Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sup Redirects on Google Chrome

Started by xx255q , Dec 30 2014 07:12 AM
sup redirect Google Chrome

  • Please log in to reply

#1
xx255q
Posted 30 December 2014 - 07:12 AM

xx255q

    New Member

  • Member
  • Pip
  • 3 posts

Hello, For a while now every so often my web browser (GC) is redirected with the tab usually renamed Sup.

 

Here is what OTL.Txt says

 

http://www.adcash.co..._rff=px.pluginh   this is an example of the redirects I get

 

 

OTL logfile created on: 12/30/2014 7:55:27 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 4.52 Gb Available Physical Memory | 57.32% Memory free
15.78 Gb Paging File | 12.13 Gb Available in Paging File | 76.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.78 Gb Total Space | 34.27 Gb Free Space | 14.72% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 112.96 Gb Free Space | 12.13% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 71.86 Mb Free Space | 71.87% Space Free | Partition Type: NTFS
Drive G: | 111.69 Gb Total Space | 92.64 Gb Free Space | 82.94% Space Free | Partition Type: NTFS
Drive I: | 4657.52 Gb Total Space | 67.71 Gb Free Space | 1.45% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/30 07:55:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
PRC - [2014/12/22 02:43:38 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\bin\rubyw.exe
PRC - [2014/12/22 02:43:21 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\owner\AppData\Local\Temp\ocr3B2B.tmp\bin\rubyw.exe
PRC - [2014/12/21 22:31:16 | 001,872,520 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
PRC - [2014/12/21 22:31:16 | 000,034,952 | ---- | M] (Python Software Foundation) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2014/12/21 22:31:14 | 005,142,664 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2014/12/12 19:13:07 | 002,531,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/12/12 19:13:04 | 001,701,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/11/17 09:59:27 | 000,029,696 | ---- | M] () -- E:\SickBeard-win32-alpha-build503\SickBeard.exe
PRC - [2014/11/12 15:46:08 | 000,409,800 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/11/06 04:26:49 | 008,817,658 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe
PRC - [2014/11/06 04:26:49 | 000,184,320 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\pia_tray.exe
PRC - [2014/08/27 23:54:07 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/06/10 20:14:17 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/17 13:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 13:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/06/25 09:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/05/20 11:26:26 | 000,291,648 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/09/05 12:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/22 02:43:40 | 000,026,624 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
MOD - [2014/12/22 02:43:39 | 000,275,968 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
MOD - [2014/12/22 02:43:39 | 000,126,976 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
MOD - [2014/12/22 02:43:39 | 000,118,784 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
MOD - [2014/12/22 02:43:39 | 000,095,744 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
MOD - [2014/12/22 02:43:39 | 000,094,208 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
MOD - [2014/12/22 02:43:39 | 000,087,552 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
MOD - [2014/12/22 02:43:39 | 000,069,120 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
MOD - [2014/12/22 02:43:39 | 000,036,352 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
MOD - [2014/12/22 02:43:39 | 000,026,624 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
MOD - [2014/12/22 02:43:39 | 000,023,552 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
MOD - [2014/12/22 02:43:39 | 000,016,384 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
MOD - [2014/12/22 02:43:39 | 000,015,360 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
MOD - [2014/12/22 02:43:39 | 000,013,312 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
MOD - [2014/12/22 02:43:39 | 000,009,216 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
MOD - [2014/12/22 02:43:39 | 000,008,704 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
MOD - [2014/12/22 02:43:39 | 000,008,704 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
MOD - [2014/12/22 02:43:39 | 000,008,704 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
MOD - [2014/12/22 02:43:39 | 000,008,704 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
MOD - [2014/12/22 02:43:39 | 000,008,192 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
MOD - [2014/12/22 02:43:38 | 000,127,316 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\bin\libffi-6.dll
MOD - [2014/12/22 02:43:38 | 000,094,208 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\src\rgloader\rgloader193.mswin.so
MOD - [2014/12/22 02:43:38 | 000,083,968 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\bin\zlib1.dll
MOD - [2014/12/22 02:43:38 | 000,026,624 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr3B2B.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
MOD - [2014/12/22 02:43:38 | 000,014,848 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
MOD - [2014/12/22 02:43:38 | 000,012,800 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
MOD - [2014/12/22 02:43:38 | 000,009,728 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr925F.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
MOD - [2014/12/22 02:43:34 | 000,126,976 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr3B2B.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
MOD - [2014/12/22 02:43:34 | 000,087,552 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr3B2B.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
MOD - [2014/12/22 02:43:34 | 000,016,384 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr3B2B.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
MOD - [2014/12/22 02:43:33 | 000,009,216 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr3B2B.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
MOD - [2014/12/22 02:43:29 | 000,095,744 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr3B2B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
MOD - [2014/12/22 02:43:29 | 000,094,208 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr3B2B.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
MOD - [2014/12/22 02:43:29 | 000,013,312 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr3B2B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
MOD - [2014/12/22 02:43:29 | 000,008,704 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr3B2B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
MOD - [2014/12/22 02:43:24 | 000,014,848 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr3B2B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
MOD - [2014/12/22 02:43:24 | 000,012,800 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr3B2B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
MOD - [2014/12/22 02:43:24 | 000,009,728 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr3B2B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
MOD - [2014/12/22 02:43:22 | 000,127,316 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr3B2B.tmp\bin\libffi-6.dll
MOD - [2014/12/22 02:43:19 | 000,094,208 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\ocr3B2B.tmp\src\rgloader\rgloader193.mswin.so
MOD - [2014/12/21 22:31:50 | 000,043,656 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2014/12/21 22:31:50 | 000,034,952 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2014/12/21 22:31:48 | 000,836,232 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2014/12/21 22:31:48 | 000,192,136 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2014/12/21 22:31:48 | 000,054,920 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2014/12/21 22:31:48 | 000,017,032 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2014/12/21 22:31:46 | 000,044,680 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2014/12/21 22:31:46 | 000,027,784 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2014/12/21 22:31:44 | 000,081,544 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2014/12/21 22:31:44 | 000,018,568 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2014/12/21 22:31:42 | 000,689,800 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2014/12/21 22:31:42 | 000,111,240 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2014/12/21 22:31:42 | 000,072,840 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
MOD - [2014/12/21 22:31:42 | 000,016,520 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2014/12/21 22:31:40 | 000,502,920 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
MOD - [2014/12/21 22:31:38 | 000,049,800 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2014/12/21 22:31:36 | 000,086,664 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2014/12/21 22:31:32 | 002,092,680 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
MOD - [2014/12/21 22:31:32 | 001,883,272 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
MOD - [2014/12/21 22:31:30 | 000,838,792 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
MOD - [2014/12/21 22:31:30 | 000,166,024 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
MOD - [2014/12/21 22:31:28 | 000,196,232 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
MOD - [2014/12/21 22:31:28 | 000,062,600 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
MOD - [2014/11/17 09:59:27 | 000,720,896 | ---- | M] () -- E:\SickBeard-win32-alpha-build503\lib\_ssl.pyd
MOD - [2014/11/17 09:59:27 | 000,585,728 | ---- | M] () -- E:\SickBeard-win32-alpha-build503\lib\unicodedata.pyd
MOD - [2014/11/17 09:59:27 | 000,571,904 | ---- | M] () -- E:\SickBeard-win32-alpha-build503\lib\sqlite3.dll
MOD - [2014/11/17 09:59:27 | 000,286,208 | ---- | M] () -- E:\SickBeard-win32-alpha-build503\lib\_hashlib.pyd
MOD - [2014/11/17 09:59:27 | 000,153,088 | ---- | M] () -- E:\SickBeard-win32-alpha-build503\lib\pyexpat.pyd
MOD - [2014/11/17 09:59:27 | 000,086,016 | ---- | M] () -- E:\SickBeard-win32-alpha-build503\lib\_elementtree.pyd
MOD - [2014/11/17 09:59:27 | 000,073,728 | ---- | M] () -- E:\SickBeard-win32-alpha-build503\lib\_ctypes.pyd
MOD - [2014/11/17 09:59:27 | 000,072,192 | ---- | M] () -- E:\SickBeard-win32-alpha-build503\lib\bz2.pyd
MOD - [2014/11/17 09:59:27 | 000,053,760 | ---- | M] () -- E:\SickBeard-win32-alpha-build503\lib\_sqlite3.pyd
MOD - [2014/11/17 09:59:27 | 000,040,448 | ---- | M] () -- E:\SickBeard-win32-alpha-build503\lib\_socket.pyd
MOD - [2014/11/17 09:59:27 | 000,029,696 | ---- | M] () -- E:\SickBeard-win32-alpha-build503\SickBeard.exe
MOD - [2014/11/17 09:59:27 | 000,023,552 | ---- | M] () -- E:\SickBeard-win32-alpha-build503\lib\_multiprocessing.pyd
MOD - [2014/11/17 09:59:27 | 000,011,776 | ---- | M] () -- E:\SickBeard-win32-alpha-build503\lib\select.pyd
MOD - [2014/11/06 04:26:50 | 001,234,944 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
MOD - [2014/11/06 04:26:50 | 001,198,592 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
MOD - [2014/11/06 04:26:50 | 000,642,048 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
MOD - [2014/11/06 04:26:50 | 000,511,488 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
MOD - [2014/11/06 04:26:50 | 000,290,816 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
MOD - [2014/11/06 04:26:50 | 000,059,904 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
MOD - [2014/11/06 04:26:49 | 008,817,658 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe
MOD - [2014/11/06 04:26:49 | 000,815,104 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
MOD - [2014/11/06 04:26:49 | 000,745,472 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
MOD - [2014/11/06 04:26:49 | 000,368,640 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
MOD - [2014/11/06 04:26:49 | 000,344,064 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
MOD - [2014/11/06 04:26:49 | 000,217,088 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
MOD - [2014/11/06 04:26:49 | 000,200,704 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
MOD - [2014/11/06 04:26:49 | 000,184,320 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\pia_tray.exe
MOD - [2014/11/06 04:26:49 | 000,180,224 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
MOD - [2014/10/14 23:28:04 | 008,897,696 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/10/11 13:05:58 | 000,237,352 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
MOD - [2014/08/27 23:54:06 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\ppgooglenaclpluginchrome.dll
MOD - [2014/08/27 23:54:05 | 014,669,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\PepperFlash\pepflashplayer.dll
MOD - [2014/08/27 23:54:04 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\pdf.dll
MOD - [2014/08/27 23:54:00 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\libglesv2.dll
MOD - [2014/08/27 23:53:58 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\libegl.dll
MOD - [2014/08/27 23:53:57 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\ffmpegsumo.dll
MOD - [2014/02/06 00:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/12 19:13:04 | 001,148,560 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014/12/12 19:13:03 | 019,823,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/06/05 08:59:36 | 000,315,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:64bit: - [2013/09/05 02:03:22 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/20 13:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2014/12/23 04:36:32 | 001,903,472 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- E:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2014/12/12 19:13:04 | 001,701,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/11/30 19:57:59 | 000,023,552 | ---- | M] (www.nzbdrone.com) [Auto | Stopped] -- C:\ProgramData\NzbDrone\bin\NzbDrone.Console.exe -- (NzbDrone)
SRV - [2014/11/12 15:46:08 | 000,409,800 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/07/15 21:28:18 | 000,542,912 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/06/10 20:14:17 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/06/05 08:59:32 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/04/03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/11 17:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/26 13:07:40 | 001,498,000 | ---- | M] (Binary Fortress Software) [Auto | Running] -- E:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe -- (DisplayFusionService)
SRV - [2012/07/17 13:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 13:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/25 09:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/12 19:13:03 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/11/22 05:46:30 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/11/17 17:18:52 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/10/13 18:47:22 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/06/05 08:59:16 | 000,450,520 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014/05/19 01:47:40 | 000,033,448 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)
DRV:64bit: - [2014/05/19 01:47:38 | 000,031,400 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)
DRV:64bit: - [2014/05/19 01:47:28 | 000,155,816 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2014/05/16 20:25:22 | 003,791,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/05/16 19:42:38 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/09/05 02:59:10 | 012,653,568 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/09/05 01:33:34 | 000,617,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/07/05 03:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/19 04:14:28 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/07/02 14:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/20 11:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/05/20 11:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/05/20 11:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/02 05:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011/11/16 09:32:08 | 001,667,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/11/02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/05/24 10:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C BF D9 22 58 EF CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{FF65EC76-BDF4-4C53-8DB6-0E047C91C90E}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: addon%40defaulttab.com:2.0
FF - prefs.js..extensions.enabledAddons: firefox%40webconnect.co:1.0.0
FF - prefs.js..extensions.enabledAddons: %7B7aeae561-714b-45f6-ace3-4a8aed6e227b%7D:10.16.9.6
FF - prefs.js..extensions.enabledAddons: %7Bda51d4f6-3e7e-4ef8-b400-9198e0874606%7D:10.16.9.6
FF - prefs.js..extensions.enabledAddons: %7B5a95a9e0-59dd-4314-bd84-4d18ca83a0e2%7D:1.26
FF - prefs.js..extensions.enabledAddons: afproxy%40anchorfree.com:3.42
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..keyword.URL: "https://search.yahoo...type=599486&p="
FF - prefs.js..network.proxy.type: 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/08/16 21:47:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/08/16 21:47:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{193fe82a-c958-450c-8097-de926f5db967}: C:\Program Files (x86)\LyricSing\130.xpi
 
[2013/08/19 08:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
[2014/12/29 10:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bjpwsxcw.default\extensions
[2013/08/19 09:01:15 | 000,000,000 | ---D | M] (VisualBee V.1) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bjpwsxcw.default\extensions\{7aeae561-714b-45f6-ace3-4a8aed6e227b}
[2013/08/14 00:02:15 | 000,000,000 | ---D | M] (KeyBar 1.14) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bjpwsxcw.default\extensions\{da51d4f6-3e7e-4ef8-b400-9198e0874606}
[2014/08/29 12:53:44 | 000,001,100 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bjpwsxcw.default\searchplugins\visualbee-v1-customized-web-search.xml
[2014/10/07 23:39:17 | 000,000,805 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bjpwsxcw.default\searchplugins\yahoo_ff.xml
[2014/10/10 04:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/23 20:31:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/27 10:41:38 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Slides = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: Google Docs = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Sheets = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: AdBlock = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\
CHR - Extension: Google Wallet = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/12/25 05:48:35 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\RunOnce: [Application Restart #1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.222.18.222 209.222.18.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892A01B3-854B-46D4-9F6A-8DA512E5F27E}: DhcpNameServer = 209.222.18.222 209.222.18.218
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/23 04:07:48 | 000,000,182 | ---- | M] () - I:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4b646caf-9fb5-11e3-b91e-902b34d78a11}\Shell - "" = AutoRun
O33 - MountPoints2\{4b646caf-9fb5-11e3-b91e-902b34d78a11}\Shell\AutoRun\command - "" = I:\Setup.exe -- [2009/01/16 02:14:08 | 000,156,312 | ---- | M] (Seagate Technology LLC)
O33 - MountPoints2\{4b646cb3-9fb5-11e3-b91e-902b34d78a11}\Shell - "" = AutoRun
O33 - MountPoints2\{4b646cb3-9fb5-11e3-b91e-902b34d78a11}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{4b646d14-9fb5-11e3-b91e-902b34d78a11}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/30 00:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/12/30 00:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/12/30 00:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/12/30 00:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2014/12/30 00:02:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/12/29 10:34:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/12/26 06:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2014/12/25 19:54:42 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2014/12/25 19:54:40 | 000,038,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014/12/25 19:54:40 | 000,032,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014/12/25 05:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/12/22 02:25:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/17 13:37:06 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/12/17 13:37:06 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/12/14 02:53:48 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\SquareEnix
[2014/12/14 02:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII-2
[2014/12/11 03:26:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/11 03:02:22 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2014/12/11 03:02:22 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2014/12/10 03:31:21 | 001,232,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2014/12/10 03:31:20 | 001,083,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/12/10 03:31:20 | 000,830,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2014/12/10 03:31:20 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2014/12/10 03:31:20 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/12/10 03:31:20 | 000,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2014/12/10 03:31:20 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/12/10 03:31:20 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2014/12/10 03:31:12 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/12/10 03:31:10 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/12/10 03:31:10 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/12/10 03:31:10 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/12/10 03:31:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/12/10 03:31:10 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/12/10 03:31:10 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/12/10 03:31:10 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/12/10 03:31:09 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/12/10 03:31:09 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/12/10 03:31:09 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/12/10 03:31:09 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/12/10 03:31:08 | 002,052,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/12/10 03:31:08 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/12/10 03:31:08 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/12/10 03:31:08 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/12/10 03:31:08 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/12/10 03:31:08 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/12/10 03:31:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/12/10 03:31:07 | 002,125,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/12/10 03:31:07 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/12/10 03:31:07 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/12/10 03:31:07 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/12/10 03:31:06 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/12/10 03:31:06 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/12/10 03:31:06 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/12/10 03:31:06 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/12/10 03:31:05 | 006,039,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/12/10 03:31:05 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/12/10 03:31:05 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/12/10 03:31:05 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/12/10 03:31:05 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/12/10 03:31:05 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/12/10 03:31:04 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/12/10 03:30:15 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2014/12/10 03:30:15 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\charmap.exe
[2014/12/10 03:30:15 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\charmap.exe
[2014/12/10 03:30:14 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2014/12/10 03:30:14 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2014/12/10 03:30:14 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2014/12/10 03:30:14 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2014/12/10 03:30:14 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2014/12/10 03:30:14 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2014/12/10 03:30:14 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2014/12/08 12:25:05 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvbvm50.dll
[2014/12/08 12:25:05 | 001,070,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx
[2014/12/08 12:25:05 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl32.ocx
[2014/12/08 12:25:05 | 000,722,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vb40032.dll
[2014/12/08 12:25:05 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2014/12/08 12:25:05 | 000,443,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshflxgd.ocx
[2014/12/08 12:25:05 | 000,278,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdatgrd.ocx
[2014/12/08 12:25:05 | 000,258,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msflxgrd.ocx
[2014/12/08 12:25:05 | 000,252,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdatlst.ocx
[2014/12/08 12:25:05 | 000,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tabctl32.ocx
[2014/12/08 12:25:05 | 000,218,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\richtx32.ocx
[2014/12/08 12:25:05 | 000,178,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmask32.ocx
[2014/12/08 12:25:05 | 000,136,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.ocx
[2014/12/08 12:25:05 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstdfmt.dll
[2014/12/08 12:25:05 | 000,126,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswinsck.ocx
[2014/12/08 12:25:05 | 000,119,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomm32.ocx
[2014/12/08 12:25:05 | 000,107,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstkprp.dll
[2014/12/08 12:25:05 | 000,100,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\picclp32.ocx
[2014/12/08 12:25:05 | 000,080,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysinfo.ocx
[2014/12/08 12:25:05 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvci70.dll
[2014/12/08 12:25:04 | 001,024,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2014/12/08 12:25:04 | 001,017,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70u.dll
[2014/12/08 12:25:04 | 000,659,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomct2.ocx
[2014/12/08 12:25:04 | 000,617,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx
[2014/12/08 12:25:04 | 000,415,552 | ---- | C] (Microsoft Corporation ) -- C:\Windows\SysWow64\comct332.ocx
[2014/12/08 12:25:04 | 000,222,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dblist32.ocx
[2014/12/08 12:25:04 | 000,215,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mci32.ocx
[2014/12/08 12:25:04 | 000,170,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comct232.ocx
[2014/12/08 12:25:04 | 000,163,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comdlg32.ocx
[2014/12/08 12:25:04 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl70.dll
[2014/12/08 12:25:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70ita.dll
[2014/12/08 12:25:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70fra.dll
[2014/12/08 12:25:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70esp.dll
[2014/12/08 12:25:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70deu.dll
[2014/12/08 12:25:04 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70enu.dll
[2014/12/08 12:25:04 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70kor.dll
[2014/12/08 12:25:04 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70jpn.dll
[2014/12/08 12:25:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70cht.dll
[2014/12/08 12:25:04 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70chs.dll
[2014/12/08 00:44:34 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\11bitstudios
[2014/12/03 14:18:17 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2014/12/03 14:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tales from the Borderlands
[2014/12/03 11:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game of Thrones A Telltale Games Series
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/30 07:32:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-573133789-2448633893-1897578077-1000UA.job
[2014/12/30 07:02:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/30 02:50:31 | 000,028,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/30 02:50:31 | 000,028,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/30 00:04:28 | 000,001,578 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/12/29 14:02:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/29 10:32:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-573133789-2448633893-1897578077-1000Core.job
[2014/12/29 01:07:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/26 09:55:04 | 003,098,483 | ---- | M] () -- C:\Users\owner\Documents\steins gate wallpaper.jpg
[2014/12/22 02:49:17 | 002,197,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/22 02:49:17 | 000,641,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/22 02:49:17 | 000,006,214 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/22 02:43:07 | 2061,406,207 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/17 13:47:57 | 000,000,817 | ---- | M] () -- C:\Users\owner\Desktop\Game of Thrones A Telltale Games Series.lnk
[2014/12/17 13:47:45 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\Tales from the Borderlands.lnk
[2014/12/17 13:47:24 | 000,000,986 | ---- | M] () -- C:\Users\owner\Desktop\Borderlands - The Pre-Sequel.lnk
[2014/12/17 13:47:12 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\This War of Mine.lnk
[2014/12/17 13:45:49 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Stainless Steel 6.4.lnk
[2014/12/17 13:45:47 | 000,000,735 | ---- | M] () -- C:\Users\owner\Desktop\Far Cry 4.lnk
[2014/12/17 13:45:08 | 000,000,755 | ---- | M] () -- C:\Users\owner\Desktop\Wasteland 2.lnk
[2014/12/17 13:45:02 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2014/12/17 13:44:49 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014/12/17 13:21:32 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2014/12/14 02:41:48 | 000,000,635 | ---- | M] () -- C:\Users\owner\Desktop\Final Fantasy XIII-2.lnk
[2014/12/13 00:09:01 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/12/12 22:33:44 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/12/12 19:12:24 | 002,210,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/12/12 19:12:24 | 001,291,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2014/12/12 19:12:12 | 002,824,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014/12/12 19:12:12 | 001,715,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2014/12/03 21:50:55 | 000,413,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/12/03 21:50:45 | 000,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2014/12/03 21:50:40 | 000,396,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2014/12/03 21:50:38 | 000,830,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2014/12/03 21:50:37 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/12/03 21:50:37 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2014/12/03 21:44:48 | 001,083,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/12/01 18:28:44 | 001,232,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/30 00:04:28 | 000,001,578 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/12/26 09:55:04 | 003,098,483 | ---- | C] () -- C:\Users\owner\Documents\steins gate wallpaper.jpg
[2014/12/14 02:41:48 | 000,000,635 | ---- | C] () -- C:\Users\owner\Desktop\Final Fantasy XIII-2.lnk
[2014/12/08 12:25:05 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2014/12/08 00:44:31 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\This War of Mine.lnk
[2014/12/03 14:17:52 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\Tales from the Borderlands.lnk
[2014/12/03 11:14:20 | 000,000,817 | ---- | C] () -- C:\Users\owner\Desktop\Game of Thrones A Telltale Games Series.lnk
[2014/11/02 03:31:16 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2014/10/04 00:04:07 | 000,000,004 | ---- | C] () -- C:\Users\owner\AppData\Roaming\appdataFr2.bin
[2014/08/29 12:33:42 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/08/16 21:58:32 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2014/08/16 02:53:53 | 174,606,558 | ---- | C] () -- C:\Users\owner\AppData\Local\ACCCx2_7_1_418.zip.aamdownload
[2014/08/16 02:53:53 | 000,002,111 | ---- | C] () -- C:\Users\owner\AppData\Local\ACCCx2_7_1_418.zip.aamdownload.aamd
[2014/06/26 11:44:09 | 000,000,017 | ---- | C] () -- C:\Users\owner\AppData\Local\resmon.resmoncfg
[2014/05/16 20:27:30 | 000,348,088 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/05/16 20:23:38 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/05/16 20:23:36 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014/03/04 22:37:12 | 000,000,600 | ---- | C] () -- C:\Users\owner\AppData\Roaming\winscp.rnd
[2014/01/22 00:17:22 | 000,281,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/01/22 00:17:21 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/09/02 14:30:27 | 000,000,258 | RHS- | C] () -- C:\Users\owner\ntuser.pol
[2013/05/04 10:05:10 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2013/05/02 18:33:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/05/02 18:33:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/05/02 18:33:26 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/05/02 17:22:37 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/02 17:20:13 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2013/03/28 21:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 21:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1329 bytes -> C:\ProgramData\Microsoft:hxxYgea2jO3OnlIHojIPARbdB9Z4r
@Alternate Data Stream - 1216 bytes -> C:\ProgramData\Microsoft:bSK6ijKzgcvMr4lBSW6Vmpo
@Alternate Data Stream - 1145 bytes -> C:\Program Files\Common Files\Microsoft Shared:9zLnXRvkdwi47pojpmzEF28
 
< End of report >
 
Thank you for your time

Edited by xx255q, 30 December 2014 - 07:14 AM.

  • 0

Advertisements

#2
RKinner
Posted 02 January 2015 - 02:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
    •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    xx255q
    Posted 07 February 2015 - 07:28 PM

    xx255q

      New Member

    • Topic Starter
    • Member
    • Pip
    • 3 posts

    First

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
    Ran by owner (administrator) on OWNER-PC on 07-02-2015 20:25:11
    Running from C:\Users\owner\Downloads
    Loaded Profiles: owner (Available profiles: owner)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Program Files\pia_manager\pia_manager.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Binary Fortress Software) E:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Google Inc.) C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) E:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (http://www.ruby-lang.org/) C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\bin\rubyw.exe
    () C:\Program Files\pia_manager\pia_manager.exe
    (http://www.ruby-lang.org/) C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\bin\rubyw.exe
    () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    () C:\Program Files\pia_manager\openvpn.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [Razer Synapse] => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => E:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
    HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\Run: [Google Update] => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-28] (Google Inc.)
    HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
    HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
    HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5142664 2014-12-21] (Plex, Inc.)
    HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
    HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
    HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\MountPoints2: {4b646caf-9fb5-11e3-b91e-902b34d78a11} - I:\setup.exe
    HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\MountPoints2: {4b646cb3-9fb5-11e3-b91e-902b34d78a11} - J:\setup.exe
    HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk
    ShortcutTarget: Universal Media Server.lnk -> E:\Universal Media Server\UMS.exe (No File)
    Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
    ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKU\S-1-5-21-573133789-2448633893-1897578077-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-573133789-2448633893-1897578077-1000 -> {FF65EC76-BDF4-4C53-8DB6-0E047C91C90E} URL = https://search.yahoo...p={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-573133789-2448633893-1897578077-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bjpwsxcw.default
    FF DefaultSearchEngine: Yahoo!
    FF SelectedSearchEngine: Yahoo!
    FF NetworkProxy: "type", 
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
    FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin HKU\S-1-5-21-573133789-2448633893-1897578077-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-573133789-2448633893-1897578077-1000: @talk.google.com/O1DPlugin -> C:\Users\owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-573133789-2448633893-1897578077-1000: @tools.google.com/Google Update;version=3 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-573133789-2448633893-1897578077-1000: @tools.google.com/Google Update;version=9 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-573133789-2448633893-1897578077-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin HKU\S-1-5-21-573133789-2448633893-1897578077-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF SearchPlugin: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bjpwsxcw.default\searchplugins\visualbee-v1-customized-web-search.xml
    FF Extension: VisualBee V.1  - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bjpwsxcw.default\Extensions\{7aeae561-714b-45f6-ace3-4a8aed6e227b} [2013-08-19]
    FF Extension: KeyBar 1.14  - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bjpwsxcw.default\Extensions\{da51d4f6-3e7e-4ef8-b400-9198e0874606} [2013-08-14]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-08-16]
    FF HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\Firefox\Extensions: [{193fe82a-c958-450c-8097-de926f5db967}] - C:\Program Files (x86)\LyricSing\130.xpi
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "https://www.google.com/?gws_rd=ssl"
    CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-29]
    CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-29]
    CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-29]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-29]
    CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29]
    CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29]
    CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-29]
    CHR Extension: (AdBlock) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-29]
    CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29]
    CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29]
    CHR HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    CHR HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\Chrome\Extension: [nlndmljfcnlkbcbbneenigbpikmdfcdh] - C:\Users\owner\AppData\Local\CRE\nlndmljfcnlkbcbbneenigbpikmdfcdh.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [nlndmljfcnlkbcbbneenigbpikmdfcdh] - C:\Users\owner\AppData\Local\CRE\nlndmljfcnlkbcbbneenigbpikmdfcdh.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [npffmjkglbnioaoncpfmdbmehnbcldfh] - C:\Program Files (x86)\LyricSing\130.crx [Not Found]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    R2 DisplayFusionService; E:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-05] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
    S2 NzbDrone; C:\ProgramData\NzbDrone\bin\nzbdrone.console.exe [23552 2014-11-30] (www.nzbdrone.com) [File not signed]
    S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-23] (Electronic Arts)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-10] ()
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
    S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2013-07-05] (Advanced Micro Devices) [File not signed]
    S3 copperhd; C:\Windows\System32\drivers\copperhd.sys [13824 2006-05-24] (Razer (Asia-Pacific) Pte Ltd)
    R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
    S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-05-19] (Razer Inc)
    S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31400 2014-05-19] (Razer Inc)
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-07 20:11 - 2015-02-07 20:22 - 00049906 _____ () C:\Users\owner\Downloads\Addition.txt
    2015-02-07 20:10 - 2015-02-07 20:25 - 00025639 _____ () C:\Users\owner\Downloads\FRST.txt
    2015-02-07 20:09 - 2015-02-07 20:25 - 00000000 ____D () C:\FRST
    2015-02-07 20:08 - 2015-02-07 20:08 - 02132992 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
    2015-02-07 20:07 - 2015-02-07 20:07 - 00000633 _____ () C:\Users\owner\Desktop\JRT.txt
    2015-02-07 20:03 - 2015-02-02 13:13 - 01388274 _____ (Thisisu) C:\Users\owner\Desktop\JRT_NEW.exe
    2015-02-07 19:58 - 2015-02-07 19:58 - 02112512 _____ () C:\Users\owner\Downloads\adwcleaner_4.110.exe
    2015-01-16 10:49 - 2015-01-16 10:49 - 00000732 _____ () C:\Users\Public\Desktop\Inquisition.lnk
    2015-01-15 23:01 - 2014-12-12 19:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2015-01-15 22:59 - 2014-12-13 05:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2015-01-15 22:59 - 2014-12-13 05:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 00391488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 00346944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2015-01-15 22:59 - 2014-12-13 05:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2015-01-15 22:59 - 2014-10-09 12:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2015-01-15 22:59 - 2014-10-09 12:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2015-01-15 22:59 - 2014-10-09 02:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
    2015-01-14 03:21 - 2015-01-14 03:21 - 00000690 _____ () C:\Windows\PFRO.log
    2015-01-13 22:48 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-13 22:48 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-13 22:48 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-13 22:48 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-13 22:48 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-13 22:48 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-13 22:48 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-13 22:48 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-13 22:48 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-13 22:48 - 2014-12-11 12:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-13 22:48 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 22:48 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-13 22:48 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-08 10:29 - 2015-01-08 10:30 - 52666709 _____ () C:\Users\owner\Downloads\SAO.zip
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-07 20:07 - 2009-07-14 00:13 - 00006214 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-07 20:06 - 2009-07-13 23:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-07 20:06 - 2009-07-13 23:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-07 20:04 - 2013-05-02 17:19 - 01738207 _____ () C:\Windows\WindowsUpdate.log
    2015-02-07 20:02 - 2014-09-21 20:34 - 00000000 ___RD () C:\Users\owner\Google Drive
    2015-02-07 20:01 - 2014-12-25 19:54 - 00002522 _____ () C:\Windows\setupact.log
    2015-02-07 20:01 - 2014-08-14 02:23 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
    2015-02-07 20:01 - 2013-05-04 10:18 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-02-07 20:01 - 2013-05-04 10:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-07 20:00 - 2014-12-22 02:25 - 00000000 ____D () C:\AdwCleaner
    2015-02-07 20:00 - 2014-01-16 15:41 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-02-07 20:00 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-07 19:57 - 2014-07-15 00:09 - 00000000 ____D () C:\Users\owner\AppData\Roaming\vlc
    2015-02-07 19:49 - 2013-05-04 10:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-07 19:32 - 2014-01-07 23:10 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573133789-2448633893-1897578077-1000UA.job
    2015-02-07 10:32 - 2014-01-07 23:10 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573133789-2448633893-1897578077-1000Core.job
    2015-02-07 02:00 - 2014-08-14 00:48 - 00000000 ____D () C:\Users\owner\AppData\Local\Adobe
    2015-02-07 01:11 - 2014-09-23 23:26 - 00000000 ____D () C:\Users\owner\AppData\Roaming\tixati
    2015-02-05 20:51 - 2014-08-29 12:58 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-05 00:44 - 2013-05-04 10:13 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-05 00:44 - 2013-05-04 10:13 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-03 23:42 - 2013-05-23 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-02-02 18:38 - 2014-09-03 18:49 - 00000000 ____D () C:\Users\owner\Documents\Calibre Library
    2015-02-02 18:38 - 2013-05-02 17:19 - 00000000 ____D () C:\Users\owner
    2015-01-28 11:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-16 10:42 - 2013-05-06 20:04 - 00000000 ____D () C:\ProgramData\Origin
    2015-01-15 23:01 - 2014-01-16 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2015-01-15 23:01 - 2013-08-07 20:01 - 00000000 ____D () C:\Temp
    2015-01-15 22:45 - 2014-08-01 07:57 - 00000000 ____D () C:\Users\owner\Documents\BioWare
    2015-01-15 22:24 - 2013-09-06 02:32 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-01-14 03:05 - 2013-07-14 02:00 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-14 03:00 - 2013-05-02 18:19 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
     
    ==================== Files in the root of some directories =======
     
    2014-10-04 00:04 - 2014-11-12 07:31 - 0000004 _____ () C:\Users\owner\AppData\Roaming\appdataFr2.bin
    2014-03-04 22:37 - 2014-03-04 22:37 - 0000600 _____ () C:\Users\owner\AppData\Roaming\winscp.rnd
    2014-08-16 02:53 - 2014-08-16 02:54 - 174606558 _____ () C:\Users\owner\AppData\Local\ACCCx2_7_1_418.zip.aamdownload
    2014-08-16 02:53 - 2014-08-16 02:54 - 0002111 _____ () C:\Users\owner\AppData\Local\ACCCx2_7_1_418.zip.aamdownload.aamd
    2014-06-26 11:44 - 2014-06-26 11:44 - 0000017 _____ () C:\Users\owner\AppData\Local\resmon.resmoncfg
     
    Some content of TEMP:
    ====================
    C:\Users\owner\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\owner\AppData\Local\Temp\nvStInst.exe
    C:\Users\owner\AppData\Local\Temp\Quarantine.exe
    C:\Users\owner\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-02-03 00:55
     
    ==================== End Of Log ============================
     
    Addition
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015
    Ran by owner at 2015-02-07 20:22:00
    Running from C:\Users\owner\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    A Game of Thrones version 0.6.2 (HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1) (Version: 0.6.2 - AGOT TEAM)
    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
    Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
    Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
    Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
    Age of Empires II HD © Microsoft Studios version 1 (HKLM-x32\...\QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1) (Version: 1 - )
    Age of Wonders III (HKLM-x32\...\GOGPACKAGEOFWONDERS3_is1) (Version: 2.0.0.4 - GOG.com)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Assassins Creed IV Black Flag (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
    Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
    Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
    Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
    Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
    BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
    bl (x32 Version: 1.0.0 - Your Company Name) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Borderlands - The Pre-Sequel (HKLM-x32\...\Borderlands - The Pre-Sequel_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
    Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
    calibre 64bit (HKLM\...\{170BA998-F98B-47E6-A70E-8AE7B6F9E156}) (Version: 2.1.0 - Kovid Goyal)
    Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
    CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version:  - cbrreader.com)
    CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
    Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
    Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
    Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox Development Studio)
    Crysis 3 (HKLM-x32\...\Crysis 3_is1) (Version: 1.0 - )
    CrystalDiskInfo 5.6.2 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
    Dead Rising 2 (HKLM-x32\...\Dead Rising 2_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
    Dead Rising 3 v.1.0 (HKLM-x32\...\Dead Rising 3_is1) (Version:  - )
    Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
    Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
    Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
    DisplayFusion 5.0.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 5.0.1.0 - Binary Fortress Software)
    Divinity Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)
    Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
    Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
    Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
    Dragon Age Inquisition / RePack by Baracuda (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}_is1) (Version: 1.0.859961 - )
    Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
    Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
    Far Cry 4 (HKLM-x32\...\Far Cry 4_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
    Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
    ffdshow v1.3.4530 [2014-02-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4530.0 - )
    Final Fantasy XIII-2 (HKLM-x32\...\Final Fantasy XIII-2_is1) (Version:  - )
    FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - )
    Galactic Civilizations® III (HKLM-x32\...\Steam App 226860) (Version:  - Stardock Entertainment)
    Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
    Game of Thrones A Telltale Games Series (HKLM-x32\...\Game of Thrones A Telltale Games Series_is1) (Version:  - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
    Google Earth (HKLM-x32\...\{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}) (Version: 7.1.1.1580 - Google)
    Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar)
    Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
    Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
    Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
    Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
    Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
    Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
    Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version:  - Big Huge Games)
    League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
    League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
    LibreOffice 4.1.1.2 (HKLM-x32\...\{F1EE568A-171F-4C06-9BE6-2395BED067A3}) (Version: 4.1.1.2 - The Document Foundation)
    LIMBO (HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\Limbo) (Version:  - )
    Mass Effect 3 (HKLM-x32\...\{CA46EF60-44A0-4BD5-9D97-E6CBB10FDA9A}_is1) (Version:  - )
    Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
    Medieval 2 Total War Gold version 1.05 (HKLM-x32\...\{8241AE65-BF38-4C3F-B0AF-6E9983A4516C}_is1) (Version: 1.05 - vol1)
    METAL GEAR RISING REVENGEANCE, âåðñèÿ 1.0.0.0 (HKLM-x32\...\METAL GEAR RISING REVENGEANCE_is1) (Version: 1.0.0.0 - RePack by SEYTER)
    Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    mIRC (HKLM-x32\...\mIRC) (Version: 7.36 - mIRC Co. Ltd.)
    MKVToolNix 7.3.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.3.0 - Moritz Bunkus)
    Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
    Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version:  - )
    Mozilla Firefox 21.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
    MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
    MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
    NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\TkFSVVRPU0hJUFBVREVOVWx0aW1hdGVOaW5qYVNUT1JNM0Z1~D4302771_is1) (Version: 1 - )
    Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.7 - Black Tree Gaming)
    NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
    NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
    OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
    Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4639 - Electronic Arts, Inc.)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    PA Mod Manager 4.0.3 (HKLM-x32\...\PA Mod Manager) (Version: 4.0.3 - Raevn)
    Papers Please version 1.1.60-S (HKLM-x32\...\Papers Please_is1) (Version: 1.1.60-S - )
    Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.11.0.25431 - Grinding Gear Games)
    Pazera Free MP4 to AVI Converter 1.7 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.7 - Pazera Jacek)
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    ph (x32 Version: 1.0.0 - Your Company Name) Hidden
    PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
    PlanetSide 2 (HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
    Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
    Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
    Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
    Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
    Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.13 - Razer Inc.)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
    Resident Evil 6 / Biohazard 6 (HKLM-x32\...\Steam App 221040) (Version:  - Capcom)
    Robocraft version 0.3.204 (HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1) (Version: 0.3.204 - Freejam)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
    Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
    Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.5 - Samsung)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
    SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
    Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - Ironclad Games)
    Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
    Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - Square Enix)
    South Park The Stick of Truth (HKLM-x32\...\South Park The Stick of Truth_is1) (Version:  - Ubisoft)
    Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
    Spec Ops The Line version 1.02 (HKLM-x32\...\{75D84EF7-0D8C-4e70-SPCOPS-7B42A5D4E0EB}_is1) (Version: 1.02 - Black_Box)
    Star Ruler 2 (HKLM-x32\...\Steam App 282590) (Version:  - Blind Mind Studios)
    Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
    StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
    State of Decay - Lifeline (HKLM-x32\...\State of Decay - Lifeline_is1) (Version:  - )
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Stonehearth (HKLM-x32\...\{AD7C88DB-D06F-4EA2-A4DE-DF888EE700A8}) (Version: 0.1.0.43 - Radiant Entertainment)
    Stonehearth (HKLM-x32\...\Steam App 253250) (Version:  - )
    Stronghold Crusader 2 (HKLM-x32\...\Stronghold Crusader 2_is1) (Version:  - )
    Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
    Synthesia (HKLM-x32\...\Synthesia) (Version: 9 - Synthesia LLC)
    Tales from the Borderlands (HKLM-x32\...\Tales from the Borderlands_is1) (Version:  - Telltale Games)
    Tenda Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.12.0 - Tenda)
    Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
    The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
    The Divinity Engine (HKLM-x32\...\Steam App 307400) (Version:  - )
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
    The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
    The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
    Third Age - Total War 3.0 (Part 1of2) (HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\Third Age - Total War 3.0 (Part 1of2)) (Version:  - )
    Third Age - Total War 3.0 (Part 2of2) (HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\Third Age - Total War 3.0 (Part 2of2)) (Version:  - )
    This War of Mine (HKLM-x32\...\1207666873_is1) (Version: 2.0.0.2 - GOG.com)
    Tixati (HKLM-x32\...\tixati) (Version:  - )
    Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
    Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - )
    Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
    Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
    Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
    Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Wasteland 2 (HKLM-x32\...\Wasteland 2_is1) (Version:  - )
    Watch_Dogs. Deluxe Edition, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Watch_Dogs. Deluxe Edition_is1) (Version: 1.0.0.0 - RePack by SEYTER)
    WinDirStat 1.1.2 (HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\WinDirStat) (Version:  - )
    Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    Wolfenstein. The New Order, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Wolfenstein. The New Order_is1) (Version: 1.0.0.0 - RePack by SEYTER)
    XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-573133789-2448633893-1897578077-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-573133789-2448633893-1897578077-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-573133789-2448633893-1897578077-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-573133789-2448633893-1897578077-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-573133789-2448633893-1897578077-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-573133789-2448633893-1897578077-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
     
    ==================== Restore Points  =========================
     
    28-01-2015 03:34:42 Windows Update
    01-02-2015 03:32:54 Windows Update
    05-02-2015 03:33:20 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 21:34 - 2014-12-25 05:48 - 00000797 ____A C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {03BB3F93-7AD6-45BB-9DA7-7671CABC2621} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {0C8E8403-3AEF-48F5-93B3-011CE6156BA9} - System32\Tasks\AdobeAAMUpdater-1.0-owner-PC-owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
    Task: {2FC942E8-BD5D-45DE-AF1B-B17B6EF27ABA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-573133789-2448633893-1897578077-1000UA => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.)
    Task: {31A002EA-56EC-4192-AC0D-392F21FD0574} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {3E470DCA-AE4F-4340-B30A-B05734AD18A0} - System32\Tasks\{EDDC2857-6754-4770-8345-D3567AB6F067} => pcalua.exe -a C:\Users\owner\Downloads\battlesizer_install.exe -d C:\Users\owner\Downloads
    Task: {4F2FBC19-51AF-4296-8693-F9726AFD6AFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.)
    Task: {50C8ECEA-9988-4875-91F3-0F7154E4369D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
    Task: {549F9B07-8C0D-42CD-97D2-584D3494540E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {560F2546-A96C-4264-8953-1E052CB4769F} - System32\Tasks\{17223B9E-8D0E-4EFB-96E2-54AAD53D1BEC} => pcalua.exe -a C:\Users\owner\Downloads\win64_153318.exe -d C:\Users\owner\Downloads
    Task: {7172229F-BD39-42BA-BC6D-1F15EB2C4A72} - System32\Tasks\{66E09541-CC1D-4D01-BC3E-9F21514F5857} => pcalua.exe -a C:\Users\owner\Downloads\258.96_desktop_win7_winvista_64bit_english_whql.exe -d C:\Users\owner\Downloads
    Task: {798D03D3-7280-45BB-9734-2F539E3D7566} - System32\Tasks\{517F2088-0C20-45FA-8B51-09A5DBAA686B} => pcalua.exe -a C:\Users\owner\Downloads\Win64_153322.exe -d C:\Users\owner\Downloads
    Task: {7E1D7DCE-80B7-4ED5-8E23-F299102F00D3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-14] ()
    Task: {9DE8F49E-A384-4288-9958-533FD80CB579} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-573133789-2448633893-1897578077-1000Core => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.)
    Task: {A1B06280-EF8F-4752-AB8E-5E248F61E38F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.)
    Task: {C54D0A40-F004-4E5A-8CE7-61DF1702374B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {D216DF2F-619C-441E-AD0C-81667AE462E8} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-11-06] ()
    Task: {E32BC2EB-C22C-4FBA-8ED4-C4C2B51E51B9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {EC4FBB94-D832-47F1-9A61-865157EF7C25} - System32\Tasks\{678913D9-D830-4DAE-B6B7-4CC3832129E4} => pcalua.exe -a E:\install.exe -d E:\
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573133789-2448633893-1897578077-1000Core.job => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573133789-2448633893-1897578077-1000UA.job => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) ==============
     
    2014-01-16 15:41 - 2014-12-13 03:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-10-13 18:47 - 2014-11-06 04:26 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
    2014-01-22 00:17 - 2014-06-10 20:14 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2014-10-13 18:47 - 2014-11-06 04:26 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
    2014-10-13 18:47 - 2014-11-06 04:26 - 00690176 _____ () C:\Program Files\pia_manager\openvpn.exe
    2014-10-13 18:47 - 2014-11-06 04:26 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
    2014-10-13 18:47 - 2014-11-06 04:26 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
    2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
    2015-02-07 20:01 - 2015-02-07 20:01 - 00098816 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\win32api.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00110080 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\pywintypes27.dll
    2015-02-07 20:01 - 2015-02-07 20:01 - 00364544 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\pythoncom27.dll
    2015-02-07 20:01 - 2015-02-07 20:01 - 00045568 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\_socket.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 01160704 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\_ssl.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00320512 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\win32com.shell.shell.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00713216 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\_hashlib.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 01175040 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\wx._core_.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00805888 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\wx._gdi_.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00811008 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\wx._windows_.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 01062400 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\wx._controls_.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00735232 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\wx._misc_.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00557056 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\pysqlite2._sqlite.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00128512 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\_elementtree.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00127488 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\pyexpat.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00087552 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\_ctypes.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00119808 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\win32file.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00108544 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\win32security.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00007168 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\hashobjs_ext.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00167936 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\win32gui.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00018432 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\win32event.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00038912 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\win32inet.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00011264 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\win32crypt.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00070656 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\wx._html2.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00027136 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\_multiprocessing.pyd
    2015-02-07 20:00 - 2015-02-07 20:00 - 00035840 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\win32process.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00686080 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\unicodedata.pyd
    2015-02-07 20:00 - 2015-02-07 20:00 - 00122368 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\wx._wizard.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00024064 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\win32pipe.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00025600 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\win32pdh.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00525640 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\windows._lib_cacheinvalidation.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00010240 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\select.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00017408 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\win32profile.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00022528 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\win32ts.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00078336 _____ () C:\Users\owner\AppData\Local\Temp\_MEI25522\wx._animate.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
    2015-02-07 20:01 - 2015-02-07 20:01 - 00012800 _____ () C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00009728 _____ () C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00014848 _____ () C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00094208 _____ () C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\src\rgloader\rgloader193.mswin.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00009216 _____ () C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00094208 _____ () C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00126976 _____ () C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00087552 _____ () C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00016384 _____ () C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00127316 _____ () C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\bin\libffi-6.dll
    2015-02-07 20:01 - 2015-02-07 20:01 - 00008704 _____ () C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00013312 _____ () C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00095744 _____ () C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00026624 _____ () C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00012800 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00009728 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00014848 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00094208 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\src\rgloader\rgloader193.mswin.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00094208 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00118784 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00069120 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00083968 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\bin\zlib1.dll
    2015-02-07 20:01 - 2015-02-07 20:01 - 00026624 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00275968 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00015360 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00008192 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00009216 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00023552 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00008704 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00008704 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00008704 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00008704 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00036352 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00126976 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00087552 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00016384 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00127316 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\bin\libffi-6.dll
    2015-02-07 20:01 - 2015-02-07 20:01 - 00013312 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00095744 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
    2015-02-07 20:01 - 2015-02-07 20:01 - 00026624 _____ () C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
    2014-10-13 18:47 - 2014-11-06 04:26 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
    2014-10-13 18:47 - 2014-11-06 04:26 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
    2014-10-13 18:47 - 2014-11-06 04:26 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
    2014-10-13 18:47 - 2014-11-06 04:26 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
    2014-10-13 18:47 - 2014-11-06 04:26 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
    2014-10-13 18:47 - 2014-11-06 04:26 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
    2014-10-13 18:47 - 2014-11-06 04:26 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
    2014-10-13 18:47 - 2014-11-06 04:26 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
    2014-10-13 18:47 - 2014-11-06 04:26 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
    2014-10-13 18:47 - 2014-11-06 04:26 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
    2014-10-13 18:47 - 2014-11-06 04:26 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
    2014-10-13 18:47 - 2014-11-06 04:26 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
    2014-10-13 18:47 - 2014-11-06 04:26 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
    2014-10-14 23:28 - 2014-10-14 23:28 - 08897696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-08-29 12:47 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2014-08-29 12:47 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2014-08-29 12:47 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2014-08-29 12:47 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2013-03-25 13:23 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-02-05 11:42 - 2014-12-01 19:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-02-05 11:42 - 2014-12-01 19:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-02-05 11:42 - 2014-12-01 19:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2014-05-22 04:38 - 2015-01-23 17:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
    2014-08-29 12:47 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2013-04-19 12:10 - 2015-01-23 17:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2013-03-26 15:16 - 2015-01-15 18:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2013-05-02 17:23 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
    2015-02-05 20:51 - 2015-02-04 04:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
    2015-02-05 20:51 - 2015-02-04 04:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
    2015-02-05 20:51 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
    2015-02-05 20:51 - 2015-02-04 04:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:9zLnXRvkdwi47pojpmzEF28
    AlternateDataStreams: C:\ProgramData\Microsoft:bSK6ijKzgcvMr4lBSW6Vmpo
    AlternateDataStreams: C:\ProgramData\Microsoft:hxxYgea2jO3OnlIHojIPARbdB9Z4r
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== EXE Association (whitelisted) ===============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== Other Registry Areas =====================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-573133789-2448633893-1897578077-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    (Currently there is no automatic fix for this section.)
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-573133789-2448633893-1897578077-500 - Administrator - Disabled)
    Guest (S-1-5-21-573133789-2448633893-1897578077-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-573133789-2448633893-1897578077-1002 - Limited - Enabled)
    owner (S-1-5-21-573133789-2448633893-1897578077-1000 - Administrator - Enabled) => C:\Users\owner
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (02/07/2015 08:06:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
     
    Error: (02/07/2015 08:06:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
     
     
    System errors:
    =============
     
    Microsoft Office Sessions:
    =========================
    Error: (02/07/2015 08:06:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: WmiApRplWmiApRpl8F20300004D070000
     
    Error: (02/07/2015 08:06:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: Performance1637070000000000000000000009030000
     

    • 0

    #4
    RKinner
    Posted 07 February 2015 - 10:50 PM

    RKinner

      Malware Expert

    • Expert
    • 24,625 posts
    • MVP
    Miissing the logs from the first two scan.
     
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
    Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
    Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
    Java 8 Update 25 
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
     
    Uninstall Private Internet Access 
     
    I don't trust it.
     
     
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     

    • 0

    #5
    xx255q
    Posted 07 February 2015 - 11:51 PM

    xx255q

      New Member

    • Topic Starter
    • Member
    • Pip
    • 3 posts

    I had PIA long before this was an issue and if I would have known you would delete it form my system I would not have put in your fix

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
    Ran by owner at 2015-02-08 00:43:40 Run:1
    Running from C:\Users\owner\Downloads
    Loaded Profiles: owner (Available profiles: owner)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\MountPoints2: {4b646caf-9fb5-11e3-b91e-902b34d78a11} - I:\setup.exe
    HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\MountPoints2: {4b646cb3-9fb5-11e3-b91e-902b34d78a11} - J:\setup.exe
    HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk
    ShortcutTarget: Universal Media Server.lnk -> E:\Universal Media Server\UMS.exe (No File)
    Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
    ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKU\S-1-5-21-573133789-2448633893-1897578077-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
    FF Plugin HKU\S-1-5-21-573133789-2448633893-1897578077-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Extension: VisualBee V.1  - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bjpwsxcw.default\Extensions\{7aeae561-714b-45f6-ace3-4a8aed6e227b} [2013-08-19]
    FF Extension: KeyBar 1.14  - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bjpwsxcw.default\Extensions\{da51d4f6-3e7e-4ef8-b400-9198e0874606} [2013-08-14]
    CHR HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    CHR HKU\S-1-5-21-573133789-2448633893-1897578077-1000\...\Chrome\Extension: [nlndmljfcnlkbcbbneenigbpikmdfcdh] - C:\Users\owner\AppData\Local\CRE\nlndmljfcnlkbcbbneenigbpikmdfcdh.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [nlndmljfcnlkbcbbneenigbpikmdfcdh] - C:\Users\owner\AppData\Local\CRE\nlndmljfcnlkbcbbneenigbpikmdfcdh.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [npffmjkglbnioaoncpfmdbmehnbcldfh] - C:\Program Files (x86)\LyricSing\130.crx [Not Found]
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
    C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\bin\rubyw.exe
    C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\bin\rubyw.exe  
    CustomCLSID: HKU\S-1-5-21-573133789-2448633893-1897578077-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-573133789-2448633893-1897578077-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-573133789-2448633893-1897578077-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    Task: {D216DF2F-619C-441E-AD0C-81667AE462E8} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-11-06] () 
    Task: {EC4FBB94-D832-47F1-9A61-865157EF7C25} - System32\Tasks\{678913D9-D830-4DAE-B6B7-4CC3832129E4} => pcalua.exe -a E:\install.exe -d E:\
    C:\Program Files\pia_manager
    AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:9zLnXRvkdwi47pojpmzEF28
    AlternateDataStreams: C:\ProgramData\Microsoft:bSK6ijKzgcvMr4lBSW6Vmpo
    AlternateDataStreams: C:\ProgramData\Microsoft:hxxYgea2jO3OnlIHojIPARbdB9Z4r
     
     
     
     
    *****************
     
    "HKU\S-1-5-21-573133789-2448633893-1897578077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b646caf-9fb5-11e3-b91e-902b34d78a11}" => Key deleted successfully.
    HKCR\CLSID\{4b646caf-9fb5-11e3-b91e-902b34d78a11} => Key not found. 
    "HKU\S-1-5-21-573133789-2448633893-1897578077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b646cb3-9fb5-11e3-b91e-902b34d78a11}" => Key deleted successfully.
    HKCR\CLSID\{4b646cb3-9fb5-11e3-b91e-902b34d78a11} => Key not found. 
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk => Moved successfully.
    E:\Universal Media Server\UMS.exe not found.
    C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk => Moved successfully.
    C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe not found.
    C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-21-573133789-2448633893-1897578077-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
    HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin" => Key deleted successfully.
    "HKU\S-1-5-21-573133789-2448633893-1897578077-1000\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
    C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
    C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bjpwsxcw.default\Extensions\{7aeae561-714b-45f6-ace3-4a8aed6e227b} => Moved successfully.
    C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bjpwsxcw.default\Extensions\{da51d4f6-3e7e-4ef8-b400-9198e0874606} => Moved successfully.
    "HKU\S-1-5-21-573133789-2448633893-1897578077-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
    "HKU\S-1-5-21-573133789-2448633893-1897578077-1000\SOFTWARE\Google\Chrome\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\npffmjkglbnioaoncpfmdbmehnbcldfh" => Key deleted successfully.
    taphss6 => Service deleted successfully.
    C:\Users\owner\AppData\Local\Temp\ocr7C8E.tmp\bin\rubyw.exe => Moved successfully.
    C:\Users\owner\AppData\Local\Temp\ocr975E.tmp\bin\rubyw.exe => Moved successfully.
    "HKU\S-1-5-21-573133789-2448633893-1897578077-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
    "HKU\S-1-5-21-573133789-2448633893-1897578077-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
    "HKU\S-1-5-21-573133789-2448633893-1897578077-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D216DF2F-619C-441E-AD0C-81667AE462E8}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D216DF2F-619C-441E-AD0C-81667AE462E8}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Private Internet Access Startup => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Private Internet Access Startup" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC4FBB94-D832-47F1-9A61-865157EF7C25}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC4FBB94-D832-47F1-9A61-865157EF7C25}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{678913D9-D830-4DAE-B6B7-4CC3832129E4} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{678913D9-D830-4DAE-B6B7-4CC3832129E4}" => Key deleted successfully.
     
    "C:\Program Files\pia_manager" directory move:
     
    C:\Program Files\pia_manager\installer_win (1).exe => Moved successfully.
    C:\Program Files\pia_manager\installer_win.exe => Moved successfully.
    C:\Program Files\pia_manager\libeay32.dll => Moved successfully.
    C:\Program Files\pia_manager\liblzo2-2.dll => Moved successfully.
    C:\Program Files\pia_manager\libpkcs11-helper-1.dll => Moved successfully.
    C:\Program Files\pia_manager\Microsoft.VC90.CRT.manifest => Moved successfully.
    C:\Program Files\pia_manager\msvcr90.dll => Moved successfully.
    C:\Program Files\pia_manager\OemWin2k.inf => Moved successfully.
    C:\Program Files\pia_manager\openvpn.exe => Moved successfully.
    C:\Program Files\pia_manager\pia.msi => Moved successfully.
    C:\Program Files\pia_manager\pia_manager.exe => Moved successfully.
    C:\Program Files\pia_manager\pia_startup_task.xml => Moved successfully.
    C:\Program Files\pia_manager\privateinternetaccess.exe => Moved successfully.
    C:\Program Files\pia_manager\reinstall_tap.bat => Moved successfully.
    C:\Program Files\pia_manager\run_on_startup => Moved successfully.
    C:\Program Files\pia_manager\ssleay32.dll => Moved successfully.
    C:\Program Files\pia_manager\tap0901.cat => Moved successfully.
    C:\Program Files\pia_manager\tap0901.sys => Moved successfully.
    C:\Program Files\pia_manager\tapinstall.exe => Moved successfully.
    C:\Program Files\pia_manager\tmp\4f61parzlrhtscn4d734k3zu1 => Moved successfully.
    C:\Program Files\pia_manager\tmp\7zvofdruzebd4tb8lgeq0ze3b => Moved successfully.
    C:\Program Files\pia_manager\tmp\edkleaaowd7k5w8o2aw58mb64 => Moved successfully.
    Could not move "C:\Program Files\pia_manager\tmp\pia_tray_shutdown.txt" => Scheduled to move on reboot.
    C:\Program Files\pia_manager\pia_tray\manifest => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\pia_tray.exe => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\tiapp.xml => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\cairo.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\icudt40.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\icuin40.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\icuuc40.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\JavaScriptCore.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\kboot.exe => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll.manifest => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libcurl.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libeay32.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libpng13.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxslt.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\objc.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoCrypto.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoData.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNetSSL.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoSQLite.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoZip.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\pthreadVC2.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\rootcert.pem => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\SQLite3.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\ssleay32.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\Info.plist => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\AbstractTimelinePanel.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\AuditCategories.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\AuditLauncherView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\AuditResultView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\AuditRules.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\audits.css => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\AuditsPanel.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\BottomUpProfileDataGridTree.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Breakpoint.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\BreakpointsSidebarPane.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Callback.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\CallStackSidebarPane.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ChangesView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Checkbox.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Color.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ConsolePanel.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ConsoleView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ContextMenu.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\CookieItemsView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Database.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\DatabaseQueryView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\DatabaseTableView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\DataGrid.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\DOMAgent.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\DOMStorage.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\DOMStorageItemsView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\DOMSyntaxHighlighter.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Drawer.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ElementsPanel.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ElementsTreeOutline.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\EventListenersSidebarPane.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\FontView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ImageView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\InjectedFakeWorker.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\InjectedScript.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\InjectedScriptAccess.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\inspector.css => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\inspector.html => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\inspector.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\InspectorBackendStub.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\InspectorFrontendHostStub.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\inspectorSyntaxHighlight.css => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\KeyboardShortcut.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\MetricsSidebarPane.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\NativeTextViewer.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Object.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ObjectPropertiesSection.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ObjectProxy.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Panel.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\PanelEnablerView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Placard.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\popover.css => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Popover.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Popup.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ProfileDataGridTree.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ProfilesPanel.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ProfileView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\PropertiesSection.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\PropertiesSidebarPane.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Resource.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ResourceCategory.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ResourcesPanel.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ResourceView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ScopeChainSidebarPane.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Script.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ScriptsPanel.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\ScriptView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Section.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Settings.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\SidebarPane.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\SidebarTreeElement.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\SourceCSSTokenizer.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\SourceCSSTokenizer.re2js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\SourceFrame.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\SourceHTMLTokenizer.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\SourceHTMLTokenizer.re2js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\SourceJavaScriptTokenizer.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\SourceJavaScriptTokenizer.re2js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\SourceTokenizer.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\SourceView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\StatusBarButton.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\StoragePanel.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\StylesSidebarPane.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\SummaryBar.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\TestController.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\textEditor.css => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\TextEditor.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\TextEditorHighlighter.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\TextEditorModel.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\TextPrompt.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\textViewer.css => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\TextViewer.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\TimelineAgent.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\TimelineGrid.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\TimelineOverviewPane.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\TimelinePanel.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\TopDownProfileDataGridTree.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\treeoutline.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\utilities.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\View.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\WatchExpressionsSidebarPane.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\WebKit.qrc => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\WelcomeView.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\WorkersSidebarPane.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\auditsIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\back.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\breakpointBorder.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\breakpointConditionalBorder.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\breakpointConditionalCounterBorder.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\breakpointCounterBorder.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\breakpointsActivateButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\breakpointsDeactivateButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\checker.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\clearConsoleButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\closeButtons.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\consoleButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\consoleIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\cookie.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\database.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\databaseTable.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\debuggerContinue.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\debuggerPause.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\debuggerStepInto.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\debuggerStepOut.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\debuggerStepOver.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\disclosureTriangleSmallDown.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\disclosureTriangleSmallDownBlack.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\disclosureTriangleSmallDownWhite.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\disclosureTriangleSmallRight.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\disclosureTriangleSmallRightBlack.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\disclosureTriangleSmallRightDown.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\disclosureTriangleSmallRightDownBlack.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\disclosureTriangleSmallRightDownWhite.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\disclosureTriangleSmallRightWhite.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\dockButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\elementsIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\enableOutlineButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\enableSolidButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\errorIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\errorMediumIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\errorRedDot.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\excludeButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\focusButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\forward.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\gearButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\glossyHeader.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\glossyHeaderPressed.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\glossyHeaderSelected.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\glossyHeaderSelectedPressed.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\goArrow.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\graphLabelCalloutLeft.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\graphLabelCalloutRight.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\grayConnectorPoint.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\largerResourcesButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\localStorage.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\nodeSearchButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\paneBottomGrow.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\paneBottomGrowActive.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\paneGrowHandleLine.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\paneSettingsButtons.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\pauseOnExceptionButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\percentButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\popoverArrows.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\popoverBackground.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\profileGroupIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\profileIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\profilesIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\profileSmallIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\profilesSilhouette.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\programCounterBorder.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\radioDot.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\recordButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\recordToggledButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\reloadButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\resourceCSSIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\resourceDocumentIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\resourceDocumentIconSmall.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\resourceJSIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\resourcePlainIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\resourcePlainIconSmall.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\resourcesIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\resourcesSilhouette.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\resourcesSizeGraphIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\resourcesTimeGraphIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\scriptsIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\scriptsSilhouette.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\searchSmallBlue.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\searchSmallBrightBlue.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\searchSmallGray.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\searchSmallWhite.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\segment.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\segmentEnd.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\segmentHover.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\segmentHoverEnd.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\segmentSelected.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\segmentSelectedEnd.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\sessionStorage.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\spinner.gif => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\splitviewDimple.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\splitviewDividerBackground.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\statusbarBackground.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\statusbarBottomBackground.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\statusbarButtons.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\statusbarMenuButton.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\statusbarMenuButtonSelected.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\statusbarResizerHorizontal.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\statusbarResizerVertical.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\storageIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\successGreenDot.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\thumbActiveHoriz.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\thumbActiveVert.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\thumbHoriz.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\thumbHoverHoriz.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\thumbHoverVert.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\thumbVert.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineBarBlue.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineBarGray.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineBarGreen.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineBarOrange.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineBarPurple.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineBarRed.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineBarYellow.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineCheckmarks.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineDots.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineHollowPillBlue.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineHollowPillGray.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineHollowPillGreen.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineHollowPillOrange.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineHollowPillPurple.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineHollowPillRed.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineHollowPillYellow.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelineIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelinePillBlue.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelinePillGray.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelinePillGreen.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelinePillOrange.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelinePillPurple.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelinePillRed.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\timelinePillYellow.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\toolbarItemSelected.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\trackHoriz.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\trackVert.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\treeDownTriangleBlack.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\treeDownTriangleWhite.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\treeRightTriangleBlack.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\treeRightTriangleWhite.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\treeUpTriangleBlack.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\treeUpTriangleWhite.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\undockButtonGlyph.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\userInputIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\userInputPreviousIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\userInputResultIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\warningIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\warningMediumIcon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\warningOrangeDot.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\warningsErrors.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\inspector\Images\whiteConnectorPoint.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\en.lproj\Localizable.strings => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.resources\en.lproj\localizedStrings.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\JavaScriptCore.resources\Info.plist => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.resources\CFCharacterSetBitmaps.bitmap => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.resources\CFUniCharPropertyDatabase.data => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.resources\CFUnicodeData-L.mapping => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.resources\Info.plist => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\default_app_logo.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\default_app_logo_d.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\icon-mono.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\icon.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\icon_c-mono.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\icon_c.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\icon_d-mono.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\icon_d.png => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\index.html => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\settings.html => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\_converted_icon.ico => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\javascript\common.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\javascript\jquery.min.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\javascript\main.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\javascript\settings.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\css\design.css => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\Resources\css\paste.css => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\default.css => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\jquery-1.3.2.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tinotification.html => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll.manifest => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\ui.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll.manifest => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll.manifest => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\update.html => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll.manifest => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.js => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll.manifest => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\installer\installer.exe => Moved successfully.
    C:\Program Files\pia_manager\pia_tray\installer\installer.exe.manifest => Moved successfully.
    Could not move "C:\Program Files\pia_manager\log\openvpn.log" => Scheduled to move on reboot.
    C:\Program Files\pia_manager\log\openvpn.pid => Moved successfully.
    Could not move "C:\Program Files\pia_manager\log\pia_manager.log" => Scheduled to move on reboot.
    C:\Program Files\pia_manager\log\pia_manager.pid => Moved successfully.
    C:\Program Files\pia_manager\log\pia_manager_loop.pid => Moved successfully.
    C:\Program Files\pia_manager\log\pia_tray.1422381650.log => Moved successfully.
    Could not move "C:\Program Files\pia_manager\log\pia_tray.1423357293.log" => Scheduled to move on reboot.
    C:\Program Files\pia_manager\data\ca.crt => Moved successfully.
    C:\Program Files\pia_manager\data\client_id.txt => Moved successfully.
    Could not move "C:\Program Files\pia_manager\data\command_file.txt" => Scheduled to move on reboot.
    C:\Program Files\pia_manager\data\connection_details.json => Moved successfully.
    C:\Program Files\pia_manager\data\dnsleak.json => Moved successfully.
    C:\Program Files\pia_manager\data\ipv6leak.json => Moved successfully.
    C:\Program Files\pia_manager\data\killswitch_state.json => Moved successfully.
    C:\Program Files\pia_manager\data\latencies.txt => Moved successfully.
    C:\Program Files\pia_manager\data\region_data.txt => Moved successfully.
    C:\Program Files\pia_manager\data\settings.json => Moved successfully.
    Could not move "C:\Program Files\pia_manager\data\status_file.txt" => Scheduled to move on reboot.
    Could not move "C:\Program Files\pia_manager" directory. => Scheduled to move on reboot.
     
    C:\Program Files\Common Files\Microsoft Shared => ":9zLnXRvkdwi47pojpmzEF28" ADS removed successfully.
    C:\ProgramData\Microsoft => ":bSK6ijKzgcvMr4lBSW6Vmpo" ADS removed successfully.
    C:\ProgramData\Microsoft => ":hxxYgea2jO3OnlIHojIPARbdB9Z4r" ADS removed successfully.
     
    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-08 00:44:47)<=
     
    C:\Program Files\pia_manager\tmp\pia_tray_shutdown.txt => Is moved successfully.
    C:\Program Files\pia_manager\log\openvpn.log => Is moved successfully.
    C:\Program Files\pia_manager\log\pia_manager.log => Is moved successfully.
    C:\Program Files\pia_manager\log\pia_tray.1423357293.log => Is moved successfully.
    C:\Program Files\pia_manager\data\command_file.txt => Is moved successfully.
    C:\Program Files\pia_manager\data\status_file.txt => Is moved successfully.
    C:\Program Files\pia_manager => Is moved successfully.
     
    ==== End of Fixlog 00:44:47 ====

    • 0

    #6
    RKinner
    Posted 08 February 2015 - 08:38 AM

    RKinner

      Malware Expert

    • Expert
    • 24,625 posts
    • MVP

    Sorry about PIA.  You can reinstall it when we are done.

     

    Any change in the original problem?

     

    Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.


    • 0
    Back to Virus, Spyware, Malware Removal · Next Unread Topic →




    Similar Topics


    Also tagged with one or more of these keywords: sup, redirect, Google Chrome

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    1. Geeks to Go Community
    2. Security
    3. Virus, Spyware, Malware Removal

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP