Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-10-2015 Ran by Living Room (administrator) on LIVINGROOM-PC (03-10-2015 17:22:34) Running from C:\Users\Living Room\Downloads Loaded Profiles: Living Room (Available Profiles: Living Room & Ad & Mcx1-LIVINGROOM-PC & Administrator) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe () C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (Microsoft Corporation) C:\Windows\System32\Locator.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe (Skillbrains) C:\Users\Living Room\AppData\Local\Skillbrains\lightshot\5.1.4.17\Lightshot.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe () C:\Program Files\RealNetworks\RealDownloader\downloader2.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [286984 2015-09-25] (RealNetworks, Inc.) HKLM\...\Run: [RealDownloader] => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [598800 2015-09-16] () HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION HKLM Group Policy restriction on software: ** <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\spotify\spotify.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\spotify\spotify.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\spotify\spotifylauncher.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\spotify\spotify.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\spotify\spotifylauncher.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\spotify\spotifylauncher.exe <====== ATTENTION HKU\S-1-5-21-21828565-3005677120-1819634571-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd) HKU\S-1-5-21-21828565-3005677120-1819634571-1001\...\Run: [LightShot] => C:\Users\Living Room\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] () HKU\S-1-5-21-21828565-3005677120-1819634571-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-21828565-3005677120-1819634571-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2014-03-07] ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-03-19] ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-09-25] ShortcutTarget: RealTimes.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{4452C8C3-009C-4145-B7DA-90690DDE7A84}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-21828565-3005677120-1819634571-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-21828565-3005677120-1819634571-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={953BCC7F-03AA-4A4E-8AD2-6776E5C1B116}&mid=d162516e7ece47d6853fd16b2e84a5ca-9a17500a96d428a5cdb8b2643968b9a928fc107f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-04 10:40:06&v=4.1.6.294&pid=wtu&sg=&sap=hp BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-09-16] (RealDownloader) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-16] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-16] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Living Room\AppData\Roaming\Mozilla\Firefox\Profiles\hmjuqv4s.default-1442416687431 FF Homepage: www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-27] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-16] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-03-08] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ [2015-04-15] () FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @Motive.com/NpMotive,version=1.1 -> C:\Program Files\ATT\8.5.0.48\ma\bin\npMotive.dll [2015-01-22] (Alcatel-Lucent) FF Plugin: @Motive.com/npMotiveRequest,version=1.1 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2014-08-27] (Alcatel-Lucent) FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll [2012-10-30] (Nitro PDF) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation) FF Plugin: @real.com/nppl3260;version=18.1.0.1236 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2015-09-25] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2012-08-27] (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-27] (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-27] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=18.1.0.1236 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2015-09-25] (RealTimes) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File] FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-12-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-12-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-12-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-12-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-12-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-12-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-12-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2012-08-27] (RealNetworks, Inc.) FF Extension: Play Pickle TextLinks - C:\Users\Living Room\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com [2011-09-19] FF Extension: Greasemonkey - C:\Users\Living Room\AppData\Roaming\Mozilla\Firefox\Profiles\hmjuqv4s.default-1442416687431\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-10-01] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-10-02] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\swiki_li@swiki.com.xpi [2015-10-02] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-10-02] FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4 => not found FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-03-08] FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext Chrome: ======= CHR Profile: C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-09] CHR Extension: (Google Docs) - C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-09] CHR Extension: (Google Drive) - C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-09] CHR Extension: (YouTube) - C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-09] CHR Extension: (Google Search) - C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-09] CHR Extension: (Google Sheets) - C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-09] CHR Extension: (Google Docs Offline) - C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03] CHR Extension: (Pin It Button) - C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-18] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-06-10] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-06] CHR Extension: (Facebook GIF Button) - C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdfmeimafcmmefpiebpeodknddagimg [2015-09-12] CHR Extension: (Gmail) - C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-09] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-07-23] CHR HKLM\...\Chrome\Extension: [kofilaoejfjbjfopdnckahcidedndnln] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2015-04-08] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.) R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.) S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2014-09-16] (NVIDIA Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] () R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed] R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2012-10-30] (Nitro PDF Software) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18044744 2014-09-16] (NVIDIA Corporation) R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2014-09-10] (Alcatel-Lucent) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed] R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1103656 2015-09-25] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-09-16] () R2 RealTimes Desktop Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1103656 2015-09-25] (RealNetworks, Inc.) R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [163576 2015-08-04] (RaMMicHaeL) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-09-11] () ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1564160 2010-10-11] (Atheros Communications, Inc.) [File not signed] R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [250800 2015-08-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [222640 2015-08-19] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [189872 2015-08-04] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [230832 2015-08-04] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies) R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-05-13] (BlueStack Systems) S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-02] (Avanquest Software) [File not signed] S3 D-Vitec; C:\Windows\System32\DRIVERS\dvitdcnt.sys [281344 2012-07-26] (D-vitec) R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32928 2014-09-04] (NVIDIA Corporation) S3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16384 2003-01-10] (Primax Electronics Ltd.) S3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [9216 2003-02-11] (Primax Electronics Ltd.) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed] R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation) S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [106752 2011-01-13] (ZTE Incorporated) S3 catchme; \??\C:\Users\LIVING~1\AppData\Local\Temp\catchme.sys [X] S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-03 17:22 - 2015-10-03 17:23 - 00037393 _____ C:\Users\Living Room\Downloads\FRST.txt 2015-10-03 17:20 - 2015-10-03 17:20 - 01697280 _____ (Farbar) C:\Users\Living Room\Downloads\FRST.exe 2015-10-03 09:05 - 2015-10-03 09:06 - 00000184 _____ C:\Users\Living Room\Desktop\OTL Forum 3 days.url 2015-10-02 22:33 - 2015-10-02 23:51 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-10-01 19:19 - 2015-10-01 19:19 - 00006324 _____ C:\Users\Living Room\Downloads\MunzeeMap.user.js 2015-10-01 09:11 - 2015-10-01 09:13 - 00000184 _____ C:\Users\Living Room\Desktop\eula.txt 2015-10-01 09:11 - 2015-10-01 09:11 - 00000061 _____ C:\Users\Living Room\Desktop\server.properties 2015-09-29 22:25 - 2015-09-29 22:26 - 00042911 _____ C:\Users\Living Room\Downloads\MTB.txt 2015-09-27 14:23 - 2015-09-27 18:28 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-09-27 14:23 - 2015-09-27 18:28 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-09-26 21:42 - 2015-09-26 21:42 - 00034663 _____ C:\Users\Living Room\Desktop\2 results - TinEye.html 2015-09-26 21:42 - 2015-09-26 21:42 - 00000000 ____D C:\Users\Living Room\Desktop\2 results - TinEye_files 2015-09-25 17:13 - 2015-09-25 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sun 2015-09-25 17:13 - 2015-09-25 17:13 - 00000000 ____D C:\Users\Administrator\.oracle_jre_usage 2015-09-25 11:54 - 2015-09-25 11:54 - 00000000 ____D C:\ProgramData\RealNetworks 2015-09-25 11:54 - 2015-09-25 11:54 - 00000000 ____D C:\Program Files\RealNetworks 2015-09-25 06:36 - 2015-09-25 06:36 - 195253562 _____ C:\Users\Living Room\Documents\clip0100.avi 2015-09-25 06:34 - 2015-09-25 06:35 - 227530360 _____ C:\Users\Living Room\Documents\clip0099.avi 2015-09-25 06:28 - 2015-09-25 06:34 - 1888715760 _____ C:\Users\Living Room\Documents\clip0098.avi 2015-09-25 06:26 - 2015-09-25 06:27 - 447741690 _____ C:\Users\Living Room\Documents\clip0097.avi 2015-09-25 06:03 - 2015-09-25 06:03 - 02260030 _____ C:\Users\Living Room\Documents\clip0096.avi 2015-09-25 06:00 - 2015-09-25 06:03 - 674815948 _____ C:\Users\Living Room\Documents\clip0095.avi 2015-09-21 21:41 - 2015-09-21 21:41 - 01064645 _____ C:\Users\Living Room\Downloads\mhv_ISBELL_20150921_2140.txt 2015-09-20 02:31 - 2015-09-20 02:31 - 00000000 ____D C:\Users\Living Room\AppData\Local\CEF 2015-09-17 11:46 - 2015-09-17 11:46 - 00000659 _____ C:\Users\Living Room\Desktop\reset tcpip win 10.txt 2015-09-16 22:10 - 2015-09-17 00:16 - 00000000 ____D C:\Users\Living Room\Desktop\09 16 2015 S4 pics 2015-09-16 11:42 - 2015-09-16 11:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-09-16 11:36 - 2015-09-16 11:36 - 00000000 ____D C:\Program Files\Common Files\Java 2015-09-16 11:35 - 2015-09-16 11:35 - 00000000 ____D C:\Users\Living Room\AppData\Roaming\Sun 2015-09-16 11:35 - 2015-09-16 11:35 - 00000000 ____D C:\Users\Living Room\.oracle_jre_usage 2015-09-16 11:34 - 2015-09-16 11:34 - 00000000 ____D C:\Users\Living Room\AppData\LocalLow\Oracle 2015-09-16 11:33 - 2015-09-16 11:33 - 00584288 _____ (Oracle Corporation) C:\Users\Living Room\Downloads\jre-8u60-windows-i586-iftw.exe 2015-09-14 09:13 - 2015-09-14 09:13 - 00000171 _____ C:\Users\Living Room\Desktop\barbacoa tacos.url 2015-09-09 10:32 - 2015-09-09 10:32 - 00000594 _____ C:\Users\Living Room\Downloads\-5767236276.asx 2015-09-09 00:37 - 2015-09-09 00:37 - 00000344 _____ C:\Users\Living Room\Desktop\CODES.txt 2015-09-06 21:58 - 2015-09-06 21:58 - 00000159 _____ C:\Users\Living Room\Desktop\OTL Forum.url 2015-09-06 21:25 - 2015-09-06 21:25 - 00135896 _____ C:\Users\Living Room\Downloads\OTL.Txt 2015-09-06 21:25 - 2015-09-06 21:25 - 00083288 _____ C:\Users\Living Room\Downloads\Extras.Txt 2015-09-06 21:01 - 2015-09-06 21:01 - 00602112 _____ (OldTimer Tools) C:\Users\Living Room\Downloads\OTL.exe 2015-09-06 11:20 - 2015-09-06 11:20 - 00000038 _____ C:\Users\Living Room\Downloads\listen (1).ram 2015-09-06 11:19 - 2015-09-06 11:19 - 00000038 _____ C:\Users\Living Room\Downloads\listen.ram 2015-09-05 00:26 - 2015-09-05 00:30 - 860861470 _____ C:\Users\Living Room\Documents\clip0094.avi 2015-09-05 00:26 - 2015-09-05 00:26 - 07850026 _____ C:\Users\Living Room\Documents\clip0093.avi ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-03 17:22 - 2013-12-22 13:34 - 00000000 ____D C:\FRST 2015-10-03 17:21 - 2013-01-08 19:47 - 00000000 ____D C:\Users\Living Room\AppData\Local\CrashDumps 2015-10-03 17:00 - 2009-07-14 00:34 - 00026144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-03 17:00 - 2009-07-14 00:34 - 00026144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-03 16:28 - 2011-03-22 10:06 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-03 12:31 - 2011-03-07 08:01 - 00000000 ____D C:\ProgramData\MFAData 2015-10-03 04:18 - 2015-06-09 07:26 - 01988690 ____N C:\Windows\WindowsUpdate.log 2015-10-02 23:51 - 2015-04-25 13:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-10-02 10:47 - 2013-08-23 11:58 - 00000000 ____D C:\Users\Living Room\AppData\Roaming\Nitro PDF 2015-10-02 10:43 - 2011-03-06 20:50 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-30 13:08 - 2013-07-07 13:56 - 00000000 ____D C:\Users\Living Room\Desktop\Bobs stuff 2015-09-29 22:49 - 2012-07-04 14:14 - 00000000 ____D C:\Temp 2015-09-29 22:47 - 2011-03-08 04:19 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-29 22:47 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-29 22:46 - 2013-12-21 01:28 - 00000000 ____D C:\AdwCleaner 2015-09-29 21:10 - 2014-09-26 15:45 - 00000000 ____D C:\Users\Living Room\Desktop\Minecraft Server 2015-09-28 19:11 - 2014-10-23 22:56 - 00000000 ____D C:\Users\Living Room\Desktop\Camera 10232014 2015-09-28 19:08 - 2015-03-31 09:10 - 00000000 ____D C:\Users\Living Room\Desktop\Camera 32 2015-09-27 18:28 - 2014-10-12 15:27 - 00000000 ____D C:\Users\Living Room\AppData\Local\Adobe 2015-09-25 17:43 - 2015-03-10 20:38 - 00001787 _____ C:\Users\Administrator\Desktop\420 Hitlist - Shortcut.lnk 2015-09-25 17:13 - 2013-07-04 03:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps 2015-09-25 17:13 - 2013-06-06 09:05 - 00000000 ____D C:\Users\Administrator 2015-09-25 17:08 - 2015-05-04 15:31 - 00094686 _____ C:\Windows\system32\debug.log 2015-09-25 11:56 - 2011-03-08 07:20 - 00000000 ____D C:\Users\Living Room\AppData\Roaming\Real 2015-09-25 11:55 - 2011-12-25 16:48 - 00000000 ____D C:\Users\Living Room\AppData\Roaming\RealNetworks 2015-09-25 11:55 - 2011-03-08 07:20 - 00000000 ____D C:\ProgramData\Real 2015-09-25 11:55 - 2011-03-08 07:20 - 00000000 ____D C:\Program Files\Real 2015-09-25 11:54 - 2014-11-12 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2015-09-25 11:54 - 2013-07-03 13:07 - 00000000 ____D C:\ProgramData\Package Cache 2015-09-25 11:50 - 2012-08-27 13:06 - 00200968 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll 2015-09-25 11:48 - 2012-08-27 13:06 - 00278792 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll 2015-09-25 11:45 - 2012-08-27 13:05 - 00505608 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll 2015-09-24 16:44 - 2012-01-18 00:35 - 00000000 ____D C:\Users\Living Room\AppData\Roaming\.minecraft 2015-09-17 09:27 - 2015-04-25 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-09-16 16:23 - 2011-03-22 10:06 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-16 13:27 - 2011-03-22 10:06 - 00000000 ____D C:\Users\Living Room\AppData\Local\Google 2015-09-16 12:14 - 2011-12-05 16:50 - 00000000 ____D C:\Users\Living Room\AppData\Local\Unity 2015-09-16 12:03 - 2012-01-16 20:47 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-09-16 11:55 - 2013-06-12 11:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-09-16 11:55 - 2012-03-14 22:27 - 00000000 ____D C:\Program Files\SAMSUNG 2015-09-16 11:52 - 2012-05-26 20:16 - 00000000 ____D C:\Users\Living Room\AppData\Local\Deployment 2015-09-16 11:50 - 2012-05-03 04:43 - 00000000 ____D C:\Program Files\VideoLAN 2015-09-16 11:49 - 2012-09-15 00:10 - 00000000 ____D C:\Program Files\QuickTime 2015-09-16 11:48 - 2014-11-10 17:01 - 00000000 ____D C:\ProgramData\Unchecky 2015-09-16 11:41 - 2011-06-19 08:41 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-09-16 11:41 - 2011-03-08 07:10 - 00000000 ____D C:\ProgramData\Adobe 2015-09-16 11:41 - 2011-03-08 07:10 - 00000000 ____D C:\Program Files\Adobe 2015-09-16 11:37 - 2015-03-18 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-09-16 11:37 - 2011-03-08 14:29 - 00000000 ____D C:\Program Files\Java 2015-09-16 11:35 - 2015-03-18 16:05 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-09-16 11:35 - 2011-03-06 20:47 - 00000000 ____D C:\Users\Living Room 2015-09-16 11:18 - 2013-07-08 12:09 - 00000000 ____D C:\Users\Living Room\Desktop\Old Firefox Data 2015-09-13 22:19 - 2012-08-27 13:05 - 00353856 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll 2015-09-11 09:12 - 2015-05-04 10:39 - 00000000 ____D C:\Program Files\AVG Web TuneUp 2015-09-10 11:23 - 2015-06-25 07:39 - 00000000 ____D C:\Users\Living Room\AppData\Roaming\chess-a9dc726e4b1d8c5fcc67d388cfc44d40 2015-09-10 11:19 - 2015-06-14 19:58 - 00000000 ____D C:\Program Files\Opera 2015-09-10 11:18 - 2015-06-14 19:59 - 00000000 ____D C:\Users\Living Room\AppData\Roaming\Opera Software 2015-09-10 11:18 - 2015-06-14 19:59 - 00000000 ____D C:\Users\Living Room\AppData\Local\Opera Software ==================== Files in the root of some directories ======= 2012-05-01 09:43 - 2012-05-01 09:43 - 3993600 _____ () C:\Program Files\GUTA6D2.tmp 2013-09-12 15:49 - 2013-12-08 21:52 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml 2011-07-19 21:50 - 2011-09-12 14:55 - 0001285 _____ () C:\Users\Living Room\AppData\Roaming\WebThread.log 2011-12-03 00:46 - 2015-03-25 12:56 - 0009216 _____ () C:\Users\Living Room\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-01-25 13:24 - 2013-01-25 13:24 - 0000853 _____ () C:\Users\Living Room\AppData\Local\recently-used.xbel 2011-05-14 13:59 - 2013-12-10 08:28 - 0007607 _____ () C:\Users\Living Room\AppData\Local\resmon.resmoncfg 2012-03-23 09:27 - 2012-03-23 09:27 - 0000003 _____ () C:\Users\Living Room\AppData\Local\updater.log 2012-03-23 09:27 - 2014-10-08 11:24 - 0001148 _____ () C:\Users\Living Room\AppData\Local\UserProducts.xml 2011-08-10 22:19 - 2011-08-10 22:19 - 0000053 _____ () C:\ProgramData\lxdd ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-10-01 00:08 ==================== End of FRST.txt ============================