2400 series On-screen Manual (HKLM-x32\...\Canon MG2400 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
    CPUID CPU-Z 1.71 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4412.58 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 15.1 - Illustrate)
    dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 11 - Illustrate)
    dBpoweramp Ogg Vorbis Codec (HKLM-x32\...\dBpoweramp Ogg Vorbis Codec) (Version: Release 23 (Vorbis v1.3.3) - Illustrate)
    dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 8 - Illustrate)
    Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
    DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
    DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version: - Codemasters Racing Studio)
    Dishonored Game of the Year Edition (HKLM-x32\...\RGlzaG9ub3JlZA==_is1) (Version: 1 - )
    Dragon Age Inquisition / RePack by Baracuda (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}_is1) (Version: 1.0.859961 - )
    DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
    Easy Tune 6 B11.0512.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
    Easy Tune 6 B11.0512.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    ePub Reader for Windows version 4.2 (HKLM-x32\...\{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1) (Version: 4.2 - HANSoft, Inc.)
    Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
    Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
    F1 2014 (HKLM-x32\...\F1 2014_is1) (Version: - )
    Far Cry 4 (HKLM-x32\...\Far Cry 4_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
    foobar2000 v1.3.7 (HKLM-x32\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
    K-Lite Codec Pack 11.0.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.0 - )
    Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
    Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Nail'd (HKLM-x32\...\{2B673C6F-BDEA-48AE-AB59-7479BF04EF6E}) (Version: 1.00 - Deep Silver)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    PerfectTUNES (HKLM-x32\...\PerfectTUNES) (Version: Release 1.7 Registered - Resolute)
    RaceRoom Racing Experience (HKLM-x32\...\Steam App 211500) (Version: - Sector3 Studios)
    RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin)
    Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
    Risen 3 (HKLM-x32\...\Risen 3_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
    ROCCAT Isku FX Keyboard Driver (HKLM-x32\...\{DC69933C-E7B0-455D-8E54-FAC1EEF046FF}) (Version: - Roccat GmbH)
    Roccat Talk (HKLM-x32\...\{605D671E-1D1E-4840-84D9-BFACE17F160D}) (Version: 1.00.0013 - Roccat GmbH)
    RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
    Setup - Call of Duty Advanced Warfare (c) Activision ... (HKLM-x32\...\Setup - Call of Duty Advanced Warfare (c) Activision ...) (Version: ... - Sledgehammer Games & High Moon Studios)
    Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Stardock Software (x32 Version: 1.00 - Stardock Corporation) Hidden
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version: - GOG.com)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
    WinX DVD Ripper Platinum 7.5.11 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
    Wolfenstein: The New Order Update 1 (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
    Xilisoft ISO Burner (HKLM-x32\...\Xilisoft ISO Burner) (Version: 1.0.56.1224 - Xilisoft)
    Xilisoft YouTube HD Video Downloader (HKLM-x32\...\Xilisoft YouTube HD Video Downloader) (Version: 3.3.3.20120810 - Xilisoft)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    22-03-2015 11:01:34 Installed SpyHunter
    22-03-2015 11:05:40 Removed SpyHunter
    22-03-2015 11:17:04 Installed SpyHunter
    22-03-2015 14:38:20 Removed SpyHunter
    22-03-2015 16:29:48 AA11
    22-03-2015 16:34:54 Removed SpyHunter
    23-03-2015 17:49:19 Restore Operation

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 15:34 - 2009-06-11 10:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {36DACAF8-3143-48CD-826E-C080AD04F7DB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-12-27] ()
    Task: {60CA4546-A876-4F15-87DD-7B013B3A7BBE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {668CFCB7-8CE3-4E63-9A43-8718A8DD4C22} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-02-19] ()
    Task: {6ACB7BD6-62E5-46BD-986C-F62BE2634CB3} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-02-25] (AVG Technologies)
    Task: {6CCB33F1-1FE4-4CAE-95BD-8A5E7020AFB4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {84549AC4-15C6-4607-B8AF-61089A2E507C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
    Task: {8AFD927B-F995-416C-AF3B-B97FDBD5DE15} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {AEB8BB62-DE64-4BF6-9A0B-61FD9FBD5802} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-24] (Piriform Ltd)
    Task: {C0DCED48-4D7C-4B1A-ABF6-6C5FCEDC6A29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
    Task: {CEBA2AE4-C413-40D5-B093-437BD63EFDDB} - System32\Tasks\InstallShield Update Service => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-02-17] (InstallShield Software Corporation)
    Task: {E5041ECF-ABAB-416E-A65C-E0B4DF0B4331} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
    2015-02-25 21:25 - 2015-02-25 21:25 - 00712504 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
    2015-02-25 21:25 - 2015-02-25 21:25 - 00855864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
    2014-12-27 19:57 - 2010-09-23 09:20 - 00776704 _____ () C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.dll
    2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-09-18 20:23 - 2014-09-18 20:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
    2014-10-15 07:51 - 2014-10-15 07:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
    2014-09-18 20:23 - 2014-09-18 20:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
    2014-10-15 07:51 - 2014-10-15 07:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
    2015-03-22 16:01 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-03-22 16:01 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-03-22 16:01 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-03-22 16:01 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2015-03-22 16:01 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-12-27 19:57 - 2014-12-27 19:58 - 00807936 _____ () C:\Program Files (x86)\Stardock\ObjectDockPlus2\CrashRpt.dll
    2014-12-27 19:57 - 2010-03-10 10:58 - 00053760 _____ () C:\Program Files (x86)\Stardock\ObjectDockPlus2\zlib.dll
    2015-01-21 15:01 - 2015-01-21 15:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-12-27 19:57 - 2010-10-01 14:50 - 00675840 _____ () C:\Program Files (x86)\Stardock\ObjectDockPlus2\DockShellHook.dll
    2014-12-28 13:57 - 2012-07-08 16:31 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Isku FX Keyboard\hiddriver.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3499644531-161774626-1265142298-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SiKPupE\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^SiKPupE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
    MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
    MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
    MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
    MSCONFIG\startupreg: PowerDVD13Agent => "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
    MSCONFIG\startupreg: PowerDVD14Agent => "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3499644531-161774626-1265142298-500 - Administrator - Disabled)
    Guest (S-1-5-21-3499644531-161774626-1265142298-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3499644531-161774626-1265142298-1004 - Limited - Enabled)
    SiKPupE (S-1-5-21-3499644531-161774626-1265142298-1000 - Administrator - Enabled) => C:\Users\SiKPupE

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/25/2015 04:10:01 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -2147023838

    Error: (03/24/2015 06:24:52 PM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3499644531-161774626-1265142298-1000.db for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program Host Process for Windows Services because of this error.

    Program: Host Process for Windows Services
    File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3499644531-161774626-1265142298-1000.db

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: C000009C
    Disk type: 3

    Error: (03/24/2015 06:24:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
    Exception code: 0xc0000006
    Fault offset: 0x000000000001d859
    Faulting process id: 0xe24
    Faulting application start time: 0xsvchost.exe_SysMain0
    Faulting application path: svchost.exe_SysMain1
    Faulting module path: svchost.exe_SysMain2
    Report Id: svchost.exe_SysMain3

    Error: (03/24/2015 06:23:49 PM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3499644531-161774626-1265142298-1000.db for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program Host Process for Windows Services because of this error.

    Program: Host Process for Windows Services
    File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3499644531-161774626-1265142298-1000.db

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: C000009C
    Disk type: 3

    Error: (03/24/2015 06:23:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
    Exception code: 0xc0000006
    Fault offset: 0x000000000001d859
    Faulting process id: 0x175c
    Faulting application start time: 0xsvchost.exe_SysMain0
    Faulting application path: svchost.exe_SysMain1
    Faulting module path: svchost.exe_SysMain2
    Report Id: svchost.exe_SysMain3

    Error: (03/24/2015 06:22:44 PM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3499644531-161774626-1265142298-1000.db for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program Host Process for Windows Services because of this error.

    Program: Host Process for Windows Services
    File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3499644531-161774626-1265142298-1000.db

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: C000009C
    Disk type: 3

    Error: (03/24/2015 06:22:44 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
    Exception code: 0xc0000006
    Fault offset: 0x000000000001d859
    Faulting process id: 0x5a0
    Faulting application start time: 0xsvchost.exe_SysMain0
    Faulting application path: svchost.exe_SysMain1
    Faulting module path: svchost.exe_SysMain2
    Report Id: svchost.exe_SysMain3

    Error: (03/24/2015 05:45:37 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: StORm)
    Description: HRESULT:0x8004FF0A
    Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.


    System errors:
    =============
    Error: (03/25/2015 04:06:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (03/24/2015 06:24:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

    Error: (03/24/2015 06:24:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

    Error: (03/24/2015 06:24:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Superfetch service terminated unexpectedly. It has done this 3 time(s).

    Error: (03/24/2015 06:24:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 3 time(s).

    Error: (03/24/2015 06:24:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Network Connections service terminated unexpectedly. It has done this 3 time(s).

    Error: (03/24/2015 06:24:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The HomeGroup Listener service terminated unexpectedly. It has done this 3 time(s).

    Error: (03/24/2015 06:24:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Human Interface Device Access service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

    Error: (03/24/2015 06:24:52 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (03/24/2015 06:23:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


    Microsoft Office Sessions:
    =========================
    Error: (03/25/2015 04:10:01 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -2147023838

    Error: (03/24/2015 06:24:52 PM) (Source: Application Error) (EventID: 1005) (User: )
    Description: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3499644531-161774626-1265142298-1000.dbHost Process for Windows ServicesC000009C3

    Error: (03/24/2015 06:24:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000006000000000001d859e2401d065f2b568cc31C:\Windows\System32\svchost.exec:\windows\system32\sysmain.dll18c03d88-d1e6-11e4-ab4f-50e54941e533

    Error: (03/24/2015 06:23:49 PM) (Source: Application Error) (EventID: 1005) (User: )
    Description: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3499644531-161774626-1265142298-1000.dbHost Process for Windows ServicesC000009C3

    Error: (03/24/2015 06:23:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000006000000000001d859175c01d065f28f174568C:\Windows\System32\svchost.exec:\windows\system32\sysmain.dllf2e0f8cc-d1e5-11e4-ab4f-50e54941e533

    Error: (03/24/2015 06:22:44 PM) (Source: Application Error) (EventID: 1005) (User: )
    Description: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3499644531-161774626-1265142298-1000.dbHost Process for Windows ServicesC000009C3

    Error: (03/24/2015 06:22:44 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000006000000000001d8595a001d065eb991768bbC:\Windows\System32\svchost.exec:\windows\system32\sysmain.dllcc70801f-d1e5-11e4-ab4f-50e54941e533

    Error: (03/24/2015 05:45:37 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: StORm)
    Description: HRESULT:0x8004FF0A
    Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
    Percentage of memory in use: 26%
    Total physical RAM: 8109.12 MB
    Available physical RAM: 5981.79 MB
    Total Pagefile: 16216.42 MB
    Available Pagefile: 13985.93 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.46 GB) (Free:459.11 GB) NTFS
    Drive d: (SiKPupE) (Fixed) (Total:931.46 GB) (Free:26.64 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4214E4E0)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by SiKPupE (administrator) on STORM on 25-03-2015 16:15:53
    Running from C:\Users\SiKPupE\Downloads
    Loaded Profiles: SiKPupE (Available profiles: SiKPupE)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    () C:\Windows\SysWOW64\ASGT.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    (Stardock) C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
    (ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Isku FX Keyboard\IskuFXMonitor.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
    (Stardock) C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2014-12-27] (Realtek Semiconductor)
    HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-15] (Logitech Inc.)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-06] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [RoccatIskuFX] => C:\Program Files (x86)\ROCCAT\Isku FX Keyboard\IskuFXMonitor.exe [540672 2014-10-19] (ROCCAT GmbH)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3499644531-161774626-1265142298-1000\...\MountPoints2: {3c069270-8d5d-11e4-b936-50e54941e533} - I:\setup.exe
    IFEO\databasecompare.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\des2.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\onenotem.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\spreadsheetcompare.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    Startup: C:\Users\SiKPupE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKU\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3499644531-161774626-1265142298-1000 -> DefaultScope {62831258-4B91-477E-98D3-7DAB38A13748} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3499644531-161774626-1265142298-1000 -> {62831258-4B91-477E-98D3-7DAB38A13748} URL = https://www.google.com/search?q={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
    Toolbar: HKU\S-1-5-21-3499644531-161774626-1265142298-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
    Handler: WSWSVCUchrome - No CLSID Value
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll [2014-12-28] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll [2014-12-28] ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)

    Chrome:
    =======
    CHR HomePage: Default ->
    CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.luckysearches.com/?type=hp&ts=1426917662&from=exp&uid=WDCXWD20EARX-00PASB0_WD-WCAZA771822318223"
    CHR DefaultSearchKeyword: Default -> google.co.nz
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-16]
    CHR Extension: (Google Docs) - C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-16]
    CHR Extension: (Google Drive) - C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-16]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-16]
    CHR Extension: (YouTube) - C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-16]
    CHR Extension: (Google Search) - C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-16]
    CHR Extension: (Google Sheets) - C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-16]
    CHR Extension: (Google Wallet) - C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
    CHR Extension: (Gmail) - C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-16]
    StartMenuInternet: Google Chrome - Chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
    R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1516968 2015-03-06] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-06] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-06] (AVG Technologies CZ, s.r.o.)
    S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-06] (Alcohol Soft Development Team)
    S4 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-25] (AVG Technologies)
    R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44856 2015-02-25] (AVG Technologies)
    R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [36664 2015-02-25] (AVG Technologies)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-12-31] ()
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [58136 2014-12-03] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [280544 2015-02-24] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-27] (REALiX(tm))
    R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-12-31] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-23] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-03-07] (Duplex Secure Ltd.)
    R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-11-24] (TuneUp Software)
    R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-08-12] (CyberLink Corp.)
    U3 aibqwust; C:\Windows\System32\Drivers\aibqwust.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
    S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-25 16:15 - 2015-03-25 16:16 - 00019692 _____ () C:\Users\SiKPupE\Downloads\FRST.txt
    2015-03-25 16:15 - 2015-03-25 16:15 - 02095616 _____ (Farbar) C:\Users\SiKPupE\Downloads\FRST64.exe
    2015-03-25 16:15 - 2015-03-25 16:15 - 00000000 ____D () C:\FRST
    2015-03-24 17:57 - 2015-03-24 18:04 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-03-24 17:57 - 2015-03-24 17:57 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-03-24 17:57 - 2015-03-24 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2015-03-24 17:57 - 2015-03-24 17:57 - 00000000 ____D () C:\Program Files\RogueKiller
    2015-03-24 17:54 - 2015-03-24 17:55 - 18477496 _____ (Adlice Software ) C:\Users\SiKPupE\Downloads\setup.exe
    2015-03-24 17:45 - 2015-03-24 17:45 - 00002052 _____ () C:\Windows\epplauncher.mif
    2015-03-24 17:26 - 2015-03-24 17:31 - 00000000 ____D () C:\AdwCleaner
    2015-03-24 17:19 - 2015-03-24 17:19 - 41840320 _____ (Microsoft Corporation) C:\Users\SiKPupE\Downloads\Windows-KB890830-x64-V5.22.exe
    2015-03-24 17:18 - 2015-03-24 17:18 - 01388782 _____ (Thisisu) C:\Users\SiKPupE\Downloads\JRT.exe
    2015-03-24 17:17 - 2015-03-24 17:17 - 02168320 _____ () C:\Users\SiKPupE\Downloads\AdwCleaner.exe
    2015-03-24 17:00 - 2015-03-24 17:00 - 00509440 _____ (Tech Support Guy System) C:\Users\SiKPupE\Downloads\SysInfo.exe
    2015-03-22 16:30 - 2015-03-22 16:30 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
    2015-03-22 16:01 - 2015-03-23 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-03-22 16:01 - 2015-03-23 17:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-03-22 16:01 - 2015-03-22 16:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-03-22 16:01 - 2015-03-22 16:01 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-03-22 16:01 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2015-03-22 15:58 - 2015-03-22 15:58 - 00000000 ____D () C:\ProgramData\Lavasoft
    2015-03-22 11:17 - 2015-03-22 11:17 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
    2015-03-22 11:16 - 2015-03-23 17:56 - 00000000 ____D () C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
    2015-03-22 11:01 - 2015-03-23 17:56 - 00000000 ____D () C:\Windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
    2015-03-21 21:39 - 2015-03-21 21:39 - 00000000 _____ () C:\autoexec.bat
    2015-03-21 16:18 - 2015-03-21 16:48 - 00000000 ____D () C:\Users\SiKPupE\Documents\Assetto Corsa
    2015-03-21 15:53 - 2015-03-21 15:53 - 00000856 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assetto Corsa.lnk
    2015-03-21 15:32 - 2015-03-23 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assetto Corsa
    2015-03-21 15:32 - 2015-03-21 16:03 - 00000000 ____D () C:\Program Files (x86)\Assetto Corsa
    2015-03-21 06:00 - 2015-03-21 06:01 - 00000000 ____D () C:\Users\SiKPupE\Downloads\5. Movies
    2015-03-20 23:36 - 2015-03-23 17:56 - 00000000 ____D () C:\Users\SiKPupE\Downloads\2. Files
    2015-03-20 23:36 - 2015-03-21 15:24 - 00000000 ____D () C:\Users\SiKPupE\Downloads\3. Games
    2015-03-20 23:36 - 2015-03-21 08:40 - 00000000 ____D () C:\Users\SiKPupE\Downloads\1. Pics
    2015-03-20 23:33 - 2015-03-21 06:04 - 00000968 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Advanced Warfare.lnk
    2015-03-20 17:44 - 2015-03-21 11:36 - 00000000 ____D () C:\Program Files (x86)\Call of Duty Advanced Warfare
    2015-03-20 17:04 - 2015-03-20 17:04 - 00000000 ____D () C:\Users\SiKPupE\Documents\FLiNGTrainer
    2015-03-20 16:54 - 2015-03-23 17:56 - 00000000 ____D () C:\Users\SiKPupE\AppData\Roaming\Azureus
    2015-03-18 20:03 - 2015-03-20 21:57 - 00000000 ____D () C:\Users\SiKPupE\AppData\Roaming\foobar2000
    2015-03-18 20:03 - 2015-03-20 21:57 - 00000000 ____D () C:\Program Files (x86)\foobar2000
    2015-03-18 20:03 - 2015-03-18 20:03 - 00001113 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
    2015-03-15 15:37 - 2015-03-15 15:37 - 00000000 _____ () C:\Windows\setuperr.log
    2015-03-15 00:55 - 2015-03-15 00:57 - 00001043 _____ () C:\Windows\DVDXRestrictionFree.ini
    2015-03-15 00:55 - 2015-03-15 00:55 - 00000014 _____ () C:\Windows\SysWOW64\SysEngine2.SYS
    2015-03-13 20:49 - 2015-03-13 20:49 - 00000000 ____D () C:\Users\SiKPupE\AppData\Local\Apple Computer
    2015-03-13 20:45 - 2015-03-13 21:08 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-03-13 20:45 - 2015-03-13 20:45 - 00000000 ____D () C:\ProgramData\Apple Computer
    2015-03-13 20:44 - 2015-03-13 20:44 - 00000000 ____D () C:\Users\SiKPupE\AppData\Local\Apple
    2015-03-13 17:30 - 2015-03-13 17:48 - 00000000 ____D () C:\Users\SiKPupE\Documents\Recipies
    2015-03-12 12:38 - 2015-03-12 12:38 - 00000000 ____D () C:\Users\SiKPupE\Documents\DyingLight
    2015-03-12 12:37 - 2015-01-27 11:40 - 00000226 _____ () C:\Program Files (x86)\update-DyingLight.bat
    2015-03-12 12:37 - 2014-05-25 14:38 - 00000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
    2015-03-11 13:59 - 2015-02-03 16:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-03-11 13:59 - 2015-02-03 16:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-03-11 13:59 - 2015-02-03 16:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-03-11 13:59 - 2015-02-03 16:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-03-11 13:59 - 2015-02-03 16:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-03-11 13:59 - 2015-02-03 16:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-03-11 13:59 - 2015-02-03 16:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-03-11 13:59 - 2015-02-03 16:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-03-11 13:59 - 2015-02-03 16:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-03-11 13:59 - 2015-02-03 16:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-03-11 13:59 - 2015-02-03 16:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2015-03-11 13:59 - 2015-02-03 16:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-03-11 13:59 - 2015-02-03 16:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-03-11 13:59 - 2015-02-03 16:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-03-11 13:59 - 2015-02-03 16:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-03-11 13:59 - 2015-02-03 16:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-03-11 13:59 - 2015-02-03 16:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2015-03-11 13:59 - 2015-02-03 16:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2015-03-11 13:59 - 2015-02-03 16:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2015-03-11 13:59 - 2015-02-03 16:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2015-03-11 13:58 - 2015-03-06 18:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-03-11 13:58 - 2015-03-06 18:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-03-11 13:58 - 2015-03-06 18:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-03-11 13:58 - 2015-03-06 18:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-03-11 13:58 - 2015-03-06 18:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-03-11 13:58 - 2015-03-06 18:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-03-11 13:58 - 2015-03-06 18:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-03-11 13:58 - 2015-03-06 18:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-03-11 13:58 - 2015-03-06 18:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-03-11 13:58 - 2015-03-06 18:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-03-11 13:58 - 2015-03-06 18:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-03-11 13:58 - 2015-03-06 18:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-03-11 13:58 - 2015-03-06 18:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-03-11 13:58 - 2015-03-06 18:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-03-11 13:58 - 2015-03-06 18:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-03-11 13:58 - 2015-03-06 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-03-11 13:58 - 2015-03-06 18:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-03-11 13:58 - 2015-03-06 18:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-03-11 13:58 - 2015-03-06 18:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-03-11 13:58 - 2015-03-06 18:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-03-11 13:58 - 2015-03-06 18:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-03-11 13:58 - 2015-03-06 18:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-03-11 13:58 - 2015-03-06 18:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-03-11 13:58 - 2015-03-06 18:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-03-11 13:58 - 2015-03-06 18:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-03-11 13:58 - 2015-03-06 18:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-03-11 13:58 - 2015-03-06 18:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-03-11 13:58 - 2015-03-06 18:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-03-11 13:58 - 2015-03-06 18:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-03-11 13:58 - 2015-03-06 18:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-03-11 13:58 - 2015-03-06 18:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-03-11 13:58 - 2015-02-24 16:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-03-11 13:58 - 2015-02-24 15:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-03-11 13:58 - 2015-02-21 13:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-03-11 13:58 - 2015-02-21 13:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-03-11 13:58 - 2015-02-21 13:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-03-11 13:58 - 2015-02-21 13:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-03-11 13:58 - 2015-02-21 12:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-03-11 13:58 - 2015-02-21 12:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-03-11 13:58 - 2015-02-20 17:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-03-11 13:58 - 2015-02-20 17:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-03-11 13:58 - 2015-02-20 17:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-03-11 13:58 - 2015-02-20 17:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-03-11 13:58 - 2015-02-20 17:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-03-11 13:58 - 2015-02-20 17:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-03-11 13:58 - 2015-02-20 17:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-03-11 13:58 - 2015-02-20 17:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-03-11 13:58 - 2015-02-20 16:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-03-11 13:58 - 2015-02-20 16:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-03-11 13:58 - 2015-02-20 16:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-03-11 13:58 - 2015-02-20 16:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-03-11 13:58 - 2015-02-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-03-11 13:58 - 2015-02-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-03-11 13:58 - 2015-02-20 15:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-03-11 13:58 - 2015-02-20 15:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-03-11 13:58 - 2015-02-20 15:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-03-11 13:58 - 2015-02-20 15:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-03-11 13:58 - 2015-02-20 15:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-03-11 13:58 - 2015-02-20 15:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-03-11 13:58 - 2015-02-20 15:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-03-11 13:58 - 2015-02-20 15:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-03-11 13:58 - 2015-02-20 15:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-03-11 13:58 - 2015-02-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-03-11 13:58 - 2015-02-20 15:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-03-11 13:58 - 2015-02-20 15:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-03-11 13:58 - 2015-02-20 15:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-03-11 13:58 - 2015-02-20 15:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-03-11 13:58 - 2015-02-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-03-11 13:58 - 2015-02-20 15:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-03-11 13:58 - 2015-02-20 15:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-03-11 13:58 - 2015-02-20 15:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-03-11 13:58 - 2015-02-20 14:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-03-11 13:58 - 2015-02-20 14:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-03-11 13:58 - 2015-02-20 14:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-03-11 13:58 - 2015-02-20 14:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-03-11 13:58 - 2015-02-20 14:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-03-11 13:58 - 2015-02-20 14:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-03-11 13:58 - 2015-02-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-03-11 13:58 - 2015-02-20 14:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-03-11 13:58 - 2015-02-20 14:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-03-11 13:58 - 2015-02-20 14:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-03-11 13:58 - 2015-02-20 14:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-03-11 13:58 - 2015-02-20 14:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-03-11 13:58 - 2015-02-20 14:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-03-11 13:58 - 2015-02-20 14:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-03-11 13:58 - 2015-02-20 14:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-03-11 13:58 - 2015-02-20 14:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-03-11 13:58 - 2015-02-20 14:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-03-11 13:58 - 2015-02-20 13:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-03-11 13:58 - 2015-02-20 13:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-03-11 13:58 - 2015-02-13 18:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-03-11 13:58 - 2015-02-13 18:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-03-11 13:58 - 2015-02-03 16:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-03-11 13:58 - 2015-02-03 16:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-03-11 13:58 - 2015-02-03 16:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-03-11 13:58 - 2015-02-03 16:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-03-11 13:58 - 2015-02-03 16:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-03-11 13:58 - 2015-02-03 16:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-03-11 13:58 - 2015-02-03 16:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-03-11 13:58 - 2015-02-03 16:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-03-11 13:58 - 2015-02-03 16:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-03-11 13:58 - 2015-02-03 16:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-03-11 13:58 - 2015-02-03 16:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-03-11 13:58 - 2015-02-03 16:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-03-11 13:58 - 2015-02-03 16:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-03-11 13:58 - 2015-02-03 16:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-03-11 13:58 - 2015-02-03 16:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-03-11 13:58 - 2015-02-03 16:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-03-11 13:58 - 2015-02-03 16:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-03-11 13:58 - 2015-02-03 16:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-03-11 13:58 - 2015-02-03 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-03-11 13:58 - 2015-02-03 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-03-11 13:58 - 2015-02-03 16:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-03-11 13:58 - 2015-02-03 16:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-03-11 13:58 - 2015-02-03 16:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-03-11 13:58 - 2015-02-03 16:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-03-11 13:58 - 2015-02-03 16:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-03-11 13:58 - 2015-02-03 16:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-03-11 13:58 - 2015-02-03 16:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-03-11 13:58 - 2015-02-03 16:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-03-11 13:58 - 2015-02-03 16:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-03-11 13:58 - 2015-02-03 16:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-03-11 13:58 - 2015-02-03 16:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-03-11 13:58 - 2015-02-03 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-03-11 13:58 - 2015-02-03 16:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-03-11 13:58 - 2015-02-03 16:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-03-11 13:58 - 2015-02-03 16:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-03-11 13:58 - 2015-02-03 16:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-03-11 13:58 - 2015-02-03 16:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-03-11 13:58 - 2015-02-03 16:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-03-11 13:58 - 2015-02-03 16:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-03-11 13:58 - 2015-02-03 16:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-03-11 13:58 - 2015-02-03 16:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-03-11 13:58 - 2015-02-03 16:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-03-11 13:58 - 2015-02-03 16:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-03-11 13:58 - 2015-02-03 16:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-03-11 13:58 - 2015-02-03 16:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-03-11 13:58 - 2015-02-03 16:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-03-11 13:58 - 2015-02-03 16:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-03-11 13:58 - 2015-02-03 16:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-03-11 13:58 - 2015-02-03 16:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-03-11 13:58 - 2015-02-03 16:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-03-11 13:58 - 2015-02-03 15:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-03-11 13:58 - 2015-01-31 12:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-03-11 13:58 - 2014-11-01 11:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-03-11 13:58 - 2014-06-28 13:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-03-11 13:58 - 2014-06-28 13:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-03-11 13:57 - 2015-02-26 16:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-03-11 13:57 - 2015-02-21 14:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-03-11 13:57 - 2015-02-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-03-11 13:57 - 2015-02-20 15:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-03-11 13:57 - 2015-02-20 15:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-03-11 13:57 - 2015-02-20 15:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-03-11 13:57 - 2015-02-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-03-11 13:57 - 2015-02-20 14:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-03-11 13:57 - 2015-02-03 16:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-03-11 13:57 - 2015-02-03 16:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-03-11 13:57 - 2015-02-03 16:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-03-11 13:57 - 2015-02-03 16:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-03-11 13:57 - 2015-01-31 16:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-03-11 13:57 - 2015-01-31 16:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2015-03-11 13:57 - 2015-01-31 12:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-03-11 13:57 - 2015-01-17 15:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-03-11 13:57 - 2015-01-17 15:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-03-11 13:54 - 2015-02-04 16:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-03-11 13:54 - 2015-02-04 15:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-03-08 13:21 - 2015-03-08 18:21 - 00000000 ___HD () C:\Users\SiKPupE\AppData\Roaming\Origin
    2015-03-07 14:07 - 2015-03-12 20:52 - 00004102 _____ () C:\Users\SiKPupE\Documents\ax_files.xml
    2015-03-07 14:02 - 2015-03-07 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
    2015-03-07 14:02 - 2015-03-07 14:02 - 00000000 ____D () C:\Program Files (x86)\Alcohol Soft
    2015-03-06 19:48 - 2015-03-06 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
    2015-03-06 19:47 - 2015-03-06 19:47 - 00000000 ____D () C:\Users\SiKPupE\AppData\Roaming\Digiarty
    2015-03-06 19:47 - 2015-03-06 19:47 - 00000000 ____D () C:\Program Files (x86)\Digiarty
    2015-03-06 19:44 - 2015-03-06 19:44 - 00099384 _____ () C:\Users\SiKPupE\AppData\Roaming\inst.exe
    2015-03-06 19:44 - 2015-03-06 19:44 - 00082816 _____ (VSO Software) C:\Users\SiKPupE\AppData\Roaming\pcouffin.sys
    2015-03-06 19:44 - 2015-03-06 19:44 - 00007859 _____ () C:\Users\SiKPupE\AppData\Roaming\pcouffin.cat
    2015-03-06 19:44 - 2015-03-06 19:44 - 00000055 _____ () C:\Users\SiKPupE\AppData\Roaming\pcouffin.log
    2015-03-06 19:44 - 2015-03-06 19:44 - 00000000 ____D () C:\Users\SiKPupE\AppData\Roaming\Vso
    2015-03-06 10:52 - 2015-03-06 10:52 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
    2015-03-05 13:37 - 2015-03-05 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
    2015-03-05 13:37 - 2015-03-05 13:37 - 00000000 ____D () C:\Program Files\Speccy
    2015-03-05 13:12 - 2015-02-25 21:24 - 00044856 _____ (AVG Technologies) C:\Windows\system32\uxtuneup.dll
    2015-03-05 13:12 - 2015-02-25 21:24 - 00036664 _____ (AVG Technologies) C:\Windows\SysWOW64\uxtuneup.dll
    2015-03-05 12:52 - 2015-03-05 12:52 - 00002211 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
    2015-03-05 12:52 - 2015-03-05 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015
    2015-03-05 12:52 - 2015-02-25 21:25 - 00041784 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe
    2015-03-05 12:52 - 2015-02-25 21:24 - 00030520 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll
    2015-03-05 12:52 - 2015-02-25 21:24 - 00025912 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll
    2015-03-04 11:06 - 2015-03-04 11:31 - 00000000 ____D () C:\Users\SiKPupE\AppData\Roaming\ImgBurn
    2015-03-04 11:04 - 2015-03-04 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
    2015-03-04 11:04 - 2015-03-04 11:04 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
    2015-02-27 08:43 - 2015-03-23 16:01 - 00099526 _____ () C:\Windows\PFRO.log
    2015-02-26 19:15 - 2015-03-25 15:59 - 00018372 _____ () C:\Windows\setupact.log
    2015-02-26 17:02 - 2015-02-26 17:05 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
    2015-02-26 17:01 - 2015-02-26 17:02 - 00000000 ___HD () C:\ProgramData\CanonIJScan
    2015-02-25 18:36 - 2015-02-25 18:36 - 00003584 _____ () C:\Users\SiKPupE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-25 17:37 - 2015-02-25 17:37 - 00284128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
    2015-02-25 17:04 - 2015-01-09 12:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
    2015-02-25 17:04 - 2015-01-09 12:43 - 00419936 _____ () C:\Windows\system32\locale.nls
    2015-02-24 19:28 - 2015-03-05 11:29 - 00000022 _____ () C:\Windows\GPU-Z.INI
    2015-02-24 19:20 - 2015-02-24 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    2015-02-24 19:20 - 2015-02-24 19:20 - 00000000 ____D () C:\Program Files (x86)\ASUS
    2015-02-24 19:19 - 2015-02-24 19:19 - 00000000 ____D () C:\Windows\Downloaded Installations
    2015-02-24 19:19 - 2015-02-24 19:19 - 00000000 ____D () C:\Users\SiKPupE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
    2015-02-24 16:46 - 2015-02-24 16:46 - 00280544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
    2015-02-23 18:36 - 2015-02-24 18:49 - 00000000 ____D () C:\Program Files (x86)\ePub Reader
    2015-02-23 18:36 - 2015-02-23 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ePub Reader

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-25 16:11 - 2009-07-14 17:45 - 00015168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-25 16:11 - 2009-07-14 17:45 - 00015168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-25 16:08 - 2014-12-27 11:30 - 02014127 _____ () C:\Windows\WindowsUpdate.log
    2015-03-25 16:03 - 2014-12-27 13:27 - 00000000 ____D () C:\ProgramData\MFAData
    2015-03-25 15:59 - 2009-07-14 18:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-23 17:56 - 2014-12-27 14:36 - 00000000 ____D () C:\Program Files\dBpoweramp
    2015-03-23 17:56 - 2014-12-27 11:35 - 00000000 ____D () C:\Users\SiKPupE
    2015-03-23 17:56 - 2009-07-14 16:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2015-03-23 17:56 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
    2015-03-23 17:56 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\servicing
    2015-03-23 17:56 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\registration
    2015-03-23 17:56 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\AppCompat
    2015-03-23 16:22 - 2009-07-14 18:13 - 00785858 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-23 16:03 - 2014-12-27 19:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-22 16:23 - 2015-01-21 21:55 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2015-03-22 13:56 - 2009-07-14 18:08 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-03-22 11:15 - 2014-12-27 11:35 - 00001627 _____ () C:\Users\SiKPupE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-03-21 22:20 - 2014-12-28 11:42 - 00000000 ____D () C:\ProgramData\Origin
    2015-03-21 21:31 - 2015-01-16 15:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-21 21:31 - 2015-01-16 15:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-21 21:18 - 2015-01-16 15:15 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-03-21 21:18 - 2015-01-16 15:15 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-03-21 19:22 - 2014-12-27 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2015-03-21 15:30 - 2014-12-28 14:36 - 00000000 ____D () C:\Users\SiKPupE\Documents\My Games
    2015-03-20 22:03 - 2014-12-27 12:34 - 00112776 _____ () C:\Users\SiKPupE\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-03-20 22:02 - 2009-07-14 17:45 - 00435184 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-20 21:55 - 2014-12-27 20:32 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-03-20 16:55 - 2014-12-27 14:02 - 00001848 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
    2015-03-20 16:55 - 2014-12-27 14:02 - 00000000 ____D () C:\Program Files (x86)\Vuze
    2015-03-18 19:10 - 2014-12-27 13:09 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-03-17 17:16 - 2014-12-28 14:11 - 00000000 ____D () C:\ProgramData\Apple
    2015-03-15 20:27 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\rescache
    2015-03-15 01:55 - 2015-01-08 19:43 - 00000000 ____D () C:\Users\SiKPupE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
    2015-03-15 01:55 - 2015-01-08 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
    2015-03-15 01:49 - 2015-01-27 17:10 - 00000000 ____D () C:\Windows\Minidump
    2015-03-13 20:51 - 2015-02-17 16:17 - 00000000 ____D () C:\Users\SiKPupE\AppData\Roaming\Apple Computer
    2015-03-12 20:53 - 2015-01-23 15:31 - 00000000 ____D () C:\ProgramData\DVD Shrink
    2015-03-12 12:07 - 2015-01-05 18:47 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-03-11 18:48 - 2014-12-28 03:06 - 122905856 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-03-11 14:20 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2015-03-11 14:20 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\system32\Dism
    2015-03-11 14:19 - 2014-12-27 18:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-03-11 14:19 - 2014-12-27 18:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-03-11 14:10 - 2009-07-14 15:34 - 00000478 _____ () C:\Windows\win.ini
    2015-03-11 14:09 - 2014-12-28 03:06 - 00000000 ____D () C:\Windows\system32\MRT
    2015-03-08 13:06 - 2015-01-24 10:54 - 00000000 ____D () C:\Users\SiKPupE\AppData\Roaming\dvdcss
    2015-03-07 17:40 - 2014-12-27 14:55 - 00000000 ____D () C:\ProgramData\ProductData
    2015-03-07 14:17 - 2015-01-01 20:09 - 00000000 ____D () C:\Users\SiKPupE\AppData\Local\SKIDROW
    2015-03-07 13:55 - 2014-12-27 13:13 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
    2015-03-05 20:45 - 2009-07-14 15:34 - 78118912 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
    2015-03-05 20:45 - 2009-07-14 15:34 - 22282240 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
    2015-03-05 20:45 - 2009-07-14 15:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY_tureg_old
    2015-03-05 20:43 - 2009-07-14 15:34 - 46923776 _____ () C:\Windows\system32\config\COMPONENTS_tureg_old
    2015-03-05 20:43 - 2009-07-14 15:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
    2015-03-05 20:43 - 2009-07-14 15:34 - 00262144 _____ () C:\Windows\system32\config\SAM_tureg_old
    2015-03-05 13:28 - 2014-12-27 14:40 - 00000000 ____D () C:\ProgramData\Temp
    2015-03-03 10:59 - 2015-02-04 19:03 - 00000000 ____D () C:\ProgramData\CanonIJPLM
    2015-03-02 15:03 - 2015-01-08 19:46 - 00000000 ____D () C:\Program Files\Common Files\VST2
    2015-03-02 15:00 - 2015-01-08 19:43 - 00000000 ____D () C:\Program Files\Image-Line
    2015-02-27 20:32 - 2014-12-27 15:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-27 20:32 - 2014-12-27 15:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-26 17:02 - 2015-02-04 19:04 - 00000000 ____D () C:\Users\SiKPupE\AppData\Roaming\Canon
    2015-02-26 16:20 - 2015-02-20 19:08 - 00003682 _____ () C:\Windows\System32\Tasks\klcp_update
    2015-02-24 19:20 - 2014-12-27 11:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-02-23 19:45 - 2015-01-07 20:07 - 00000000 ____D () C:\Users\SiKPupE\AppData\Local\Windows Live

    ==================== Files in the root of some directories =======

    2015-03-12 12:37 - 2015-01-27 11:40 - 0000226 _____ () C:\Program Files (x86)\update-DyingLight.bat
    2015-03-12 12:37 - 2014-05-25 14:38 - 0000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
    2015-03-06 19:44 - 2015-03-06 19:44 - 0099384 _____ () C:\Users\SiKPupE\AppData\Roaming\inst.exe
    2015-03-06 19:44 - 2015-03-06 19:44 - 0007859 _____ () C:\Users\SiKPupE\AppData\Roaming\pcouffin.cat
    2015-03-06 19:44 - 2015-03-06 19:44 - 0001167 _____ () C:\Users\SiKPupE\AppData\Roaming\pcouffin.inf
    2015-03-06 19:44 - 2015-03-06 19:44 - 0000055 _____ () C:\Users\SiKPupE\AppData\Roaming\pcouffin.log
    2015-03-06 19:44 - 2015-03-06 19:44 - 0082816 _____ (VSO Software) C:\Users\SiKPupE\AppData\Roaming\pcouffin.sys
    2015-02-25 18:36 - 2015-02-25 18:36 - 0003584 _____ () C:\Users\SiKPupE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-12-27 13:26 - 2014-12-27 13:26 - 0094552 _____ () C:\ProgramData\1419640013.bdinstall.bin
    2015-01-23 14:04 - 2015-01-23 14:04 - 0000057 _____ () C:\ProgramData\Ament.ini

    Some content of TEMP:
    ====================
    C:\Users\SiKPupE\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\SiKPupE\AppData\Local\Temp\Quarantine.exe
    C:\Users\SiKPupE\AppData\Local\Temp\sqlite3.dll
    C:\Users\SiKPupE\AppData\Local\Temp\unins000.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-15 16:19

    ==================== End Of Log ============================

    Thanks
     
  4. SiKPupE

    SiKPupE Thread Starter

    Joined:
    Sep 19, 2007
    Messages:
    34
    Hi.

    Good news. A workmate was pretty clued up on pc's, level 7. He looked at it today and has fixed the problem. Not sure how but he said he had come across this before.

    Thank you for your time.

    Regards Mike.E (SiKPupE)
     
  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Glad to hear it has been straightened out.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1145355

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice