Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01 Ran by Devan (administrator) on SHIZNIT (28-09-2015 13:29:33) Running from C:\Users\Devan\Downloads Loaded Profiles: Devan (Available Profiles: Devan) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (WildTangent, Inc.) C:\Windows\Temp\nso25A2.tmp\Deleted\GamesAppService.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA Corporation) HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-06-26] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-16] (Alcor Micro Corp.) HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA) HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA) HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-28] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55357464 2015-09-04] (Skype Technologies S.A.) HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\Run: [GoogleChromeAutoLaunch_B2901D6D3EBB18EBD73152F642960645] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-18] (Google Inc.) HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation) HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd) HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\MountPoints2: {05f9bc36-6104-11e4-8250-806e6f6e6963} - "Explorer.exe" monitor.htm ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 64.59.176.15 64.59.177.227 Tcpip\..\Interfaces\{1D4AD5C3-2E4E-4E8D-8D62-583CCBE4047A}: [DhcpNameServer] 64.59.176.15 64.59.177.227 Tcpip\..\Interfaces\{BCD48357-7DEE-4F1A-BE58-034BE4875ED2}: [DhcpNameServer] 64.59.176.15 64.59.177.227 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-3712499783-581391182-1704282419-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/ HKU\S-1-5-21-3712499783-581391182-1704282419-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com HKU\S-1-5-21-3712499783-581391182-1704282419-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.toshiba.ca/welcome/?w=23 SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = SearchScopes: HKU\S-1-5-21-3712499783-581391182-1704282419-1001 -> DefaultScope {C270FC5A-F365-471E-8A38-71B68BD29810} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=bd06d34c26914dab8789d0db21e101f8&tu=10GAy00Jj2D30q0&sku=&tstsId=&ver=&&r=46 SearchScopes: HKU\S-1-5-21-3712499783-581391182-1704282419-1001 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = SearchScopes: HKU\S-1-5-21-3712499783-581391182-1704282419-1001 -> {C270FC5A-F365-471E-8A38-71B68BD29810} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=bd06d34c26914dab8789d0db21e101f8&tu=10GAy00Jj2D30q0&sku=&tstsId=&ver=&&r=46 BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH) BHO-x32: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll [2014-02-26] (Check Point Software Technologies LTD) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH) Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-24] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-24] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2015-09-27] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-14] CHR Extension: (Google Docs) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-14] CHR Extension: (Google Drive) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-14] CHR Extension: (YouTube) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-14] CHR Extension: (Google Search) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-14] CHR Extension: (Google Sheets) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-14] CHR Extension: (Avira Browser Safety) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-07-14] CHR Extension: (Google Docs Offline) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-26] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-14] CHR Extension: (Chrome Web Store Payments) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-14] CHR Extension: (Gmail) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-14] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed] S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-28] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-28] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-28] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-28] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG) R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] () R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-09-27] (WildTangent) R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] () S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH) S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices) R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-08-28] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-08-28] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-17] (Avira Operations GmbH & Co. KG) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-04-16] (Symantec Corporation) S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-04-16] (Symantec Corporation) [File not signed] S3 iscFlash; c:\UBIOS\iscflashx64.sys [60680 2013-02-25] (Insyde Software) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation ) R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-03-14] (Synaptics Incorporated) R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider) R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450456 2014-07-23] (Check Point Software Technologies Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-28 13:29 - 2015-09-28 13:30 - 00018940 _____ C:\Users\Devan\Downloads\FRST.txt 2015-09-28 13:28 - 2015-09-28 13:29 - 00000000 ____D C:\FRST 2015-09-28 13:23 - 2015-09-28 13:24 - 02192384 _____ (Farbar) C:\Users\Devan\Downloads\FRST64.exe 2015-09-27 23:28 - 2015-09-27 23:28 - 00000000 ____D C:\ProgramData\BlueStacks 2015-09-27 23:25 - 2015-09-27 23:25 - 00000077 _____ C:\WINDOWS\setupact.log 2015-09-27 23:25 - 2015-09-27 23:25 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-09-27 23:23 - 2015-09-27 23:23 - 00000436 _____ C:\WINDOWS\PFRO.log 2015-09-27 22:23 - 2015-09-27 22:23 - 00002788 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2015-09-27 22:23 - 2015-09-27 22:23 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-09-27 22:23 - 2015-09-27 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-09-27 22:23 - 2015-09-27 22:23 - 00000000 ____D C:\Program Files\CCleaner 2015-09-27 22:22 - 2015-09-27 22:22 - 06677440 _____ (Piriform Ltd) C:\Users\Devan\Downloads\ccsetup510.exe 2015-09-27 22:07 - 2015-09-27 22:10 - 00000000 ____D C:\WINDOWS\LastGood 2015-09-27 22:07 - 2015-09-27 22:07 - 00000000 ____D C:\Program Files\IDT 2015-09-27 22:07 - 2013-08-16 05:21 - 06101504 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll 2015-09-27 22:07 - 2013-08-16 05:21 - 01897984 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl 2015-09-27 22:05 - 2015-09-27 22:05 - 00000000 ____D C:\Users\Devan\AppData\Local\Downloaded Installations 2015-09-27 22:05 - 2015-09-27 22:05 - 00000000 ____D C:\ProgramData\SRS Labs 2015-09-27 22:05 - 2015-09-27 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS, Inc 2015-09-27 22:05 - 2015-09-27 22:05 - 00000000 ____D C:\Program Files (x86)\DTS, Inc 2015-09-27 21:56 - 2015-09-27 21:56 - 00000000 ____D C:\Program Files (x86)\Cisco 2015-09-27 21:54 - 2015-09-27 21:54 - 00000000 ____D C:\Program Files (x86)\Realtek 2015-09-27 21:17 - 2015-09-27 21:17 - 00000000 ____D C:\Users\Devan\AppData\Local\AppEx Networks 2015-09-27 21:17 - 2015-09-27 21:17 - 00000000 ____D C:\ProgramData\ATI 2015-09-27 21:08 - 2015-09-27 21:08 - 00000000 ____D C:\UBIOS 2015-09-26 03:42 - 2015-09-26 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream 2015-09-26 03:42 - 2015-09-26 03:42 - 00000000 ____D C:\Program Files\AMD Quick Stream 2015-09-26 03:42 - 2013-04-18 07:04 - 00219360 _____ (AppEx Networks Corporation) C:\WINDOWS\system32\Drivers\appexDrv.sys 2015-09-26 03:41 - 2015-09-26 03:41 - 00055499 _____ C:\WINDOWS\SysWOW64\CCCInstall_201509260341366778.log 2015-09-26 03:41 - 2015-09-26 03:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-09-26 03:41 - 2015-09-26 03:41 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2015-09-26 03:38 - 2015-09-27 21:05 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-09-26 03:36 - 2013-08-30 20:14 - 00156712 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll 2015-09-26 03:36 - 2013-08-30 20:14 - 00141256 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll 2015-09-26 03:36 - 2013-08-30 20:14 - 00097984 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll 2015-09-26 03:36 - 2013-08-30 20:14 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2015-09-26 03:36 - 2013-08-30 20:14 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2015-09-26 03:36 - 2013-08-30 20:14 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2015-09-26 03:36 - 2013-08-30 20:14 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2015-09-26 03:36 - 2013-08-30 20:13 - 06189416 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll 2015-09-26 03:36 - 2013-08-30 20:13 - 06176008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll 2015-09-26 03:36 - 2013-08-30 20:11 - 12528640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys 2015-09-26 03:36 - 2013-08-30 20:05 - 00781312 _____ C:\WINDOWS\system32\amdmiracast.dll 2015-09-26 03:36 - 2013-08-30 19:48 - 00229376 _____ C:\WINDOWS\system32\clinfo.exe 2015-09-26 03:36 - 2013-08-30 19:48 - 00127488 _____ (AMD) C:\WINDOWS\system32\coinst_13.152.dll 2015-09-26 03:36 - 2013-08-30 19:47 - 28192256 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll 2015-09-26 03:36 - 2013-08-30 19:47 - 00098816 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OpenVideo64.dll 2015-09-26 03:36 - 2013-08-30 19:47 - 00086528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OVDecode64.dll 2015-09-26 03:36 - 2013-08-30 19:47 - 00083456 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OpenVideo.dll 2015-09-26 03:36 - 2013-08-30 19:47 - 00073216 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OVDecode.dll 2015-09-26 03:36 - 2013-08-30 19:45 - 23760896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll 2015-09-26 03:36 - 2013-08-30 19:43 - 00063488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2015-09-26 03:36 - 2013-08-30 19:43 - 00057344 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2015-09-26 03:36 - 2013-08-30 19:35 - 25387520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll 2015-09-26 03:36 - 2013-08-30 19:18 - 00530824 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb 2015-09-26 03:36 - 2013-08-30 19:18 - 00530824 _____ C:\WINDOWS\system32\atiapfxx.blb 2015-09-26 03:36 - 2013-08-30 19:18 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2015-09-26 03:36 - 2013-08-30 19:18 - 00062464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll 2015-09-26 03:36 - 2013-08-30 19:18 - 00055808 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll 2015-09-26 03:36 - 2013-08-30 19:18 - 00052224 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll 2015-09-26 03:36 - 2013-08-30 19:18 - 00049152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll 2015-09-26 03:36 - 2013-08-30 19:17 - 15716352 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll 2015-09-26 03:36 - 2013-08-30 19:14 - 21400064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll 2015-09-26 03:36 - 2013-08-30 19:14 - 14302208 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll 2015-09-26 03:36 - 2013-08-30 19:04 - 03388672 _____ C:\WINDOWS\system32\atiumd6a.cap 2015-09-26 03:36 - 2013-08-30 18:59 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2015-09-26 03:36 - 2013-08-30 18:58 - 00571904 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2015-09-26 03:36 - 2013-08-30 18:58 - 00026112 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2015-09-26 03:36 - 2013-08-30 18:57 - 00239616 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2015-09-26 03:36 - 2013-08-30 18:56 - 00190976 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll 2015-09-26 03:36 - 2013-08-30 18:50 - 03422720 _____ C:\WINDOWS\SysWOW64\atiumdva.cap 2015-09-26 03:36 - 2013-08-30 18:37 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2015-09-26 03:36 - 2013-08-30 18:37 - 00090624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2015-09-26 03:36 - 2013-08-30 18:37 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2015-09-26 03:36 - 2013-08-30 18:37 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2015-09-26 03:36 - 2013-08-30 18:35 - 00134656 _____ C:\WINDOWS\system32\amdhdl64.dll 2015-09-26 03:36 - 2013-08-30 18:34 - 00123392 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll 2015-09-26 03:36 - 2013-08-30 18:33 - 00784384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2015-09-26 03:36 - 2013-08-30 18:33 - 00594944 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2015-09-26 03:36 - 2013-08-30 18:33 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll 2015-09-26 03:36 - 2013-08-30 18:33 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll 2015-09-26 03:36 - 2013-08-30 18:32 - 00618496 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys 2015-09-26 03:36 - 2013-08-30 18:32 - 00100352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2015-09-26 03:36 - 2013-08-30 18:32 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2015-09-26 03:36 - 2013-08-30 18:32 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll 2015-09-26 03:36 - 2013-08-30 18:32 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll 2015-09-26 03:36 - 2013-08-27 15:06 - 00233652 _____ C:\WINDOWS\system32\ativvaxy_cik.dat 2015-09-26 03:36 - 2013-08-27 13:27 - 00082336 _____ C:\WINDOWS\system32\ativce02.dat 2015-09-26 03:36 - 2013-08-07 13:22 - 00716208 _____ C:\WINDOWS\system32\atiicdxx.dat 2015-09-26 03:36 - 2013-08-07 11:12 - 00231984 _____ C:\WINDOWS\system32\ativvaxy_cik_nd.dat 2015-09-26 03:36 - 2013-05-04 15:22 - 00047164 _____ C:\WINDOWS\atiogl.xml 2015-09-26 00:36 - 2015-09-26 00:36 - 00000000 ____D C:\Users\Devan\AppData\Roaming\WinBatch 2015-09-26 00:15 - 2015-09-26 00:15 - 00002050 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk 2015-09-21 23:00 - 2015-09-21 23:00 - 00000000 ____D C:\Users\Devan\AppData\Local\Adobe 2015-09-12 13:15 - 2015-09-12 13:15 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-09-12 13:15 - 2015-09-12 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-09-08 18:42 - 2015-09-02 22:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2015-09-08 18:42 - 2015-09-02 22:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2015-09-08 18:42 - 2015-09-02 14:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2015-09-08 18:42 - 2015-09-02 13:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2015-09-08 18:42 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll 2015-09-08 18:42 - 2015-07-22 09:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2015-09-08 18:42 - 2015-07-17 10:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2015-09-08 18:42 - 2015-07-17 10:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2015-09-08 18:42 - 2015-07-03 17:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2015-09-08 18:42 - 2015-07-03 10:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2015-09-08 18:42 - 2015-06-27 07:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe 2015-09-08 18:41 - 2015-07-13 15:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml 2015-09-08 18:41 - 2015-07-09 12:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-09-08 18:41 - 2015-06-19 13:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-09-08 18:10 - 2015-08-26 22:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-09-08 18:10 - 2015-08-26 14:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-09-08 18:10 - 2015-08-26 14:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-09-08 18:10 - 2015-08-26 14:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-09-08 18:10 - 2015-08-26 14:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-09-08 18:10 - 2015-08-26 10:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-09-08 18:10 - 2015-08-26 10:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-09-08 18:10 - 2015-08-26 10:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-09-08 18:10 - 2015-08-26 10:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-09-08 18:10 - 2015-08-26 10:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-09-08 18:10 - 2015-08-26 10:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-09-08 18:10 - 2015-08-26 10:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-09-08 18:10 - 2015-08-22 14:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-09-08 18:10 - 2015-08-22 13:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-09-08 18:10 - 2015-07-30 13:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll 2015-09-08 18:10 - 2015-07-30 12:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll 2015-09-08 18:09 - 2015-08-22 13:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-09-08 18:09 - 2015-08-22 13:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-09-08 18:09 - 2015-08-22 13:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-09-08 18:09 - 2015-08-22 13:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-09-08 18:09 - 2015-08-22 12:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-09-08 18:09 - 2015-08-22 12:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-09-08 18:09 - 2015-08-22 12:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-09-08 18:09 - 2015-08-22 12:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-09-08 18:09 - 2015-08-22 12:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-09-08 18:09 - 2015-08-22 12:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-09-08 18:09 - 2015-08-22 12:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-09-08 18:09 - 2015-08-22 12:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-09-08 18:09 - 2015-08-22 12:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-09-08 18:09 - 2015-08-22 12:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-09-08 18:09 - 2015-08-22 12:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-09-08 18:09 - 2015-08-22 12:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-09-08 18:09 - 2015-08-22 12:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-09-08 18:09 - 2015-08-22 12:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-09-08 18:09 - 2015-08-22 12:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-09-08 18:09 - 2015-08-22 12:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-09-08 18:09 - 2015-08-22 12:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-09-08 18:09 - 2015-08-22 12:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-09-08 18:09 - 2015-08-22 12:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-09-08 18:09 - 2015-08-22 12:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-09-08 18:09 - 2015-08-22 12:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-09-08 18:09 - 2015-08-22 11:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-09-08 18:09 - 2015-08-22 11:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-09-08 18:08 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-09-08 18:08 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-09-08 18:08 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-09-08 18:08 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-09-08 18:08 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-09-08 18:08 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll 2015-09-08 18:08 - 2015-08-03 17:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll 2015-09-08 18:08 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll 2015-09-08 18:08 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe 2015-09-08 18:08 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe 2015-09-08 18:08 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2015-09-08 18:08 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe 2015-09-08 18:08 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe 2015-09-08 18:08 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-09-08 18:08 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2015-09-08 18:08 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-09-08 18:08 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2015-09-08 18:08 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2015-09-08 18:08 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2015-09-08 18:08 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2015-09-08 18:08 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2015-09-08 18:08 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe 2015-08-31 03:44 - 2015-09-07 23:29 - 00001161 _____ C:\Users\Public\Desktop\Avira Launcher.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-28 13:24 - 2014-10-31 18:51 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7D973A59-42C4-44B7-8470-D096E850F37B} 2015-09-28 13:21 - 2014-10-31 09:47 - 01858025 _____ C:\WINDOWS\WindowsUpdate.log 2015-09-28 06:30 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-09-28 00:22 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-09-28 00:15 - 2015-07-14 21:48 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-28 00:15 - 2015-07-14 21:48 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-27 23:29 - 2013-12-18 19:04 - 00000000 ____D C:\Program Files (x86)\WildTangent Games 2015-09-27 23:28 - 2015-04-01 15:36 - 00003474 _____ C:\WINDOWS\System32\Tasks\Driver Support 2015-09-27 23:27 - 2014-10-31 18:44 - 00000000 ___DO C:\Users\Devan\OneDrive 2015-09-27 23:27 - 2014-05-30 13:01 - 00000000 ____D C:\Users\Devan\AppData\Roaming\Skype 2015-09-27 23:25 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-09-27 23:24 - 2013-08-22 10:44 - 00337840 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-09-27 22:59 - 2014-04-16 16:12 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3712499783-581391182-1704282419-1001 2015-09-27 22:45 - 2015-07-14 21:27 - 00144896 ___SH C:\Users\Devan\Desktop\Thumbs.db 2015-09-27 22:29 - 2014-10-31 13:43 - 00000000 ___DC C:\WINDOWS\Panther 2015-09-27 22:29 - 2014-10-23 10:01 - 00000000 ____D C:\Users\Devan\AppData\Roaming\uTorrent 2015-09-27 22:29 - 2014-06-09 00:07 - 00000000 ____D C:\Users\Devan\AppData\Local\CrashDumps 2015-09-27 22:12 - 2015-04-18 14:53 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-09-27 22:01 - 2013-04-26 04:47 - 00000000 ____D C:\Program Files\TOSHIBA 2015-09-27 21:54 - 2013-04-26 04:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-09-27 21:20 - 2014-06-04 21:19 - 00004346 _____ C:\WINDOWS\System32\Tasks\Driver Support-RTMScan 2015-09-27 21:20 - 2014-06-04 21:19 - 00003780 _____ C:\WINDOWS\System32\Tasks\Driver Support-RTMUpdater 2015-09-27 21:20 - 2014-06-04 21:19 - 00003768 _____ C:\WINDOWS\System32\Tasks\Driver Support-RTMRules 2015-09-27 21:19 - 2014-06-04 21:19 - 00000000 ____D C:\ProgramData\UAB 2015-09-26 20:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-09-26 04:03 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache 2015-09-26 03:41 - 2013-12-18 18:34 - 00000000 ____D C:\ProgramData\AMD 2015-09-26 00:39 - 2013-04-26 04:47 - 00000000 ____D C:\Program Files (x86)\TOSHIBA 2015-09-26 00:38 - 2014-05-16 13:33 - 00000000 ____D C:\ProgramData\Package Cache 2015-09-26 00:15 - 2013-04-26 04:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-09-26 00:10 - 2015-05-06 10:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain 2015-09-26 00:10 - 2015-05-06 10:01 - 00000000 ____D C:\Program Files (x86)\Cain 2015-09-24 02:58 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Registration 2015-09-24 02:57 - 2014-10-31 09:56 - 00000000 ____D C:\Users\Devan 2015-09-24 01:07 - 2015-04-18 14:52 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-09-24 01:07 - 2015-04-18 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-09-24 01:07 - 2015-04-18 14:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-09-24 01:05 - 2014-05-16 13:33 - 00000000 ____D C:\Program Files\Adblock Plus for IE 2015-09-24 00:17 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-09-24 00:10 - 2015-07-14 21:48 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-24 00:10 - 2015-07-14 21:48 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-21 23:02 - 2013-04-26 04:46 - 00000000 ____D C:\ProgramData\Adobe 2015-09-21 23:00 - 2014-04-16 16:05 - 00000000 ____D C:\Users\Devan\AppData\Roaming\Adobe 2015-09-18 00:48 - 2015-07-17 00:10 - 00000000 ____D C:\Users\Devan\AppData\Roaming\OBS 2015-09-18 00:46 - 2015-07-17 00:07 - 00000000 ____D C:\Program Files (x86)\OBS 2015-09-14 21:18 - 2015-03-24 17:10 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-09-14 21:18 - 2015-03-24 17:10 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-12 13:15 - 2014-05-30 13:01 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk 2015-09-12 13:15 - 2014-05-30 13:01 - 00000000 ____D C:\ProgramData\Skype 2015-09-11 19:48 - 2014-09-24 02:53 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-11 19:48 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2015-09-08 20:46 - 2014-05-06 10:11 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-09-07 23:28 - 2015-04-03 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-09-02 00:17 - 2015-07-05 23:15 - 00000000 ____D C:\Users\Devan\AppData\Local\Popcorn-Time ==================== Files in the root of some directories ======= 2014-06-04 22:18 - 2014-06-04 22:18 - 0000042 _____ () C:\Users\Devan\AppData\Roaming\WB.CFG Some files in TEMP: ==================== C:\Users\Devan\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-27 23:51 ==================== End of FRST.txt ============================