Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

New Computer Infected [Closed]


  • This topic is locked This topic is locked

#1
jacquelynmdelp

jacquelynmdelp

    New Member

  • Member
  • Pip
  • 4 posts

Yesterday I started my Sager laptop for the first time and I am already experiencing some troubles with it that I believe are virus-related. Ads keep popping up on Chrome, even though my pop up blocker is turned on. I have Norton and Malwarebytes for security. Each time I run both there are multiple threats detected that neither can completely clean. I would very much appreciate any help fixing the problem. Thank you!

 

FRST Notepad:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Jacque (administrator) on JACKOLANTERN on 14-06-2015 09:45:32
Running from C:\Users\Jacque\Desktop
Loaded Profiles: Jacque (Available Profiles: Jacque)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Insyde Software Corp.) C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Users\Jacque\AppData\Local\wd\wd.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HkeyTray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\hotkeyrtk.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\hkysound.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\ComboKeyTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\nacl64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323312 2014-12-10] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13874904 2015-01-06] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164112 2015-05-16] (IvoSoft)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112000 2013-06-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKU\S-1-5-21-1157567477-2997239086-3482523948-1001\...\Run: [GoogleChromeAutoLaunch_A40EFE708B5D4B1DB0CAEC94E43AA80A] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-1157567477-2997239086-3482523948-1001\...\Run: [WatchDog] => C:\Users\Jacque\AppData\Local\wd\wd.exe [232064 2015-06-01] ()
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File not found
AppInit_DLLs:  C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" File not found
AppInit_DLLs-x32:  C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2015-06-02]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1157567477-2997239086-3482523948-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKU\S-1-5-21-1157567477-2997239086-3482523948-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1157567477-2997239086-3482523948-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1157567477-2997239086-3482523948-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-05-16] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1157567477-2997239086-3482523948-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-14] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2015-06-14]
 
Chrome: 
=======
CHR Profile: C:\Users\Jacque\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jacque\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-14]
CHR Extension: (Google Docs) - C:\Users\Jacque\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-14]
CHR Extension: (Google Drive) - C:\Users\Jacque\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-14]
CHR Extension: (YouTube) - C:\Users\Jacque\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-14]
CHR Extension: (Google Search) - C:\Users\Jacque\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-14]
CHR Extension: (Google Sheets) - C:\Users\Jacque\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-14]
CHR Extension: (Norton Identity Safe) - C:\Users\Jacque\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jacque\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-14]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jacque\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-06-14]
CHR Extension: (Google Wallet) - C:\Users\Jacque\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-14]
CHR Extension: (Gmail) - C:\Users\Jacque\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-14]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-06-14]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-06-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-06-02] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-06-02] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
R2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [246272 2014-10-29] (Insyde Software Corp.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19184 2014-12-10] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-13] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-03] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [24064 2014-12-05] (CLEVO CO.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)
S2 EraserSvc11510; "C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe" /h ccCommon [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [26888 2013-06-26] (Insyde Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150602.001\BHDrvx64.sys [1640152 2015-06-02] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-14] (Symantec Corporation)
R0 FPWinIo; C:\Windows\System32\drivers\FPWinIo.sys [83688 2013-08-08] (Egis Technology Inc.)
R3 HKKbdFltr; C:\Windows\system32\DRIVERS\HKKbdFltr.sys [41160 2014-10-29] (Insyde Software Corp.)
R3 HKMouFltr; C:\Windows\system32\DRIVERS\HKMouFltr.sys [40136 2014-10-29] (Insyde Software Corp.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [219592 2014-08-13] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150612.001\IDSvia64.sys [684248 2015-06-12] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150613.001\ENG64.SYS [129752 2014-11-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150613.001\EX64.SYS [2137304 2014-11-15] (Symantec Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3479528 2014-08-21] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [506072 2014-07-02] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-01-09] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows ® Win 7 DDK provider)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1507000.00B\SymELAM.sys [23568 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-06-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-14 09:45 - 2015-06-14 09:45 - 00021938 _____ C:\Users\Jacque\Desktop\FRST.txt
2015-06-14 09:44 - 2015-06-14 09:45 - 00000000 ____D C:\FRST
2015-06-14 09:43 - 2015-06-14 09:43 - 02109952 _____ (Farbar) C:\Users\Jacque\Desktop\FRST64.exe
2015-06-14 09:23 - 2015-06-14 09:23 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-06-14 09:13 - 2015-06-14 09:17 - 00067632 _____ (Symantec Corporation) C:\Windows\system32\msln.exe
2015-06-14 09:08 - 2015-06-14 09:26 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-14 09:08 - 2015-06-14 09:13 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-14 09:08 - 2015-06-14 09:08 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-14 09:08 - 2015-06-14 09:08 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-14 09:08 - 2015-06-14 09:08 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-14 09:08 - 2015-06-14 09:08 - 00000000 ____D C:\Users\Jacque\AppData\Local\Google
2015-06-14 09:08 - 2015-06-14 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-14 09:08 - 2015-06-14 09:08 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-14 08:48 - 2015-06-14 08:48 - 00000000 ____D C:\Users\Jacque\AppData\Local\CrashDumps
2015-06-14 08:46 - 2015-06-14 09:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-14 08:45 - 2015-06-14 09:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-14 08:45 - 2015-06-14 08:45 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-14 08:45 - 2015-06-14 08:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-14 08:45 - 2015-06-14 08:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-14 08:45 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-14 08:45 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-14 08:45 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-14 08:43 - 2015-06-14 08:44 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Jacque\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-14 08:43 - 2015-06-14 08:44 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Jacque\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-06-14 08:42 - 2015-06-14 08:42 - 00000000 ____D C:\Users\Jacque\Documents\Symantec
2015-06-14 08:38 - 2015-06-14 09:17 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-06-14 08:38 - 2015-06-14 09:17 - 00002346 _____ C:\Users\Public\Desktop\Norton 360.lnk
2015-06-14 08:38 - 2015-06-14 09:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-06-14 08:38 - 2015-06-14 09:17 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-06-14 08:38 - 2015-06-14 08:38 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-06-14 08:38 - 2015-06-14 08:38 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-06-14 08:38 - 2015-06-14 08:38 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-06-14 08:38 - 2015-06-14 08:38 - 00000000 ____D C:\Program Files (x86)\Norton 360
2015-06-14 08:10 - 2015-06-14 08:42 - 00000000 ____D C:\ProgramData\Norton
2015-06-14 08:10 - 2015-06-14 08:10 - 01021968 _____ (Symantec Corporation) C:\Users\Jacque\Downloads\NortonN360Downloader.exe
2015-06-14 08:10 - 2015-06-14 08:10 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-06-14 07:57 - 2015-06-14 09:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-14 07:57 - 2015-06-14 07:57 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-14 07:56 - 2015-06-14 07:57 - 00000000 ____D C:\Users\Jacque\AppData\Local\Adobe
2015-06-14 07:31 - 2015-06-14 07:31 - 00000046 _____ C:\Users\Jacque\AppData\Roaming\WB.CFG
2015-06-13 21:25 - 2015-06-13 21:25 - 00003630 _____ C:\Windows\System32\Tasks\Kekuysefc
2015-06-13 21:25 - 2015-06-13 21:25 - 00000045 _____ C:\user.js
2015-06-13 21:25 - 2015-06-13 21:25 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2015-06-13 20:56 - 2015-06-13 20:56 - 00000005 _____ C:\end
2015-06-13 20:51 - 2015-06-13 20:51 - 00001453 _____ C:\Users\Jacque\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-13 20:50 - 2015-06-14 09:17 - 00000000 ____D C:\Users\Jacque\AppData\Local\ClassicShell
2015-06-13 20:50 - 2015-06-13 20:50 - 00000000 ____D C:\Users\Jacque\AppData\Roaming\ClassicShell
2015-06-13 20:47 - 2015-06-14 09:17 - 00000000 ____D C:\Users\Jacque\AppData\Local\wd
2015-06-13 20:47 - 2015-06-13 20:57 - 00001376 _____ C:\Users\Jacque\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromatic.lnk
2015-06-13 20:47 - 2015-06-13 20:47 - 00000000 ____D C:\Users\Jacque\AppData\Roaming\QuickScan
2015-06-13 20:47 - 2015-06-13 20:47 - 00000000 ____D C:\Users\Jacque\AppData\Local\Chromatic
2015-06-13 20:47 - 2015-06-13 20:47 - 00000000 ____D C:\temp
2015-06-13 20:46 - 2015-06-13 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-13 20:46 - 2015-06-13 20:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-13 20:45 - 2015-06-14 09:24 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-06-13 20:45 - 2015-06-14 07:12 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-13 20:45 - 2015-06-13 20:45 - 00000000 ____D C:\Users\Jacque\AppData\Local\globalUpdate
2015-06-13 20:44 - 2015-06-13 20:44 - 00000000 ____D C:\ProgramData\ClassicShell
2015-06-13 20:43 - 2015-06-14 09:15 - 00000000 ____D C:\ProgramData\0f3b5471928b4fd3834dad205fba7597
2015-06-13 20:43 - 2015-06-13 20:43 - 00003570 _____ C:\Windows\System32\Tasks\DFOZSNJILP
2015-06-13 20:43 - 2015-06-13 20:43 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-06-13 20:40 - 2015-06-13 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-06-13 20:40 - 2015-06-13 20:40 - 00000000 ____D C:\Program Files\Classic Shell
2015-06-13 20:32 - 2015-06-14 09:16 - 00000000 ____D C:\Users\Jacque\AppData\Local\165BFA80-1434227555-0000-0000-000000000000
2015-06-13 20:32 - 2015-06-13 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCAcceleratePro
2015-06-13 20:32 - 2015-06-13 20:32 - 00000000 ____D C:\Users\Jacque\AppData\Roaming\PCAcceleratePro
2015-06-13 20:32 - 2015-06-13 20:32 - 00000000 ____D C:\ProgramData\PCAcceleratePro
2015-06-13 20:32 - 2013-08-22 09:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-13 20:31 - 2015-06-14 09:13 - 00000000 ____D C:\Program Files (x86)\OSDownloader
2015-06-13 20:31 - 2015-06-14 08:58 - 00000000 ____D C:\Program Files (x86)\DCLoader
2015-06-13 20:31 - 2015-06-13 20:31 - 00000003 _____ C:\Windows\SysWOW64\2.txt
2015-06-13 20:31 - 2015-06-13 20:31 - 00000003 _____ C:\Windows\SysWOW64\1.txt
2015-06-13 20:25 - 2015-06-14 07:15 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{665F097F-63BB-4822-81B7-CD5CB47BABCB}
2015-06-13 20:25 - 2015-06-13 20:25 - 00000000 __SHD C:\Users\Jacque\AppData\Local\EmieUserList
2015-06-13 20:25 - 2015-06-13 20:25 - 00000000 __SHD C:\Users\Jacque\AppData\Local\EmieSiteList
2015-06-13 20:25 - 2015-06-13 20:25 - 00000000 ____D C:\Users\Jacque\AppData\Roaming\Macromedia
2015-06-13 20:25 - 2015-06-13 20:25 - 00000000 ____D C:\Users\Jacque\AppData\Local\GWX
2015-06-13 19:35 - 2015-06-14 09:31 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1157567477-2997239086-3482523948-1001
2015-06-13 19:31 - 2015-06-13 19:31 - 00000000 ____D C:\Users\Jacque\AppData\Roaming\Intel Corporation
2015-06-13 19:30 - 2015-06-13 19:31 - 00000000 ____D C:\Users\Jacque\AppData\Local\NVIDIA Corporation
2015-06-13 19:30 - 2015-06-13 19:30 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-06-13 19:30 - 2015-06-13 19:30 - 00000020 ___SH C:\Users\Jacque\ntuser.ini
2015-06-13 19:30 - 2015-06-13 19:30 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-13 19:30 - 2015-06-13 19:30 - 00000000 ____D C:\Users\Jacque\AppData\Roaming\Intel
2015-06-13 19:30 - 2015-06-13 19:30 - 00000000 ____D C:\Users\Jacque\AppData\Roaming\Adobe
2015-06-13 19:30 - 2015-06-13 19:30 - 00000000 ____D C:\Users\Jacque\AppData\Local\VirtualStore
2015-06-13 19:30 - 2015-06-13 19:30 - 00000000 ____D C:\Users\Jacque\AppData\Local\Packages
2015-06-13 19:30 - 2015-06-13 19:30 - 00000000 ____D C:\Users\Jacque\AppData\Local\NVIDIA
2015-06-13 19:30 - 2015-06-13 19:30 - 00000000 ____D C:\Users\Jacque\AppData\Local\Creative
2015-06-13 19:30 - 2015-06-13 19:30 - 00000000 ____D C:\Users\Jacque
2015-06-13 19:30 - 2014-03-18 06:33 - 00000000 ___RD C:\Users\Jacque\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-13 19:30 - 2014-03-18 06:33 - 00000000 ___RD C:\Users\Jacque\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-13 19:30 - 2014-03-18 06:13 - 00000369 _____ C:\Users\Jacque\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-13 19:30 - 2014-03-18 06:13 - 00000369 _____ C:\Users\Jacque\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-13 19:30 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Jacque\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-13 19:30 - 2013-08-22 11:36 - 00000000 ____D C:\Users\Jacque\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-13 19:28 - 2015-06-13 20:53 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-13 19:28 - 2015-06-13 19:28 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-13 19:28 - 2015-06-02 13:47 - 02502928 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-06-13 19:28 - 2015-06-02 13:47 - 02209080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-06-13 19:28 - 2015-06-02 13:47 - 00129120 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
2015-06-13 19:28 - 2015-06-02 13:47 - 00110576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
2015-06-13 19:28 - 2015-05-15 18:01 - 00133288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-13 19:28 - 2015-05-15 17:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-13 19:28 - 2015-05-15 16:47 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-13 19:28 - 2015-05-15 16:23 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-13 19:28 - 2015-05-15 15:42 - 03682304 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-13 19:28 - 2015-05-15 15:32 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-13 19:28 - 2015-05-15 15:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-13 19:28 - 2015-05-15 15:28 - 02223104 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-13 19:28 - 2015-05-15 15:28 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-06-13 19:28 - 2015-05-15 15:28 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-13 19:28 - 2015-05-15 15:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-13 19:28 - 2015-05-15 15:21 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-13 19:28 - 2015-05-15 15:21 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-13 19:28 - 2015-05-15 15:19 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-13 19:28 - 2015-05-15 15:19 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-13 19:28 - 2015-03-13 21:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-13 19:28 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-13 19:28 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-06-13 19:28 - 2014-10-18 02:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-06-02 15:05 - 2015-06-02 15:05 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1157567477-2997239086-3482523948-500
2015-06-02 15:02 - 2015-06-14 09:27 - 00006464 _____ C:\Windows\SysWOW64\Gms.log
2015-06-02 15:01 - 2015-06-02 15:01 - 00000000 ____D C:\ProgramData\Creative
2015-06-02 14:57 - 2015-06-02 14:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_HKMouFltr_01009.Wdf
2015-06-02 14:57 - 2015-06-02 14:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_HKKbdFltr_01009.Wdf
2015-06-02 14:56 - 2015-06-14 09:17 - 00000000 ____D C:\Program Files (x86)\Hotkey
2015-06-02 14:56 - 2015-06-02 14:56 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-06-02 14:56 - 2015-06-02 14:56 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-06-02 14:56 - 2015-06-02 14:56 - 00123480 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-06-02 14:56 - 2015-06-02 14:56 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-06-02 14:56 - 2015-06-02 14:56 - 00000219 ___RH C:\Windows\ctfile.rfc
2015-06-02 14:56 - 2015-06-02 14:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-06-02 14:56 - 2015-06-02 14:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_AirplaneModeHid_01011.Wdf
2015-06-02 14:56 - 2015-06-02 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2015-06-02 14:56 - 2015-06-02 14:56 - 00000000 ____D C:\Program Files\Insyde
2015-06-02 14:56 - 2015-06-02 14:56 - 00000000 ____D C:\Program Files\DIFX
2015-06-02 14:56 - 2015-06-02 14:56 - 00000000 ____D C:\Program Files\Creative
2015-06-02 14:56 - 2015-06-02 14:56 - 00000000 ____D C:\Program Files (x86)\Creative
2015-06-02 14:56 - 2014-10-29 20:13 - 00040136 _____ (Insyde Software Corp.) C:\Windows\system32\Drivers\HKMouFltr.sys
2015-06-02 14:56 - 2014-10-29 20:12 - 00041160 _____ (Insyde Software Corp.) C:\Windows\system32\Drivers\HKKbdFltr.sys
2015-06-02 14:56 - 2014-09-05 19:19 - 00057613 _____ C:\Windows\MBSpkrEQ.cfg
2015-06-02 14:56 - 2014-05-28 13:16 - 00012288 _____ (Windows ® 2000 DDK provider) C:\Windows\SysWOW64\CLEVOMOF.dll
2015-06-02 14:56 - 2013-07-31 19:55 - 00010752 _____ (Microsoft) C:\Windows\SysWOW64\BTControl.exe
2015-06-02 14:56 - 2013-07-03 17:11 - 00038528 ____N (Creative Technology Ltd.) C:\Windows\system32\MBCfg64.dll
2015-06-02 14:56 - 2013-07-03 17:11 - 00035456 ____N (Creative Technology Ltd.) C:\Windows\SysWOW64\MBCfg32.dll
2015-06-02 14:56 - 2013-04-23 13:54 - 00332928 ____N (Creative Technology Ltd.) C:\Windows\system32\ChezSC64.DLL
2015-06-02 14:56 - 2013-04-23 13:54 - 00288896 ____N (Creative Technology Ltd.) C:\Windows\SysWOW64\ChezSC32.DLL
2015-06-02 14:56 - 2013-04-23 13:54 - 00148096 ____N (Creative Technology Ltd.) C:\Windows\system32\MBCfg64.exe
2015-06-02 14:56 - 2013-04-23 13:53 - 00138880 ____N (Creative Technology Ltd.) C:\Windows\SysWOW64\MBCfg32.exe
2015-06-02 14:56 - 2013-04-23 13:53 - 00015488 ____N (Creative Technology Ltd.) C:\Windows\SysWOW64\ResDefA.exe
2015-06-02 14:56 - 2013-03-27 14:59 - 01903104 ____N (Creative) C:\Windows\system32\Sens_oal.dll
2015-06-02 14:56 - 2013-03-27 14:56 - 02906589 ____N (Creative) C:\Windows\SysWOW64\Sens_oal.dll
2015-06-02 14:56 - 2013-03-26 13:43 - 00004914 ____N C:\Windows\MBCfg_SP_APOIM.ini
2015-06-02 14:56 - 2013-03-26 13:43 - 00004862 ____N C:\Windows\MBCfg_APOIM.ini
2015-06-02 14:56 - 2013-03-26 13:43 - 00004821 ____N C:\Windows\MBCfg_HP_APOIM.ini
2015-06-02 14:56 - 2013-03-26 13:43 - 00001165 ____N C:\Windows\MBCfg_Capture_APOIM.ini
2015-06-02 14:56 - 2013-03-26 13:42 - 00013194 ____N C:\Windows\SysWOW64\MBCfg32.ini
2015-06-02 14:56 - 2013-03-26 13:42 - 00013194 ____N C:\Windows\system32\MBCfg64.ini
2015-06-02 14:56 - 2013-01-25 14:08 - 00089600 _____ C:\Windows\system32\CmdRtr64.DLL
2015-06-02 14:56 - 2013-01-25 14:07 - 00074240 _____ C:\Windows\SysWOW64\CmdRtr.DLL
2015-06-02 14:56 - 2013-01-25 14:06 - 00328704 _____ C:\Windows\system32\APOMgr64.DLL
2015-06-02 14:56 - 2013-01-25 14:04 - 00248320 _____ C:\Windows\SysWOW64\APOMngr.DLL
2015-06-02 14:56 - 2013-01-08 13:13 - 00006968 ____N C:\Windows\system32\MBCfgUninstall64.ini
2015-06-02 14:56 - 2013-01-08 13:12 - 00006968 ____N C:\Windows\SysWOW64\MBCfgUninstall32.ini
2015-06-02 14:56 - 2000-05-11 04:00 - 00090112 ____N (Creative Technology Ltd.) C:\Windows\Updreg.EXE
2015-06-02 14:53 - 2015-06-02 14:53 - 00002003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2015-06-02 14:53 - 2015-06-02 14:53 - 00000000 ____D C:\ProgramData\Intel.sav
2015-06-02 14:53 - 2015-06-02 14:53 - 00000000 ____D C:\Program Files\Common Files\Intel
2015-06-02 14:53 - 2015-06-02 14:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2015-06-02 14:52 - 2015-06-02 14:52 - 00000000 ____D C:\Windows\SysWOW64\sda
2015-06-02 14:52 - 2015-06-02 14:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-02 14:52 - 2014-07-02 01:35 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2015-06-02 14:52 - 2014-07-02 01:35 - 00506072 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys
2015-06-02 14:50 - 2015-06-02 14:56 - 00028566 _____ C:\Windows\DPINST.LOG
2015-06-02 14:50 - 2015-06-02 14:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-02 14:50 - 2015-06-02 14:52 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-06-02 14:50 - 2015-06-02 14:50 - 00002990 _____ C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2015-06-02 14:50 - 2015-06-02 14:50 - 00001370 _____ C:\Windows\Synaptics.log
2015-06-02 14:50 - 2015-06-02 14:50 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-06-02 14:50 - 2015-06-02 14:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-06-02 14:50 - 2015-06-02 14:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-06-02 14:50 - 2015-06-02 14:50 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-06-02 14:50 - 2015-06-02 14:50 - 00000000 ____D C:\Program Files\Synaptics
2015-06-02 14:50 - 2015-06-02 14:50 - 00000000 ____D C:\Program Files\Realtek
2015-06-02 14:50 - 2015-01-06 22:58 - 04367960 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-06-02 14:50 - 2015-01-06 21:05 - 01540714 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-06-02 14:50 - 2015-01-05 17:53 - 02807664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-06-02 14:50 - 2014-12-24 23:02 - 01298136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-06-02 14:50 - 2014-12-24 20:55 - 02781720 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-06-02 14:50 - 2014-12-18 17:31 - 00961240 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-06-02 14:50 - 2014-12-18 17:22 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-06-02 14:50 - 2014-12-16 22:42 - 02825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-06-02 14:50 - 2014-12-08 20:05 - 01945856 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2015-06-02 14:50 - 2014-12-08 20:05 - 01713408 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2015-06-02 14:50 - 2014-12-02 22:42 - 03218800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-06-02 14:50 - 2014-08-06 17:43 - 02860760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-06-02 14:50 - 2014-07-18 02:31 - 00874712 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2015-06-02 14:50 - 2014-07-18 02:31 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-06-02 14:50 - 2014-06-09 14:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-06-02 14:50 - 2014-04-10 16:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-06-02 14:50 - 2014-01-08 19:25 - 00397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2015-06-02 14:50 - 2013-10-11 16:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-06-02 14:50 - 2012-03-08 15:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-06-02 14:50 - 2011-12-20 19:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-06-02 14:50 - 2011-11-22 20:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-06-02 14:50 - 2010-11-08 11:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-06-02 14:50 - 2010-11-08 11:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-06-02 14:50 - 2010-11-08 11:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-06-02 14:50 - 2010-11-08 11:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-06-02 14:50 - 2010-11-08 11:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-06-02 14:50 - 2010-11-08 11:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-06-02 14:50 - 2010-11-03 22:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-06-02 14:50 - 2010-09-27 13:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-06-02 14:50 - 2009-11-24 13:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-06-02 14:50 - 2009-11-24 13:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-06-02 14:50 - 2009-11-24 13:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-06-02 14:50 - 2009-11-24 13:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-06-02 14:50 - 2009-11-18 11:12 - 00032344 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt64.sys
2015-06-02 14:47 - 2015-06-02 14:56 - 00000000 ____D C:\ProgramData\Intel
2015-06-02 14:47 - 2015-06-02 14:47 - 00836954 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-02 14:47 - 2015-06-02 14:47 - 00018716 _____ C:\Windows\system32\results.xml
2015-06-02 14:47 - 2015-06-02 14:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-06-02 14:46 - 2015-06-02 14:56 - 00000000 ____D C:\Program Files (x86)\Intel
2015-06-02 14:46 - 2015-06-02 14:46 - 00000724 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2015-06-02 14:46 - 2015-06-02 14:46 - 00000712 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2015-06-02 14:46 - 2015-06-02 14:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-02 14:46 - 2015-06-02 14:46 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-02 14:46 - 2015-06-02 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-02 14:46 - 2015-06-02 14:46 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-02 14:46 - 2015-06-02 14:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-02 14:46 - 2015-06-02 14:46 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-06-02 14:46 - 2015-03-09 09:59 - 32114320 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 24773960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 18580000 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 17256944 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 16021504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 13210768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 10774568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 10714280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 10258576 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-02 14:46 - 2015-03-09 09:59 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 03300352 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 02903992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434781.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434781.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 00907920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-02 14:46 - 2015-03-09 09:59 - 00027441 _____ C:\Windows\system32\nvinfo.pb
2015-06-02 14:46 - 2015-03-09 07:07 - 06860944 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-06-02 14:46 - 2015-03-09 07:07 - 03525952 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-06-02 14:46 - 2015-03-09 07:07 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-06-02 14:46 - 2015-03-09 07:07 - 01098384 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-06-02 14:46 - 2015-03-09 07:07 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-06-02 14:46 - 2015-03-09 07:07 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-06-02 14:46 - 2015-03-09 07:07 - 00074896 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-06-02 14:46 - 2015-03-09 07:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-06-02 14:46 - 2015-02-26 16:37 - 04239768 _____ C:\Windows\system32\nvcoproc.bin
2015-06-02 14:46 - 2015-01-16 02:40 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-02 14:46 - 2015-01-16 02:40 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-02 14:46 - 2015-01-16 02:39 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-02 14:46 - 2015-01-16 02:39 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-02 14:46 - 2014-11-22 06:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-02 14:46 - 2014-11-22 06:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-06-02 14:46 - 2014-11-22 06:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-02 14:46 - 2010-05-26 14:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-06-02 14:46 - 2010-05-26 14:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-06-02 14:46 - 2010-05-26 14:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-06-02 14:46 - 2010-05-26 14:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-06-02 14:46 - 2010-05-26 14:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-06-02 14:46 - 2010-05-26 14:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-06-02 14:45 - 2015-06-02 14:45 - 00000000 ____D C:\Intel
2015-06-02 14:45 - 2014-10-03 01:36 - 00064000 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2015-06-02 14:45 - 2014-10-03 01:36 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2015-06-02 14:44 - 2015-06-14 09:15 - 00378306 _____ C:\Windows\WindowsUpdate.log
2015-06-02 14:44 - 2015-06-02 14:56 - 00000000 ____D C:\Program Files\Intel
2015-06-02 14:44 - 2015-06-02 14:53 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-16 10:06 - 2015-05-16 10:06 - 00289040 _____ (IvoSoft) C:\Windows\system32\StartMenuHelper64.dll
2015-05-16 10:05 - 2015-05-16 10:05 - 00248080 _____ (IvoSoft) C:\Windows\SysWOW64\StartMenuHelper32.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-14 09:32 - 2014-03-18 06:03 - 00820548 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-14 09:25 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-14 09:24 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Web
2015-06-14 09:18 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-06-14 09:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-14 08:59 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-14 08:58 - 2014-03-18 05:54 - 00003422 _____ C:\Windows\PFRO.log
2015-06-13 20:54 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-13 20:50 - 2013-08-22 10:44 - 00335928 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-13 19:37 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-13 19:28 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-13 19:28 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-13 18:25 - 2014-04-08 19:01 - 00000000 ____D C:\Windows\Panther
2015-06-02 17:00 - 2013-08-22 11:37 - 00003843 _____ C:\Windows\DtcInstall.log
2015-06-02 15:43 - 2013-08-22 11:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2015-06-02 15:00 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Sysprep
2015-06-02 14:57 - 2013-08-22 10:46 - 00019173 _____ C:\Windows\setupact.log
2015-06-02 14:56 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-06-02 14:53 - 2013-08-22 09:36 - 00000000 __RHD C:\Users\Default
2015-06-02 14:46 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Help
2015-06-02 14:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Recovery
 
==================== Files in the root of some directories =======
 
2015-06-14 07:31 - 2015-06-14 07:31 - 0000046 _____ () C:\Users\Jacque\AppData\Roaming\WB.CFG
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-08 18:01
 
==================== End of log ============================
 
 
 
Addition Notepad:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Jacque at 2015-06-14 09:45:48
Running from C:\Users\Jacque\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1157567477-2997239086-3482523948-500 - Administrator - Disabled)
Guest (S-1-5-21-1157567477-2997239086-3482523948-501 - Limited - Disabled)
Jacque (S-1-5-21-1157567477-2997239086-3482523948-1001 - Administrator - Enabled) => C:\Users\Jacque
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 Premier Edition (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier Edition (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier Edition (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Airplane Mode Hid Installer (HKLM-x32\...\InstallShield_{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 2.0.0.6 - )
Airplane Mode Hid Installer (x32 Version: 2.0.0.6 - ) Hidden
App Lid (HKLM-x32\...\App Lid) (Version: 1.36.01.22 - Lid) <==== ATTENTION
AppsHat Mobile Apps (HKU\S-1-5-21-1157567477-2997239086-3482523948-1001\...\AppsHat Mobile Apps) (Version: 1.0.0.0 - Somoto Ltd.) <==== ATTENTION
Book Alter (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Book Alter)
Chromatic (HKU\S-1-5-21-1157567477-2997239086-3482523948-1001\...\Chromatic) (Version:  - )
CinemaPlus-3.2cV11.06 (HKLM-x32\...\CinemaPlus-3.2cV11.06) (Version: 1.36.01.22 - Cinema PlusV11.06) <==== ATTENTION
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
Coupoon version 1.0 (HKLM-x32\...\{49F8B4F8-0CD4-4BE4-A9E8-B13A071F7C90}_is1) (Version: 1.0 - Coupoon) <==== ATTENTION
EgisTec Fingerprint Driver (HKLM-x32\...\InstallShield_{74AB6665-AFFE-4419-BC7D-7EB3A68DE5BC}) (Version: 3.2.7.0 - Egis Technology Inc.)
FindingDiscount (HKLM-x32\...\FindingDiscount) (Version:  - )
Fingerprint Driver (x32 Version: 3.2.7.0 - Egis Technology Inc.) Hidden
FlashBeat (HKLM-x32\...\FlashBeat) (Version:  - ) <==== ATTENTION!
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hotkey 3.11.24 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 3.11.24 - )
Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut) <==== ATTENTION
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.3.0.0 - Insyde Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.6.0.1002 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{06A5031E-3B1E-4FB9-AC4C-BA0FE2706152}) (Version: 17.1.1433.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21257 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7422 - Realtek Semiconductor Corp.)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
shopperz 2.0.0.461 (HKLM\...\{cc89419d-fcd5-4a6b-aca2-09043448db22}_is1) (Version: 2.0.0.461 - shopperz)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
Sound Blaster X-Fi MB3 (HKLM-x32\...\{3689CE39-3173-4952-B7AF-F1A9D6F9A288}) (Version: 1.00.04 - Creative Technology Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.0 - Synaptics Incorporated)
Tny_Cassiopesa (HKLM-x32\...\Tny_Cassiopesa) (Version:  - Tny_Cassiopesa)
Wajam (HKLM-x32\...\WInterEnhancer) (Version: 2.32.2.41 (i2.6) - WInterEnhancer)
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass  (07/01/2013 1.3.0.0) (HKLM\...\E38E8D276444640BFCE21B5A73FD63C479B76259) (Version: 07/01/2013 1.3.0.0 - Insyde)
Word Processor Text Wrap (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - Word Processor Text Wrap) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
13-06-2015 19:28:34 Windows Modules Installer
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {163D02E2-2CA2-4436-80ED-4D05B350772F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-14] (Adobe Systems Incorporated)
Task: {1A48F8A5-B55A-4E9B-80FE-E20059E2B395} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-14] (Google Inc.)
Task: {1E5786C7-FD07-4D0E-A5CC-EEC217D94B17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-14] (Google Inc.)
Task: {68359F75-3C32-4594-8E83-AC2A3B9D4E7D} - \avabvbavad No Task File <==== ATTENTION
Task: {6E87D4C1-55D0-41BA-BC5B-A614C9548655} - System32\Tasks\DFOZSNJILP => C:\ProgramData\0f3b5471928b4fd3834dad205fba7597\0f3b5471928b4fd3834dad205fba7597.exe <==== ATTENTION
Task: {7C86FA4C-F2B3-4BF5-B1ED-67DCA26E8C6A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-21] (Microsoft Corporation)
Task: {9930B2A1-F1A6-4525-A3E2-49161AC420DD} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-22] (Microsoft Corporation)
Task: {E1462BA3-5398-4D63-8C73-55306F884244} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E482D936-6C1C-4B15-B62A-3C95C1A7CC96} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {E8EB2613-4A6B-4067-BD96-1F0F35F80281} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F3D9FCB9-90A2-47B2-8404-C3F9224DDDD1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-09] (Synaptics Incorporated)
Task: {F743062B-27A3-4E3D-881F-B3C727D39BBE} - System32\Tasks\Kekuysefc => C:\Program Files\shopperz\Aqtmxsreo.bat <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-02 14:46 - 2015-03-09 07:07 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-06-02 14:56 - 2013-01-25 14:08 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2015-06-02 14:56 - 2013-01-25 14:06 - 00328704 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2015-06-01 11:18 - 2015-06-01 11:18 - 00232064 _____ () C:\Users\Jacque\AppData\Local\wd\wd.exe
2014-03-20 14:43 - 2014-03-20 14:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-06-14 09:08 - 2015-06-05 14:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-14 09:08 - 2015-06-05 14:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\msln.exe:6c47cda21a848ae4106343c320edf2eb
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1157567477-2997239086-3482523948-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D56CFAD3-FF68-4458-9822-2EA8571358A6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B914A3E8-3E86-4784-AF13-9FCDFDC4DC7D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9D359863-748C-45A5-B6C7-932FD9EF354F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{098CC6B6-8556-48CC-822C-087E27BE1EAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{AC2557B0-D8D1-4845-9CDE-88F7796EDFD3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1C268025-C719-4F3B-AF6C-FC9C4925838F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DE575CB5-EC46-4808-8EA9-F1D50AE312B5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{9C145DEC-6FC5-4474-9E00-C016DE253D2F}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{C180EE6F-E2AC-499A-A236-E4F86F0A7164}] => (Allow) C:\Users\Jacque\AppData\Local\Chromatic\Application\chromatic.exe
FirewallRules: [{4EC41DFE-5F39-40B7-B93F-96CD890F1DCF}] => (Allow) C:\Users\Jacque\AppData\Local\Chromatic\Application\chromatic.exe
FirewallRules: [{DF9C96AC-F4CD-4543-B856-89AAC51C1DE3}] => (Allow) C:\Users\Jacque\AppData\Local\Chromatic\Utils\Updater.exe
FirewallRules: [{AE45760A-78A8-4352-8423-2058C63CA67F}] => (Allow) C:\Users\Jacque\AppData\Local\Chromatic\Utils\Updater.exe
FirewallRules: [{E6DF8BCD-D2E2-4401-9781-30620822C853}] => (Allow) C:\Users\Jacque\AppData\Local\wd\wd.exe
FirewallRules: [{53C2E9AB-5493-4C86-B44F-09BDE969A501}] => (Allow) C:\Users\Jacque\AppData\Local\wd\wd.exe
FirewallRules: [{79C2DA2A-BF8A-4556-BE5E-E111103BEA55}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{B6A2F776-8A54-4F7F-AAC8-721A5224016A}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{FFC6C79E-50DD-4D36-B765-5E6F675DBFE7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/14/2015 09:18:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FindingDiscount.exe, version: 0.0.0.0, time stamp: 0x5578a53d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x6bc
Faulting application start time: 0xFindingDiscount.exe0
Faulting application path: FindingDiscount.exe1
Faulting module path: FindingDiscount.exe2
Report Id: FindingDiscount.exe3
Faulting package full name: FindingDiscount.exe4
Faulting package-relative application ID: FindingDiscount.exe5
 
Error: (06/14/2015 09:02:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FindingDiscount.exe, version: 0.0.0.0, time stamp: 0x5578a53d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x6c4
Faulting application start time: 0xFindingDiscount.exe0
Faulting application path: FindingDiscount.exe1
Faulting module path: FindingDiscount.exe2
Report Id: FindingDiscount.exe3
Faulting package full name: FindingDiscount.exe4
Faulting package-relative application ID: FindingDiscount.exe5
 
Error: (06/14/2015 08:48:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.16384, time stamp: 0x52158827
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x005d316e
Faulting process id: 0x3404
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
 
Error: (06/14/2015 08:46:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.16384, time stamp: 0x52158827
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x005a316e
Faulting process id: 0x994
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
 
Error: (06/14/2015 08:46:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.16384, time stamp: 0x52158827
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x005a316e
Faulting process id: 0x994
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
 
Error: (06/14/2015 08:46:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WerFault.exe, version: 6.3.9600.17031, time stamp: 0x530862e8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0032316e
Faulting process id: 0x357c
Faulting application start time: 0xWerFault.exe0
Faulting application path: WerFault.exe1
Faulting module path: WerFault.exe2
Report Id: WerFault.exe3
Faulting package full name: WerFault.exe4
Faulting package-relative application ID: WerFault.exe5
 
Error: (06/14/2015 08:46:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.16384, time stamp: 0x52158827
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x005d316e
Faulting process id: 0x3404
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
 
Error: (06/14/2015 08:13:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program 0cabcc1c-e81d-4137-b2d6-0af910353607-10.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 30e8
 
Start Time: 01d0a69b5f462ba0
 
Termination Time: 58
 
Application Path: C:\Program Files (x86)\App Lid\0cabcc1c-e81d-4137-b2d6-0af910353607-10.exe
 
Report Id: c3289e93-128e-11e5-825d-605718a53a33
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/14/2015 07:56:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: flashplayer18_ha_install.exe, version: 1.0.0.19, time stamp: 0x556bd531
Faulting module name: flashplayer18_ha_install.exe, version: 1.0.0.19, time stamp: 0x556bd531
Exception code: 0xc0000005
Fault offset: 0x00004cf7
Faulting process id: 0x1e48
Faulting application start time: 0xflashplayer18_ha_install.exe0
Faulting application path: flashplayer18_ha_install.exe1
Faulting module path: flashplayer18_ha_install.exe2
Report Id: flashplayer18_ha_install.exe3
Faulting package full name: flashplayer18_ha_install.exe4
Faulting package-relative application ID: flashplayer18_ha_install.exe5
 
Error: (06/14/2015 07:12:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: user.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Faulting module name: user.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0xdc
Faulting application start time: 0xuser.exe0
Faulting application path: user.exe1
Faulting module path: user.exe2
Report Id: user.exe3
Faulting package full name: user.exe4
Faulting package-relative application ID: user.exe5
 
 
System errors:
=============
Error: (06/14/2015 09:25:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Symantec Eraser Service service failed to start due to the following error: 
%%2
 
Error: (06/14/2015 09:25:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1115
 
Error: (06/14/2015 09:25:36 AM) (Source: BROWSER) (EventID: 8017) (User: )
Description: The browser has failed to start because the dependent service LanmanWorkstation had invalid service status 4294967295%.
Status             Meaning
  1              Service Stopped
 
  2              Start Pending
 
  3              Stop Pending
 
  4              Running
 
  5              Continue Pending
 
  6              Pause Pending
 
  7              Paused
 
Error: (06/14/2015 09:18:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Subscription Clear service failed to start due to the following error: 
%%2
 
Error: (06/14/2015 09:18:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Symantec Eraser Service service failed to start due to the following error: 
%%2
 
Error: (06/14/2015 09:18:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The csrcc service failed to start due to the following error: 
%%2
 
Error: (06/14/2015 09:17:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WInterEnhancer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/14/2015 09:17:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Subscription Clear service failed to start due to the following error: 
%%2
 
Error: (06/14/2015 09:17:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The csrcc service failed to start due to the following error: 
%%2
 
Error: (06/14/2015 09:16:29 AM) (Source: DCOM) (EventID: 10010) (User: JackOLantern)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
Microsoft Office:
=========================
Error: (06/14/2015 09:18:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FindingDiscount.exe0.0.0.05578a53dunknown0.0.0.000000000c0000005000000006bc01d0a6a46f6f0fbbC:\Program Files (x86)\Windows Discount\FindingDiscount\FindingDiscount.exeunknownd85bf51e-1297-11e5-8260-605718a53a33
 
Error: (06/14/2015 09:02:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FindingDiscount.exe0.0.0.05578a53dunknown0.0.0.000000000c0000005000000006c401d0a6a1e24b25c7C:\Program Files (x86)\Windows Discount\FindingDiscount\FindingDiscount.exeunknown96388e1a-1295-11e5-825e-605718a53a33
 
Error: (06/14/2015 08:48:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.3.9600.1638452158827unknown0.0.0.000000000c000041d005d316e340401d0a6a013695e47c:\windows\syswow64\rundll32.exeunknownb5eeb4a8-1293-11e5-825d-605718a53a33
 
Error: (06/14/2015 08:46:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.3.9600.1638452158827unknown0.0.0.000000000c000041d005a316e99401d0a6a018210a04c:\windows\syswow64\rundll32.exeunknown67dfb728-1293-11e5-825d-605718a53a33
 
Error: (06/14/2015 08:46:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.3.9600.1638452158827unknown0.0.0.000000000c0000005005a316e99401d0a6a018210a04c:\windows\syswow64\rundll32.exeunknown58165108-1293-11e5-825d-605718a53a33
 
Error: (06/14/2015 08:46:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WerFault.exe6.3.9600.17031530862e8unknown0.0.0.000000000c00000050032316e357c01d0a6a01623090aC:\Windows\SysWOW64\WerFault.exeunknown57c19205-1293-11e5-825d-605718a53a33
 
Error: (06/14/2015 08:46:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.3.9600.1638452158827unknown0.0.0.000000000c0000005005d316e340401d0a6a013695e47c:\windows\syswow64\rundll32.exeunknown553fa326-1293-11e5-825d-605718a53a33
 
Error: (06/14/2015 08:13:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: 0cabcc1c-e81d-4137-b2d6-0af910353607-10.exe1.0.0.130e801d0a69b5f462ba058C:\Program Files (x86)\App Lid\0cabcc1c-e81d-4137-b2d6-0af910353607-10.exec3289e93-128e-11e5-825d-605718a53a33
 
Error: (06/14/2015 07:56:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: flashplayer18_ha_install.exe1.0.0.19556bd531flashplayer18_ha_install.exe1.0.0.19556bd531c000000500004cf71e4801d0a6992246eb37C:\Users\Jacque\Downloads\flashplayer18_ha_install.exeC:\Users\Jacque\Downloads\flashplayer18_ha_install.exe60aae95f-128c-11e5-825d-605718a53a33
 
Error: (06/14/2015 07:12:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: user.exe6.3.9600.163845579361fuser.exe6.3.9600.163845579361f4000001f00233f00dc01d0a69301aa74d5C:\Windows\SysWOW64\config\systemprofile\user.exeC:\Windows\SysWOW64\config\systemprofile\user.exe469496f1-1286-11e5-825d-605718a53a33
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 14%
Total physical RAM: 16268.39 MB
Available physical RAM: 13963.41 MB
Total Pagefile: 19212.39 MB
Available Pagefile: 16784.91 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:111.12 GB) (Free:77.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: ABEC2912)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, could you go to control panel > programmes and features and uninstall the following programmes :

App Lid
AppsHat Mobile Apps
Chromatic
CinemaPlus-3.2cV11.06
FlashBeat
Infonaut 1.10.0.14
SmartWeb
Wajam
Word Processor Text Wrap


If one will not uninstall then proceed to the next :)

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-1157567477-2997239086-3482523948-1001\...\Run: [GoogleChromeAutoLaunch_A40EFE708B5D4B1DB0CAEC94E43AA80A] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-1157567477-2997239086-3482523948-1001\...\Run: [WatchDog] => C:\Users\Jacque\AppData\Local\wd\wd.exe [232064 2015-06-01] ()
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File not found
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" File not found
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1157567477-2997239086-3482523948-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
2015-06-13 21:25 - 2015-06-13 21:25 - 00003630 _____ C:\Windows\System32\Tasks\Kekuysefc
2015-06-13 21:25 - 2015-06-13 21:25 - 00000045 _____ C:\user.js
2015-06-13 21:25 - 2015-06-13 21:25 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2015-06-13 20:56 - 2015-06-13 20:56 - 00000005 _____ C:\end
2015-06-13 20:47 - 2015-06-14 09:17 - 00000000 ____D C:\Users\Jacque\AppData\Local\wd
2015-06-13 20:47 - 2015-06-13 20:57 - 00001376 _____ C:\Users\Jacque\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromatic.lnk
2015-06-13 20:47 - 2015-06-13 20:47 - 00000000 ____D C:\Users\Jacque\AppData\Roaming\QuickScan
2015-06-13 20:47 - 2015-06-13 20:47 - 00000000 ____D C:\Users\Jacque\AppData\Local\Chromatic
2015-06-13 20:47 - 2015-06-13 20:47 - 00000000 ____D C:\temp
2015-06-13 20:45 - 2015-06-14 09:24 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-06-13 20:45 - 2015-06-14 07:12 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-13 20:45 - 2015-06-13 20:45 - 00000000 ____D C:\Users\Jacque\AppData\Local\globalUpdate
2015-06-13 20:43 - 2015-06-14 09:15 - 00000000 ____D C:\ProgramData\0f3b5471928b4fd3834dad205fba7597
2015-06-13 20:43 - 2015-06-13 20:43 - 00003570 _____ C:\Windows\System32\Tasks\DFOZSNJILP
2015-06-13 20:43 - 2015-06-13 20:43 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-06-13 20:32 - 2015-06-14 09:16 - 00000000 ____D C:\Users\Jacque\AppData\Local\165BFA80-1434227555-0000-0000-000000000000
2015-06-13 20:32 - 2015-06-13 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCAcceleratePro
2015-06-13 20:32 - 2015-06-13 20:32 - 00000000 ____D C:\Users\Jacque\AppData\Roaming\PCAcceleratePro
2015-06-13 20:32 - 2015-06-13 20:32 - 00000000 ____D C:\ProgramData\PCAcceleratePro
2015-06-13 20:25 - 2015-06-13 20:25 - 00000000 __SHD C:\Users\Jacque\AppData\Local\EmieUserList
2015-06-13 20:25 - 2015-06-13 20:25 - 00000000 __SHD C:\Users\Jacque\AppData\Local\EmieSiteList
2015-06-13 19:30 - 2015-06-13 19:30 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
Task: {68359F75-3C32-4594-8E83-AC2A3B9D4E7D} - \avabvbavad No Task File <==== ATTENTION
Task: {6E87D4C1-55D0-41BA-BC5B-A614C9548655} - System32\Tasks\DFOZSNJILP => C:\ProgramData\0f3b5471928b4fd3834dad205fba7597\0f3b5471928b4fd3834dad205fba7597.exe <==== ATTENTION
Task: {F743062B-27A3-4E3D-881F-B3C727D39BBE} - System32\Tasks\Kekuysefc => C:\Program Files\shopperz\Aqtmxsreo.bat <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\msln.exe:6c47cda21a848ae4106343c320edf2eb
C:\Users\Jacque\AppData\Local\wd
C:\ProgramData\FlashBeat
C:\PROGRA~2\SearchProtect
C:\ProgramData\0f3b5471928b4fd3834dad205fba7597
C:\Program Files\shopperz
C:\Program Files (x86)\RelevantKnowledge
C:\Program Files (x86)\Crossbrowse
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

FINALLY

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
jacquelynmdelp

jacquelynmdelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Thank you so much! The issue has been solved!


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Was that before you ran my fixes ?
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP