Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01 Ran by gerry (administrator) on PC1596 (13-12-2015 11:08:01) Running from C:\My Stuff\secToolz\FRST Loaded Profiles: gerry (Available Profiles: gerry) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Webroot) C:\Program Files\Webroot\WRSA.exe (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer\Bluetooth Suite\AdminService.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (Webroot) C:\Program Files\Webroot\WRSA.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Sysinternals - www.sysinternals.com) C:\My Stuff\SysInternals\TCPView\Tcpview.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe (UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Helge Klein) C:\My Stuff\diskLED\DiskLED.exe (SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Sysinternals - www.sysinternals.com) C:\My Stuff\SysInternals\ProcessExplorer\procexp64.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13874392 2015-01-22] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation) HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [840264 2015-11-20] (Webroot) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134792 2015-11-07] (Check Point Software Technologies Ltd.) HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoShellSearchButton] 0 HKLM\...\Policies\Explorer: [NoFind] 0 HKLM\...\Policies\Explorer: [NoFile] 0 HKLM\...\Policies\Explorer: [HideClock] 0 HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0 HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKLM\...\Policies\Explorer: [NoSetFolders] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoDesktop] 0 HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware) HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4438088 2015-11-25] (UltimateOutsider) HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-353222165-342148677-1426660868-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [133632 2014-11-21] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-12-10] ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-10] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-11-15] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\gerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DiskLED.lnk [2015-10-21] ShortcutTarget: DiskLED.lnk -> C:\My Stuff\diskLED\DiskLED.exe (Helge Klein) Startup: C:\Users\gerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2015-12-09] ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net) BootExecute: autocheck autochk * CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{C1BC16B4-71D8-4812-BBD3-3C1E817A9781}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-353222165-342148677-1426660868-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://encrypted.google.com/ HKU\S-1-5-21-353222165-342148677-1426660868-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-353222165-342148677-1426660868-1001 -> DefaultScope {7B608F1E-4393-40EC-832A-858126154A9F} URL = SearchScopes: HKU\S-1-5-21-353222165-342148677-1426660868-1001 -> {7B608F1E-4393-40EC-832A-858126154A9F} URL = SearchScopes: HKU\S-1-5-21-353222165-342148677-1426660868-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-10] (Webroot) BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-11-04] (Webroot) BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-10] (Webroot) BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-11-04] (Webroot) Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-10] (Webroot) Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-10] (Webroot) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.) FireFox: ======== FF ProfilePath: C:\Users\gerry\AppData\Roaming\Mozilla\Firefox\Profiles\knwr5al0.default FF DefaultSearchEngine.US: Google FF Homepage: hxxps://encrypted.google.com/webhp?hl=en FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\gerry\AppData\Roaming\Mozilla\Firefox\Profiles\knwr5al0.default\searchplugins\McSiteAdvisor.xml [2015-12-13] FF Extension: Bitdefender QuickScan - C:\Users\gerry\AppData\Roaming\Mozilla\Firefox\Profiles\knwr5al0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-10-21] FF Extension: Adblock Plus Pop-up Addon - C:\Users\gerry\AppData\Roaming\Mozilla\Firefox\Profiles\knwr5al0.default\extensions\adblockpopups@jessehakanen.net.xpi [2015-10-21] FF Extension: Disconnect - C:\Users\gerry\AppData\Roaming\Mozilla\Firefox\Profiles\knwr5al0.default\extensions\2.0@disconnect.me.xpi [2015-10-21] FF Extension: NoScript - C:\Users\gerry\AppData\Roaming\Mozilla\Firefox\Profiles\knwr5al0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-11-23] FF Extension: BetterPrivacy - C:\Users\gerry\AppData\Roaming\Mozilla\Firefox\Profiles\knwr5al0.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-11-26] FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23] FF Extension: VTzilla - C:\Users\gerry\AppData\Roaming\Mozilla\Firefox\Profiles\knwr5al0.default\extensions\info@virustotal.com.xpi [2015-12-08] FF Extension: No Name - C:\Users\gerry\AppData\Roaming\Mozilla\Firefox\Profiles\knwr5al0.default\Extensions\donottrackplus@abine.com.xpi [2015-10-21] [not signed] FF Extension: No Name - C:\Users\gerry\AppData\Roaming\Mozilla\Firefox\Profiles\knwr5al0.default\Extensions\firebug@software.joehewitt.com.xpi [2015-10-27] [not signed] FF Extension: Webroot Password Manager - C:\Users\gerry\AppData\Roaming\Mozilla\Firefox\Profiles\knwr5al0.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2015-12-10] FF Extension: Adblock Plus - C:\Users\gerry\AppData\Roaming\Mozilla\Firefox\Profiles\knwr5al0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-26] FF Extension: Adblock Edge - C:\Users\gerry\AppData\Roaming\Mozilla\Firefox\Profiles\knwr5al0.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-12-05] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-11-04] Chrome: ======= CHR HomePage: Default -> hxxps://encrypted.google.com/ CHR StartupUrls: Default -> "hxxps://encrypted.google.com/" CHR Profile: C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-21] CHR Extension: (Google Docs) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-21] CHR Extension: (Google Drive) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-21] CHR Extension: (Adblock Plus) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-25] CHR Extension: (Blur Privacy Dashboard) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjidbdiahninbecbcigapoocbkfncobc [2015-10-21] CHR Extension: (Google Search) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Blur) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2015-11-25] CHR Extension: (Google Sheets) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-21] CHR Extension: (SiteAdvisor) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-10-21] CHR Extension: (HTTPS Everywhere) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-10-21] CHR Extension: (Google Docs Offline) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17] CHR Extension: (ScriptBlock) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2015-10-21] CHR Extension: (Disconnect) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-10-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-21] CHR Extension: (Bitdefender QuickScan) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-10-21] CHR Extension: (Gmail) - C:\Users\gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-21] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-03] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-03] CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-10-22] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer\Bluetooth Suite\adminservice.exe [305664 2015-01-26] (Qualcomm Atheros) [File not signed] R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed] R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-09-09] () [File not signed] R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2015-01-28] (Acer Incorporated) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-11-14] (SurfRight B.V.) R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4334704 2015-12-09] (SurfRight B.V.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-03-11] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3722912 2015-11-07] (Check Point Software Technologies Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [840264 2015-11-20] (Webroot) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [164208 2015-12-09] (SurfRight B.V.) R3 hmpnet; C:\Windows\system32\drivers\hmpnet.sys [69960 2015-12-09] (SurfRight B.V.) R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-11-03] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-11-03] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [172920 2015-11-03] (AO Kaspersky Lab) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-11-03] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [917880 2015-11-03] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [103096 2015-11-03] (Kaspersky Lab ZAO) S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation) S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation) S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-09-08] (Windows (R) Win 7 DDK provider) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2299392 2015-01-28] (Qualcomm Atheros, Inc.) S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-08-15] (EldoS Corporation) R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [43176 2015-01-14] (Synaptics Incorporated) R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation) R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [462304 2015-11-07] (Check Point Software Technologies Ltd.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-10-18] (VMware, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-22] (Webroot) S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [43600 2015-11-04] (Webroot) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-13 10:57 - 2015-12-13 10:57 - 00016384 _____ C:\Windows\SysWOW64\��E 2015-12-13 10:57 - 2015-12-13 10:57 - 00000022 _____ C:\Windows\S.dirmngr 2015-12-12 09:00 - 2015-12-09 16:57 - 02142120 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll 2015-12-10 08:36 - 2015-12-10 08:36 - 00000000 ____D C:\Users\gerry\AppData\LocalLow\LastPass 2015-12-10 08:36 - 2015-12-10 08:36 - 00000000 ____D C:\Users\gerry\AppData\Local\lptmp 2015-12-09 15:00 - 2015-12-09 15:00 - 00016384 _____ C:\Windows\SysWOW64\��U 2015-12-09 14:52 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-09 14:52 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-09 14:52 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-09 14:52 - 2015-11-11 10:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-12-09 14:52 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-09 14:52 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-09 14:52 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-09 14:52 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-09 14:52 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-09 14:52 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-09 14:52 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-09 14:52 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-09 14:52 - 2015-11-09 18:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-12-09 14:52 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-09 14:52 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-09 14:52 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-09 14:52 - 2015-11-09 18:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-09 14:52 - 2015-11-09 18:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-12-09 14:52 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-09 14:52 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-09 14:52 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-09 14:52 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-09 14:52 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-09 14:52 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-09 14:52 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-09 14:52 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-09 14:52 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-09 14:52 - 2015-11-08 16:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-12-09 14:52 - 2015-11-08 16:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-12-09 14:52 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-09 14:52 - 2015-11-08 16:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-09 14:52 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-09 14:52 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-09 14:52 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-09 14:52 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-09 14:52 - 2015-11-08 15:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-12-09 14:52 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-09 14:52 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-09 14:52 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-09 14:47 - 2015-11-22 01:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-12-09 14:47 - 2015-11-22 01:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-12-09 14:47 - 2015-11-22 01:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-12-09 14:47 - 2015-11-22 01:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-12-09 14:47 - 2015-11-22 01:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-12-09 14:47 - 2015-11-22 01:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-12-09 14:47 - 2015-11-22 01:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-12-09 14:47 - 2015-11-21 13:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-12-09 14:47 - 2015-11-21 12:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-12-09 14:47 - 2015-11-21 11:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-09 14:47 - 2015-11-21 11:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-09 14:47 - 2015-11-21 11:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-09 14:47 - 2015-11-21 11:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-09 14:47 - 2015-11-08 19:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-09 14:47 - 2015-11-08 17:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-09 14:47 - 2015-11-08 16:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-09 14:47 - 2015-11-08 16:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-09 14:47 - 2015-11-08 16:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2015-12-09 14:47 - 2015-11-08 15:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-09 14:47 - 2015-11-08 15:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-09 14:47 - 2015-11-08 15:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2015-12-09 14:46 - 2015-11-05 03:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-09 14:46 - 2015-10-28 10:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-12-09 14:46 - 2015-10-28 10:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-12-09 14:01 - 2015-12-09 14:01 - 00342240 _____ C:\Windows\Minidump\120915-15593-01.dmp 2015-12-08 14:13 - 2015-12-08 14:13 - 00002051 _____ C:\Users\gerry\Desktop\VirusTotal Uploader 2.2.lnk 2015-12-08 14:13 - 2015-12-08 14:13 - 00000000 ____D C:\Users\gerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2 2015-12-08 14:13 - 2015-12-08 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2 2015-12-08 14:13 - 2015-12-08 14:13 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2 2015-12-07 10:02 - 2015-12-07 10:24 - 00018915 _____ C:\Windows\SysWOW64\Netbooster_Log.txt 2015-12-06 08:46 - 2015-12-06 08:46 - 00016384 _____ C:\Windows\SysWOW64\8�� 2015-12-05 16:35 - 2015-12-05 16:35 - 00016384 _____ C:\Windows\SysWOW64\��� 2015-12-04 10:59 - 2015-12-04 10:59 - 00338888 _____ C:\Windows\Minidump\120415-12687-01.dmp 2015-12-04 09:54 - 2015-12-04 09:54 - 00003783 _____ C:\Users\gerry\AppData\Local\recently-used.xbel 2015-12-03 09:25 - 2015-12-03 09:25 - 00016384 _____ C:\Windows\SysWOW64\@�U 2015-12-02 17:55 - 2015-12-02 17:55 - 00000000 ____D C:\Users\gerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GWX Control Panel 2015-12-02 17:55 - 2015-12-02 17:55 - 00000000 ____D C:\Program Files (x86)\UltimateOutsider 2015-12-02 16:35 - 2015-12-02 16:35 - 00000972 _____ C:\Windows\system32\Drivers\etc\hosts.txt 2015-12-02 12:53 - 2015-12-02 12:53 - 00016384 _____ C:\Windows\SysWOW64\د� 2015-12-02 11:54 - 2015-12-02 11:54 - 00016384 _____ C:\Windows\SysWOW64\��i 2015-12-02 10:42 - 2015-12-02 10:55 - 01889924 _____ C:\TDSSKiller.3.1.0.5_02.12.2015_10.42.32_log.txt 2015-12-02 10:40 - 2015-12-02 10:41 - 00862672 _____ C:\TDSSKiller.3.1.0.5_02.12.2015_10.40.35_log.txt 2015-12-02 10:37 - 2015-12-02 10:40 - 00830342 _____ C:\TDSSKiller.3.1.0.5_02.12.2015_10.37.19_log.txt 2015-12-02 10:32 - 2015-12-02 10:35 - 00475050 _____ C:\TDSSKiller.3.1.0.5_02.12.2015_10.32.40_log.txt 2015-12-02 08:12 - 2015-12-02 08:12 - 00016384 _____ C:\Windows\SysWOW64\h�� 2015-12-01 08:42 - 2015-12-01 08:42 - 01876632 _____ C:\Windows\Minidump\120115-15890-01.dmp 2015-11-30 15:50 - 2015-11-30 15:50 - 00016384 _____ C:\Windows\SysWOW64\`�� 2015-11-29 18:00 - 2015-11-29 18:00 - 00016384 _____ C:\Windows\SysWOW64\p�� 2015-11-27 18:37 - 2015-11-27 18:37 - 00016384 _____ C:\Windows\SysWOW64\�} 2015-11-27 17:47 - 2015-11-27 17:47 - 00337896 _____ C:\Windows\Minidump\112715-15703-01.dmp 2015-11-27 16:19 - 2015-11-27 16:19 - 00001261 _____ C:\Users\gerry\Desktop\Paint.lnk 2015-11-27 16:18 - 2015-11-27 16:18 - 00001261 _____ C:\Users\gerry\Desktop\NotePad.lnk 2015-11-27 15:15 - 2015-11-27 15:15 - 00016384 _____ C:\Windows\SysWOW64\��B 2015-11-27 10:52 - 2015-11-27 10:52 - 00001381 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk 2015-11-27 10:52 - 2015-11-27 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate 2015-11-27 10:52 - 2015-11-27 10:52 - 00000000 ____D C:\Program Files (x86)\Seagate 2015-11-27 09:21 - 2015-12-12 11:15 - 00000000 ____D C:\ProgramData\ioloGovernor 2015-11-27 09:21 - 2015-12-12 09:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic 2015-11-27 09:21 - 2015-12-09 17:00 - 00056744 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe 2015-11-27 09:21 - 2015-12-09 17:00 - 00025512 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe 2015-11-27 09:21 - 2015-11-27 09:21 - 00000000 ____D C:\Users\gerry\AppData\Roaming\ioloGovernor 2015-11-27 09:21 - 2015-11-27 09:21 - 00000000 ____D C:\Program Files (x86)\iolo 2015-11-27 09:18 - 2015-12-12 09:09 - 00000000 ____D C:\ProgramData\iolo 2015-11-27 09:18 - 2015-11-27 09:28 - 00000000 ____D C:\Users\gerry\AppData\Roaming\iolo 2015-11-27 09:18 - 2015-11-27 09:18 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dat 2015-11-27 08:54 - 2015-11-27 08:54 - 00016384 _____ C:\Windows\SysWOW64\��v 2015-11-27 08:21 - 2015-11-27 08:22 - 00001260 _____ C:\Users\gerry\Desktop\TaskSTRun.lnk 2015-11-25 23:04 - 2015-11-25 23:04 - 00028672 _____ C:\Users\gerry\Documents\EasyBCD Backup (2015-11-25).bcd 2015-11-25 23:03 - 2015-11-26 00:03 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies 2015-11-25 23:03 - 2015-11-25 23:03 - 00000000 ____D C:\Users\gerry\AppData\Local\NeoSmart_Technologies 2015-11-25 15:28 - 2015-11-25 15:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-11-25 11:05 - 2015-11-27 10:34 - 00007630 _____ C:\Users\gerry\AppData\Local\resmon.resmoncfg 2015-11-24 21:07 - 2015-12-02 11:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-24 21:04 - 2015-12-02 11:06 - 00000000 ____D C:\Users\gerry\Desktop\MwbAr 2015-11-24 12:54 - 2015-11-24 12:57 - 00000000 ____D C:\Users\gerry\AppData\Roaming\VMware 2015-11-24 12:54 - 2015-11-24 12:57 - 00000000 ____D C:\Users\gerry\AppData\Local\VMware 2015-11-24 12:52 - 2015-10-18 18:33 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys 2015-11-24 12:52 - 2015-10-18 18:33 - 00033472 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys 2015-11-24 12:52 - 2015-10-18 17:53 - 00075512 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys 2015-11-24 12:52 - 2015-10-18 17:53 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll 2015-11-24 12:52 - 2015-10-18 17:53 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll 2015-11-24 12:51 - 2015-12-13 10:57 - 00000000 ____D C:\ProgramData\VMware 2015-11-24 12:51 - 2015-11-24 12:51 - 00001168 _____ C:\Users\Public\Desktop\VMware Workstation 12 Player.lnk 2015-11-24 12:51 - 2015-11-24 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware 2015-11-24 12:51 - 2015-11-24 12:51 - 00000000 ____D C:\Program Files\Common Files\VMware 2015-11-24 12:51 - 2015-11-24 12:51 - 00000000 ____D C:\Program Files (x86)\VMware 2015-11-24 12:51 - 2015-10-18 18:33 - 00934080 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll 2015-11-24 12:51 - 2015-10-18 18:33 - 00391872 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe 2015-11-24 12:51 - 2015-10-18 18:33 - 00358080 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe 2015-11-24 12:51 - 2015-10-18 18:11 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys 2015-11-24 12:51 - 2015-10-06 08:02 - 00057536 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys 2015-11-24 11:27 - 2015-11-24 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-11-24 11:25 - 2015-12-13 10:57 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-24 11:25 - 2015-12-13 10:36 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-24 11:25 - 2015-12-04 14:31 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-11-24 11:25 - 2015-12-04 14:31 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-11-23 13:00 - 2015-11-23 13:00 - 00000874 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2015-11-23 13:00 - 2015-11-23 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2015-11-22 10:46 - 2015-11-24 12:51 - 00883630 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-11-22 10:45 - 2015-11-22 10:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-11-22 10:45 - 2015-11-22 10:45 - 00000000 ____D C:\Users\gerry\AppData\Roaming\Intel Corporation 2015-11-22 10:28 - 2015-11-22 10:28 - 00000000 ____D C:\Users\gerry\Intel 2015-11-21 19:04 - 2015-11-21 19:06 - 00430706 _____ C:\Windows\system32\Drivers\vsconfig.xml 2015-11-21 19:04 - 2015-11-03 06:42 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2015-11-21 19:03 - 2015-11-21 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point 2015-11-21 19:03 - 2015-11-03 06:42 - 00227512 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2015-11-21 18:55 - 2015-11-21 19:03 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2015-11-19 09:07 - 2015-11-19 09:07 - 00000000 ____D C:\Users\gerry\AppData\Roaming\Wireshark 2015-11-17 14:41 - 2015-10-20 04:59 - 00262144 ___SH C:\Users\gerry\Downloads\ELAM 2015-11-17 14:07 - 2015-11-17 11:03 - 00000338 _____ C:\Users\gerry\Downloads\.crusader 2015-11-17 11:03 - 2015-11-17 11:03 - 00000338 _____ C:\Windows\system32\.crusader 2015-11-16 15:55 - 2015-11-16 15:55 - 00321104 _____ C:\Windows\Minidump\111615-12796-01.dmp 2015-11-16 01:01 - 2015-11-16 01:01 - 00001394 _____ C:\Users\gerry\Desktop\Debian 8.1.0 (Jessie).lnk 2015-11-16 01:01 - 2015-11-16 01:01 - 00001358 _____ C:\Users\gerry\Desktop\Fedora WS 22.lnk 2015-11-16 00:08 - 2015-11-16 00:41 - 00000000 ____D C:\Users\gerry\VirtualBox VMs 2015-11-15 21:46 - 2015-11-15 21:46 - 00001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2015-11-15 21:19 - 2015-04-30 20:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe 2015-11-15 21:19 - 2015-04-30 20:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-11-15 21:19 - 2015-04-30 20:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll 2015-11-15 21:19 - 2015-01-05 22:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys 2015-11-15 21:19 - 2015-01-05 21:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys 2015-11-15 21:19 - 2015-01-05 20:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll 2015-11-15 21:19 - 2015-01-05 20:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll 2015-11-15 21:19 - 2014-11-17 15:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe 2015-11-15 21:19 - 2014-11-17 15:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe 2015-11-15 21:19 - 2014-11-14 01:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll 2015-11-15 21:19 - 2014-11-14 01:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll 2015-11-15 21:18 - 2015-06-09 17:39 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS 2015-11-15 21:18 - 2015-06-09 17:39 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys 2015-11-15 21:18 - 2015-06-09 17:38 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys 2015-11-15 15:07 - 2015-11-15 15:07 - 00000000 ____D C:\Users\Public\Documents\sun 2015-11-15 15:06 - 2015-11-15 15:06 - 00001516 _____ C:\Users\Public\Desktop\LibreOffice 5.0.lnk 2015-11-15 15:06 - 2015-11-15 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0 2015-11-15 15:05 - 2015-11-15 15:06 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5 2015-11-14 15:35 - 2015-11-14 15:35 - 00000000 _____ C:\Users\gerry\Request 2015-11-14 15:05 - 2015-12-09 09:41 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert 2015-11-14 15:05 - 2015-12-09 09:39 - 00842576 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll 2015-11-14 15:05 - 2015-12-09 09:39 - 00760144 _____ (SurfRight B.V.) C:\Windows\SysWOW64\hmpalert.dll 2015-11-14 15:05 - 2015-12-09 09:39 - 00164208 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpalert.sys 2015-11-14 15:05 - 2015-12-09 09:39 - 00069960 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpnet.sys 2015-11-14 15:05 - 2015-11-14 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2015-11-14 14:56 - 2015-11-14 15:00 - 00000000 ____D C:\Program Files\HitmanPro 2015-11-14 14:56 - 2015-11-14 14:56 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2015-11-14 14:56 - 2015-11-14 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-11-14 12:57 - 2015-11-14 12:57 - 00001096 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2015-11-14 12:57 - 2015-11-14 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2015-11-14 12:57 - 2015-11-14 12:57 - 00000000 ____D C:\Program Files\Oracle 2015-11-14 12:57 - 2015-11-10 17:56 - 00964928 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2015-11-14 12:05 - 2015-12-02 14:10 - 00752262 _____ C:\Windows\ntbtlog.txt 2015-11-13 11:59 - 2015-09-29 07:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys 2015-11-13 11:59 - 2015-09-04 14:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys 2015-11-13 11:59 - 2015-08-28 17:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe 2015-11-13 11:59 - 2015-08-20 15:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-11-13 11:59 - 2015-08-20 12:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-13 11:08 - 2015-10-26 17:38 - 00000000 ____D C:\FRST 2015-12-13 11:05 - 2014-11-21 03:44 - 00869556 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-13 11:05 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf 2015-12-13 11:03 - 2015-10-20 05:01 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-353222165-342148677-1426660868-1001 2015-12-13 10:58 - 2015-10-21 07:59 - 00000000 ____D C:\Users\gerry\AppData\Local\PasswordSafe 2015-12-13 10:58 - 2015-10-20 04:55 - 00000000 __SHD C:\Users\gerry\IntelGraphicsProfiles 2015-12-13 10:57 - 2015-11-01 22:16 - 00000000 ____D C:\ProgramData\HitmanPro.Alert 2015-12-13 10:57 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-13 10:57 - 2013-08-22 08:36 - 00000000 ____D C:\Windows 2015-12-13 10:18 - 2015-10-21 11:30 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-12-13 09:21 - 2015-10-21 09:22 - 00000000 ____D C:\Users\gerry\AppData\Roaming\QuickScan 2015-12-13 08:54 - 2015-10-22 13:08 - 00000000 ____D C:\ProgramData\WRData 2015-12-13 00:31 - 2015-11-01 22:16 - 00000000 ____D C:\Windows\CryptoGuard 2015-12-12 13:19 - 2015-11-07 22:23 - 00000000 ____D C:\Users\gerry\AppData\Roaming\vlc 2015-12-12 12:36 - 2015-10-21 08:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-12 11:47 - 2015-10-31 16:30 - 00007891 _____ C:\Windows\BRRBCOM.INI 2015-12-12 09:00 - 2013-08-22 10:36 - 00000000 __RSD C:\Windows\Media 2015-12-11 18:18 - 2015-10-21 08:00 - 00000000 ____D C:\Users\gerry\Documents\My Safes 2015-12-10 22:38 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF 2015-12-10 13:12 - 2015-10-22 09:13 - 00000000 ____D C:\Users\gerry\AppData\Roaming\gnupg 2015-12-09 18:26 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache 2015-12-09 16:31 - 2015-10-21 07:38 - 00000000 ____D C:\Users\gerry\AppData\Local\CrashDumps 2015-12-09 14:59 - 2013-08-22 09:44 - 00368936 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-09 14:59 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-12-09 14:56 - 2015-10-20 04:55 - 00000000 ____D C:\Users\gerry 2015-12-09 14:55 - 2015-10-21 12:06 - 00000000 ____D C:\Windows\system32\MRT 2015-12-09 14:55 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp 2015-12-09 14:52 - 2015-10-21 12:06 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-09 14:27 - 2015-10-21 14:32 - 00000000 ____D C:\Users\gerry\AppData\Roaming\Macromedia 2015-12-09 14:01 - 2015-11-03 11:29 - 914652451 _____ C:\Windows\MEMORY.DMP 2015-12-09 14:01 - 2015-11-03 11:29 - 00000000 ____D C:\Windows\Minidump 2015-12-09 13:30 - 2015-10-21 07:57 - 00000000 ____D C:\My Stuff 2015-12-06 13:41 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness 2015-12-06 09:42 - 2015-10-21 13:36 - 00000000 ____D C:\Users\gerry\AppData\Local\ElevatedDiagnostics 2015-12-04 09:54 - 2015-11-05 19:17 - 00000000 ____D C:\Users\gerry\AppData\Local\gtk-2.0 2015-12-03 09:25 - 2015-03-24 01:44 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-12-02 18:17 - 2014-11-21 10:56 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-12-02 18:14 - 2015-10-21 08:41 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-12-02 18:14 - 2015-10-21 08:41 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-12-02 18:14 - 2014-11-21 04:17 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-12-02 18:14 - 2014-11-21 04:15 - 00537088 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-12-02 18:14 - 2014-11-21 04:15 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-12-02 18:14 - 2014-11-21 04:15 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-12-02 18:14 - 2014-11-21 04:15 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-12-02 10:56 - 2015-10-21 08:03 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-12-01 12:19 - 2015-03-24 01:29 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-01 12:19 - 2015-03-24 01:29 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-01 09:51 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-11-27 11:24 - 2015-10-23 11:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-27 10:52 - 2015-03-24 01:43 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-26 15:41 - 2015-10-21 11:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-11-25 09:29 - 2015-11-05 16:29 - 00000000 ____D C:\Users\gerry\.VirtualBox 2015-11-25 08:24 - 2015-10-20 04:57 - 00000000 ____D C:\Users\gerry\AppData\Local\NVIDIA Corporation 2015-11-24 11:27 - 2015-10-21 09:07 - 00000000 ____D C:\Program Files (x86)\Google 2015-11-23 13:00 - 2015-10-21 11:29 - 00000000 ____D C:\Program Files\RogueKiller 2015-11-22 10:45 - 2015-06-11 11:16 - 00000000 ____D C:\Program Files\Intel 2015-11-21 19:13 - 2015-10-23 20:05 - 00000000 ____D C:\Program Files\Common Files\AV 2015-11-21 19:03 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-11-21 18:54 - 2015-10-21 08:55 - 00000000 ____D C:\ProgramData\CheckPoint 2015-11-20 07:49 - 2015-10-22 13:08 - 00172328 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll 2015-11-20 07:49 - 2015-10-22 13:08 - 00107456 _____ (Webroot) C:\Windows\system32\WRusr.dll 2015-11-17 11:03 - 2015-10-21 08:40 - 00000000 ____D C:\ProgramData\HitmanPro 2015-11-15 14:45 - 2015-11-05 19:14 - 00000000 ____D C:\Users\gerry\AppData\Roaming\.kde 2015-11-14 12:56 - 2015-10-20 04:55 - 00000000 ____D C:\Users\gerry\AppData\Local\VirtualStore ==================== Files in the root of some directories ======= 2015-10-21 07:42 - 2015-12-10 08:36 - 12891272 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe 2015-12-04 09:54 - 2015-12-04 09:54 - 0003783 _____ () C:\Users\gerry\AppData\Local\recently-used.xbel 2015-11-25 11:05 - 2015-11-27 10:34 - 0007630 _____ () C:\Users\gerry\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-10 09:56 ==================== End of FRST.txt ============================