Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Clipconverter.cc Malware! (Maybe?) [Solved]


  • This topic is locked This topic is locked

#1
InkAnt201

InkAnt201

    New Member

  • Member
  • Pip
  • 5 posts

Hi all!

 

I was using clipconverter.cc, a website I've used for years with no problems, and my Chrome browser just got hit with a very obvious virus screen from the site. There was a big red background, white text about a compromised computer, a "scan for infection" option, and a Javascript pop-up window (which I did *not* click, whew!) paired with a generic voice message about calling a 1-800 number to regain computer access. I did not click any ads and had to force shutdown chrome to regain control of my browser.

I don't know if I am indeed infected, but I saw someone with this exact same problem (http://www.geekstogo...lipconvertercc/) and I don't want to take any chances.

I am looking for aid in being as thorough and accurate in scanning for, and possibly removing anything that hit me through clipconverter. :)

I was running adblock plus through chrome as an extension and the Ghostery plugin (https://chrome.googl...bmpeaniij?hl=en), but I gave the website both permissions for pop-ups and javascript beforehand. 

 

System Info:

Windows 7 Home Premium, 64-bit 

Chrome Browser: Version 49.0.2623.75 beta-m (64-bit)

 

Windows Firewall State: On

Incoming Connections: Block all connections to programs that are not on the list of allowed programs

Notification State: Notify me when Windows Firewall blocks a new program (Haven't gotten any updates here)

Symptoms:

I've run some basic searches through Google to see if anything is being injected into my search results and so far I've seen nothing. I've also not noticed any decreased performance or sluggishness from Chrome, and my processor speeds, temps, and RAM usage are all normal. I do not see any suspicious processes running in the background after looking at my task manager.
 

Here are my FRST logs:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Peter (administrator) on PETER-PC (09-03-2016 13:11:30)
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apache Software Foundation) E:\xampp\apache\bin\httpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() E:\xampp\mysql\bin\mysqld.exe
(Apache Software Foundation) E:\xampp\apache\bin\httpd.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
(Adobe Systems Inc.) E:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Piriform Ltd) E:\Program Files (x86)\Piriform Suite\CCleaner\CCleaner64.exe
(Piriform Ltd) E:\Program Files (x86)\Piriform Suite\Speccy\Speccy64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Adobe Systems Incorporated) E:\Program Files (x86)\Adobe\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe
(Adobe Systems Incorporated) E:\Program Files (x86)\Adobe\Adobe Premiere Pro CC 2015\32\dynamiclinkmanager.exe
(Adobe Systems Incorporated) E:\Program Files (x86)\Adobe\Adobe Premiere Pro CC 2015\32\Adobe QT32 Server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-25] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-02] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => E:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => E:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [32768 2013-08-01] (Tablet Driver)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2015-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => E:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\...\Run: [CCleaner Monitoring] => E:\Program Files (x86)\Piriform Suite\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\...\Run: [Adobe Acrobat Synchronizer] => E:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [881336 2015-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\...\Run: [KiesPDLR.exe] => E:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-07-27] (Samsung)
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\...\MountPoints2: {dca8e119-21ac-11e4-8059-bc5ff4faef21} - J:\DTE_Privacy_launcher.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{209FF436-8EBA-462E-A0D6-954A4FF6AEE3}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-02] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-02] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\bwmrkgqk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-25] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-02] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> E:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-01] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> E:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @lastpass.com/NPLastPass -> E:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-01] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> E:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> E:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - E:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - E:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-16]
StartMenuInternet: FIREFOX.EXE - E:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://www.dictionary.com/wordoftheday","hxxp://www.uccs.edu/office365/login.html","hxxp://www.lindsredding.com/2012/03/11/a-overdue-lesson-in-perspective/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-02-10]
CHR Extension: (Facebook Video Downloader) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2016-01-14]
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Sexy Undo Close Tab) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2014-10-23]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga [2015-01-09]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-24]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-10]
CHR Extension: (Google Docs Offline) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-03-09]
CHR Extension: (Terms of Service; Didn’t Read) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdoplcnndgiblooccencgcggcoihigg [2015-11-24]
CHR Extension: (Skype) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-20]
CHR Extension: (Ghostery) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Neater Bookmarks) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2014-07-26]
CHR Extension: (Image Size Info) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihdhfbfoagfkpcncinlbhfdgpegcigf [2016-02-11]
CHR Extension: (Recent Bookmarks) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\olndffocioplakeilhkgenfgdincjlpn [2014-07-26]
CHR Extension: (Click&Clean App) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-03-09]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Apache2.4; E:\xampp\apache\bin\httpd.exe [22016 2014-07-17] (Apache Software Foundation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-16] (NVIDIA Corporation)
U2 HiPatchService; E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-02-02] (Hi-Rez Studios) [File not signed]
R2 mysql; E:\xampp\mysql\bin\mysqld.exe [11021824 2014-09-11] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-16] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-16] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-05] (Electronic Arts)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2013-08-01] (Tablet Driver) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-17] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 cpuz136; \??\C:\Users\Peter\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-09 13:11 - 2016-03-09 13:11 - 02374144 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2016-03-09 13:11 - 2016-03-09 13:11 - 00024372 _____ C:\Users\Peter\Desktop\FRST.txt
2016-03-09 13:11 - 2016-03-09 13:11 - 00000000 ____D C:\FRST
2016-03-01 14:31 - 2016-01-22 13:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-01 14:31 - 2016-01-22 13:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-01 14:31 - 2016-01-21 23:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-01 14:31 - 2016-01-21 23:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-01 14:31 - 2016-01-21 23:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-01 14:31 - 2016-01-21 23:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-01 14:31 - 2016-01-21 23:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-01 14:31 - 2016-01-21 23:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-01 14:31 - 2016-01-21 23:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-01 14:31 - 2016-01-21 23:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-01 14:31 - 2016-01-21 23:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-01 14:31 - 2016-01-21 23:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-01 14:31 - 2016-01-21 23:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-01 14:31 - 2016-01-21 23:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-01 14:31 - 2016-01-21 23:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-01 14:31 - 2016-01-21 23:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-01 14:31 - 2016-01-21 23:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-01 14:31 - 2016-01-21 23:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-01 14:31 - 2016-01-21 23:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-01 14:31 - 2016-01-21 23:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-01 14:31 - 2016-01-21 23:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-01 14:31 - 2016-01-21 22:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-01 14:31 - 2016-01-21 22:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-01 14:31 - 2016-01-21 22:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-01 14:31 - 2016-01-21 22:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-01 14:31 - 2016-01-21 22:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-01 14:31 - 2016-01-21 22:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-01 14:31 - 2016-01-21 22:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-01 14:31 - 2016-01-21 22:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-01 14:31 - 2016-01-21 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-01 14:31 - 2016-01-21 22:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-01 14:31 - 2016-01-21 22:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-01 14:31 - 2016-01-21 22:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-01 14:31 - 2016-01-21 22:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-01 14:31 - 2016-01-21 22:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-01 14:31 - 2016-01-21 22:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-01 14:31 - 2016-01-21 22:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-01 14:31 - 2016-01-21 22:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-01 14:31 - 2016-01-21 22:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-01 14:31 - 2016-01-21 22:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-01 14:31 - 2016-01-21 22:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-01 14:31 - 2016-01-21 22:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-01 14:31 - 2016-01-21 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-01 14:30 - 2016-02-06 03:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-01 14:30 - 2016-02-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-01 14:30 - 2016-02-06 03:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-01 14:30 - 2016-02-06 03:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-01 14:30 - 2016-02-06 03:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-01 14:30 - 2016-02-06 03:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-01 14:30 - 2016-02-06 02:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-01 14:30 - 2016-02-06 02:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-01 14:30 - 2016-02-06 02:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-01 14:30 - 2016-02-06 02:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-01 14:30 - 2016-02-06 02:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-01 14:30 - 2016-02-06 02:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-01 14:30 - 2016-02-06 02:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-01 14:30 - 2016-02-06 01:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-01 14:30 - 2016-01-21 23:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-01 14:30 - 2016-01-21 23:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-01 14:30 - 2016-01-21 23:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-01 14:30 - 2016-01-21 23:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-01 14:30 - 2016-01-21 23:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-01 14:30 - 2016-01-21 23:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-01 14:30 - 2016-01-21 23:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-01 14:30 - 2016-01-21 23:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-01 14:30 - 2016-01-21 23:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-01 14:30 - 2016-01-21 23:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-01 14:30 - 2016-01-21 23:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-01 14:30 - 2016-01-21 23:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-01 14:30 - 2016-01-21 23:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-01 14:30 - 2016-01-21 23:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-01 14:30 - 2016-01-21 23:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-01 14:30 - 2016-01-21 23:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-01 14:30 - 2016-01-21 23:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-01 14:30 - 2016-01-21 23:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-01 14:30 - 2016-01-21 23:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-01 14:30 - 2016-01-21 23:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-01 14:30 - 2016-01-21 23:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-01 14:30 - 2016-01-21 23:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-01 14:30 - 2016-01-21 23:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-03-01 14:30 - 2016-01-21 23:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-03-01 14:30 - 2016-01-21 23:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-01 14:30 - 2016-01-21 23:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-01 14:30 - 2016-01-21 23:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-01 14:30 - 2016-01-21 23:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-03-01 14:30 - 2016-01-21 23:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-01 14:30 - 2016-01-21 23:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-01 14:30 - 2016-01-21 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-01 14:30 - 2016-01-21 23:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-01 14:30 - 2016-01-21 23:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-01 14:30 - 2016-01-21 23:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-01 14:30 - 2016-01-21 23:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-01 14:30 - 2016-01-21 23:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-01 14:30 - 2016-01-21 23:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-01 14:30 - 2016-01-21 23:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-01 14:30 - 2016-01-21 23:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 23:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-01 14:30 - 2016-01-21 23:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-01 14:30 - 2016-01-21 23:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-01 14:30 - 2016-01-21 23:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-01 14:30 - 2016-01-21 23:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-01 14:30 - 2016-01-21 23:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-01 14:30 - 2016-01-21 23:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-01 14:30 - 2016-01-21 23:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-01 14:30 - 2016-01-21 23:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-01 14:30 - 2016-01-21 23:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-01 14:30 - 2016-01-21 23:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-01 14:30 - 2016-01-21 23:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-01 14:30 - 2016-01-21 23:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-03-01 14:30 - 2016-01-21 23:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-03-01 14:30 - 2016-01-21 23:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-01 14:30 - 2016-01-21 23:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-01 14:30 - 2016-01-21 23:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-01 14:30 - 2016-01-21 23:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-03-01 14:30 - 2016-01-21 23:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-01 14:30 - 2016-01-21 23:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-03-01 14:30 - 2016-01-21 23:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 22:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-01 14:30 - 2016-01-21 22:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-01 14:30 - 2016-01-21 22:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-01 14:30 - 2016-01-21 22:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-01 14:30 - 2016-01-21 22:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-01 14:30 - 2016-01-21 22:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-01 14:30 - 2016-01-21 22:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-01 14:30 - 2016-01-21 21:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-01 14:30 - 2016-01-21 21:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-01 14:30 - 2016-01-21 21:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-01 14:30 - 2016-01-21 21:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-01 14:30 - 2016-01-21 21:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-01 14:30 - 2016-01-21 21:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-01 14:30 - 2016-01-21 21:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-01 14:30 - 2016-01-21 21:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-01 14:30 - 2016-01-21 21:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-01 14:30 - 2016-01-21 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-01 14:30 - 2016-01-21 21:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 21:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 21:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-01 14:30 - 2016-01-21 21:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-01 14:30 - 2016-01-16 12:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-01 14:30 - 2016-01-16 11:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-01 14:30 - 2016-01-07 10:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-01 14:30 - 2016-01-07 10:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-03-01 14:30 - 2016-01-06 12:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-03-01 14:30 - 2016-01-06 12:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-03-01 14:30 - 2016-01-06 11:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-03-01 14:30 - 2015-12-08 14:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-03-01 14:30 - 2015-12-08 14:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-03-01 14:30 - 2015-12-08 14:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-03-01 14:30 - 2015-12-08 14:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-03-01 14:30 - 2015-12-08 14:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-03-01 14:30 - 2015-12-08 14:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-03-01 14:30 - 2015-12-08 14:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-03-01 14:30 - 2015-12-08 14:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-03-01 14:30 - 2015-12-08 14:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-03-01 14:30 - 2015-12-08 14:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-03-01 14:30 - 2015-12-08 14:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-03-01 14:30 - 2015-12-08 14:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-03-01 14:30 - 2015-12-08 14:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-03-01 14:30 - 2015-12-08 14:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-03-01 14:30 - 2015-12-08 14:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-03-01 14:30 - 2015-12-08 14:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-03-01 14:30 - 2015-12-08 14:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-03-01 14:30 - 2015-12-08 14:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-03-01 14:30 - 2015-12-08 14:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-03-01 14:30 - 2015-12-08 14:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-03-01 14:30 - 2015-12-08 14:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-03-01 14:30 - 2015-12-08 14:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-03-01 14:30 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-03-01 14:30 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-03-01 14:30 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-03-01 14:30 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-03-01 14:30 - 2015-12-08 14:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-03-01 14:30 - 2015-12-08 14:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-03-01 14:30 - 2015-12-08 14:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-03-01 14:30 - 2015-12-08 14:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-03-01 14:30 - 2015-12-08 14:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-03-01 14:30 - 2015-12-08 14:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-03-01 14:30 - 2015-12-08 14:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-03-01 14:30 - 2015-12-08 14:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-03-01 14:30 - 2015-12-08 14:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-03-01 14:30 - 2015-12-08 14:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-03-01 14:30 - 2015-12-08 14:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-03-01 14:30 - 2015-12-08 12:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-03-01 14:30 - 2015-12-08 12:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-03-01 14:30 - 2015-12-08 12:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-03-01 14:30 - 2015-12-08 12:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-03-01 14:30 - 2015-12-08 12:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-03-01 14:30 - 2015-12-08 12:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-03-01 14:30 - 2015-12-08 11:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-03-01 14:30 - 2015-12-08 11:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-03-01 14:30 - 2015-12-08 11:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-03-01 14:30 - 2015-11-13 16:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-03-01 14:30 - 2015-11-13 16:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-03-01 14:30 - 2015-11-13 16:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-03-01 14:30 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-03-01 14:30 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-03-01 14:30 - 2015-11-13 15:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-03-01 14:30 - 2015-11-11 11:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-03-01 14:30 - 2015-11-11 11:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-03-01 14:30 - 2015-11-11 11:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-03-01 14:30 - 2015-11-11 11:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-03-01 14:30 - 2015-11-10 11:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-03-01 14:30 - 2015-11-10 11:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-03-01 14:30 - 2015-11-10 11:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-03-01 14:30 - 2015-11-10 11:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-03-01 14:30 - 2015-11-10 11:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-03-01 14:30 - 2015-11-05 12:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-03-01 14:30 - 2015-11-05 12:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-03-01 14:30 - 2015-11-05 02:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-03-01 14:30 - 2015-11-03 12:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-03-01 14:30 - 2015-11-03 11:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-03-01 14:30 - 2015-10-13 09:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-03-01 14:30 - 2015-10-13 09:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-03-01 14:30 - 2015-10-12 21:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-03-01 14:30 - 2015-10-01 11:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-03-01 14:30 - 2015-10-01 11:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-03-01 14:30 - 2015-10-01 11:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-03-01 14:30 - 2015-10-01 11:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-03-01 14:30 - 2015-10-01 11:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-03-01 14:30 - 2015-10-01 11:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-03-01 14:30 - 2015-10-01 11:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-03-01 14:30 - 2015-10-01 10:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-03-01 14:30 - 2015-10-01 10:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-03-01 14:30 - 2015-09-23 06:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-03-01 14:30 - 2015-09-23 06:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-03-01 14:30 - 2015-09-23 06:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-03-01 14:30 - 2015-08-06 11:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-03-01 14:30 - 2015-08-06 11:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-03-01 14:30 - 2015-08-06 10:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-03-01 14:30 - 2015-08-06 10:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-03-01 14:30 - 2015-08-05 10:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-03-01 14:26 - 2015-11-03 12:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-03-01 14:26 - 2015-11-03 11:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-03-01 14:25 - 2015-09-01 20:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-01 14:25 - 2015-09-01 20:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-01 14:25 - 2015-09-01 20:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-01 14:25 - 2015-09-01 20:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-01 14:25 - 2015-09-01 19:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-01 14:25 - 2015-09-01 19:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-01 14:25 - 2015-09-01 19:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-01 14:25 - 2015-09-01 19:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-01 14:25 - 2015-09-01 18:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-01 14:25 - 2015-09-01 18:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-02-16 15:22 - 2016-02-16 15:22 - 00001606 _____ C:\Users\Peter\Desktop\Landing_V3_final.psd - Shortcut.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-09 13:09 - 2014-07-28 09:45 - 498146304 _____ C:\Users\Peter\AppData\Local\SageThumbs.db3
2016-03-09 12:22 - 2014-07-26 14:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-09 12:04 - 2014-07-28 22:06 - 00000000 ____D C:\Users\Peter\AppData\Roaming\vlc
2016-03-09 11:58 - 2014-08-15 13:10 - 00000000 ____D C:\Users\Peter\AppData\Local\Adobe
2016-03-08 20:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-03-08 20:44 - 2015-01-01 19:05 - 00000000 ____D C:\Users\Peter\AppData\Local\NVIDIA
2016-03-08 20:44 - 2015-01-01 19:04 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-03-08 20:22 - 2014-07-26 14:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-08 12:03 - 2014-08-08 12:36 - 00000033 _____ C:\Users\Peter\AppData\Roaming\AdobeWLCMCache.dat
2016-03-07 12:17 - 2009-07-13 21:45 - 00032336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-07 12:17 - 2009-07-13 21:45 - 00032336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-02 17:27 - 2014-07-26 14:26 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-02 15:22 - 2015-06-07 16:41 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-02 12:04 - 2015-09-29 12:36 - 00000000 ____D C:\ProgramData\Oracle
2016-03-02 11:34 - 2015-11-02 22:19 - 00000000 ____D C:\Program Files\Java
2016-03-02 11:34 - 2015-09-29 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-03-02 11:34 - 2014-09-04 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-02 11:33 - 2015-09-29 12:36 - 00000000 ____D C:\Users\Peter\.oracle_jre_usage
2016-03-02 11:33 - 2014-09-04 10:30 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-03-02 01:22 - 2015-04-20 22:25 - 00000000 ____D C:\Windows\rescache
2016-03-02 00:53 - 2009-07-13 22:13 - 00796934 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-02 00:46 - 2015-07-02 13:01 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-02 00:46 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-02 00:46 - 2009-07-13 21:45 - 05037656 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-02 00:45 - 2010-11-21 00:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-02 00:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-01 14:47 - 2014-07-27 00:31 - 00000000 ____D C:\Windows\system32\MRT
2016-03-01 14:42 - 2014-07-27 00:31 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-01 14:35 - 2014-07-26 14:32 - 00789056 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-29 20:02 - 2015-10-31 10:44 - 00000000 ____D C:\Users\Peter\AppData\Local\ElevatedDiagnostics
2016-02-25 12:03 - 2014-08-15 11:48 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-25 12:03 - 2014-08-15 11:48 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-24 16:09 - 2015-04-10 16:54 - 00000000 ____D C:\Users\Peter\AppData\Local\CrashDumps
2016-02-23 16:49 - 2014-07-26 14:26 - 00096072 _____ C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-16 23:40 - 2015-11-29 15:25 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-02-16 23:40 - 2015-01-01 19:04 - 01903344 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-02-16 23:40 - 2015-01-01 19:04 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-02-16 23:40 - 2015-01-01 19:04 - 01571624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-02-16 23:40 - 2015-01-01 19:04 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-02-16 21:53 - 2015-04-08 22:40 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-02-15 18:02 - 2015-08-31 20:40 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Curse Client
2016-02-11 12:57 - 2015-04-24 15:14 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
 
==================== Files in the root of some directories =======
 
2014-08-08 12:36 - 2016-03-08 12:03 - 0000033 _____ () C:\Users\Peter\AppData\Roaming\AdobeWLCMCache.dat
2014-11-18 11:23 - 2015-07-23 11:29 - 0001456 _____ () C:\Users\Peter\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-12-27 15:51 - 2015-12-27 15:51 - 0000963 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel
2014-08-27 12:57 - 2014-08-27 12:57 - 0007619 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
2014-07-28 09:45 - 2016-03-09 13:09 - 498146304 _____ () C:\Users\Peter\AppData\Local\SageThumbs.db3
2014-07-26 14:20 - 2014-07-26 14:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Peter\AppData\Local\Temp\speccycpuid.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-09 12:50
 

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Peter (2016-03-09 13:11:50)
Running from C:\Users\Peter\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-07-26 21:16:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2664767064-889826173-3791459063-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2664767064-889826173-3791459063-1002 - Limited - Enabled)
Guest (S-1-5-21-2664767064-889826173-3791459063-501 - Limited - Disabled)
Peter (S-1-5-21-2664767064-889826173-3791459063-1000 - Administrator - Enabled) => C:\Users\Peter
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.08 beta (x64) (HKLM\...\7-Zip) (Version: 15.08 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.1.0 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.1.181 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{7F823F8E-4348-11E4-8BF8-81763C49AA32}) (Version: 15.1.0 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.1.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.1.0.122 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.1 - Adobe Systems Incorporated)
Adobe Muse CC 2014 (HKLM\...\{3BFA80E7-C4DB-45E7-B6B7-5E1804ED3652}) (Version: 2014.1.0.375 - Adobe Systems, Incorporated)
Adobe Muse CC 2014 (HKLM-x32\...\{F80BB030-D3E3-11E4-B787-F144E7411942}) (Version: 2014.3.2.11 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.1 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blender (HKLM\...\{BBE9D9F0-3F77-4E26-9E10-1AFB56D41363}) (Version: 2.76.0 - Blender Foundation)
Bulk Image Sizer (HKLM-x32\...\{30DDBC77-5F8A-4A36-934E-096F70D003B8}) (Version: 1.0.0 - Home Use)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Dragon UnPACKer 5 (HKLM-x32\...\DragonUnPACKer5_is1) (Version: 5.7.0 Beta - Alexandre Devilliers (aka Elbereth))
Duck Game (HKLM-x32\...\Steam App 312530) (Version:  - Landon Podbielski)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version:  - Ryan Gregg)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.75 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Reloaded Games)
[bleep] Yeah! (HKLM-x32\...\Steam App 205230) (Version:  - Arkedo)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version:  - Blit Software)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version:  - Tripwire Interactive)
Kotor Tool (HKLM-x32\...\Kotor Tool) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LibreOffice 5.0.1.2 (HKLM-x32\...\{927AE35D-72BC-437D-BAC7-EE47D03DEE54}) (Version: 5.0.1.2 - The Document Foundation)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.186 - Logitech Inc.)
MechWarrior Online (HKLM\...\Steam App 342200) (Version:  - Piranha Games Inc.)
MechWarrior Online (HKLM-x32\...\{9f17023b-d04f-432b-b08a-3bb4c3a7ed3c}) (Version: 1.6.0.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.6.1.0 - Piranha Games Inc.) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Firefox 43.0.1 (x86 en-US) (HKU\S-1-5-21-2664767064-889826173-3791459063-1000\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 en-US)) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 en-US) (HKU\S-1-5-21-2664767064-889826173-3791459063-1000\...\Mozilla Thunderbird 31.6.0 (x86 en-US)) (Version: 31.6.0 - Mozilla)
MTXExtractor (HKLM-x32\...\{3C33D2A4-7375-49A1-B32E-1ECD544ADA3C}) (Version: 1.0.1 - mektek.net)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.56.1 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.14.810.11 - Hi-Rez Studios)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Recovery Toolbox for Photoshop 2.0 (HKLM-x32\...\Recovery Toolbox for Photoshop_is1) (Version:  - Recovery Toolbox, Inc.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SageThumbs 2.0.0.19 (HKLM\...\SageThumbs) (Version: 2.0.0.19 - Cherubic Software)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version:  - Sega)
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 3.1.3218.4 - Hi-Rez Studios)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
STAR WARS™ Knights of the Old Republic™ II: The Sith Lords™ (HKLM-x32\...\Steam App 208580) (Version:  - Obsidian Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tableau 9.2 (9200.15.1215.2037) (HKLM\...\{0854BAAD-ECE1-4C6E-BD7B-01CDA2BE3646}) (Version: 9.2.89 - Tableau Software)
Tablet Driver V8.01 (HKLM-x32\...\TabletDriver) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TSLRCM 1.8.4 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version:  - )
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VTF Shell Extensions 1.7.5.0 (HKLM\...\VTF Shell Extensions 1.7.5.0) (Version: 1.0.6.1 - Neil Jedrzejewski)
VTFEdit 1.3.3 (HKLM\...\VTFEdit_is1) (Version:  - Neil Jedrzejewski & Ryan Gregg)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)
XnView 2.22 (HKLM-x32\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2664767064-889826173-3791459063-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0446F80E-A953-4189-AD65-E2D0DFF533A7} - System32\Tasks\{EEF06103-DB32-4CD6-8B2A-08F3935EC05C} => E:\Program Files (x86)\Steam\SteamApps\common\mass effect\Binaries\MassEffect.exe [2011-12-28] (BioWare)
Task: {0701929F-C650-4A5F-BEF1-F1B53F18493A} - System32\Tasks\AdobeAAMUpdater-1.0-Peter-PC-Peter => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {38EBCA0B-B742-4006-9C3E-E70C2A383C0E} - System32\Tasks\CCleanerSkipUAC => E:\Program Files (x86)\Piriform Suite\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {4261D9FA-C368-46E7-85E3-A31EF2D63E30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B59E50FC-7999-4780-B5DF-F3C7E6379A26} - System32\Tasks\{DC735316-860C-4C6C-96E8-3ECC992128ED} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
Task: {D1A0EF7B-FA97-481C-974A-64DEFF37EB7A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DF422E9E-F701-4559-9DF1-E375E46D7B0D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-30 17:36 - 2014-09-11 07:13 - 11021824 _____ () E:\xampp\mysql\bin\mysqld.exe
2015-07-02 13:01 - 2015-12-16 07:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-11-14 04:23 - 2015-11-14 04:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-03-29 03:25 - 2015-03-29 03:25 - 00043480 _____ () E:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 02:49 - 2014-05-12 02:49 - 00222720 _____ () E:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-07-02 14:54 - 2014-07-02 14:54 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-02 14:59 - 2014-07-02 14:59 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-02 14:54 - 2014-07-02 14:54 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-02 14:59 - 2014-07-02 14:59 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-11-14 04:22 - 2015-11-14 04:22 - 31401120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-03-08 20:44 - 2016-02-16 23:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-08 20:44 - 2016-02-16 23:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-01-08 18:09 - 2016-02-16 23:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-06-04 04:50 - 2015-07-20 04:27 - 00414416 _____ () E:\Program Files (x86)\Adobe\Adobe Premiere Pro CC 2015\BravoInitializer.dll
2015-06-03 22:03 - 2015-06-03 22:03 - 04044800 _____ () E:\Program Files (x86)\Adobe\Adobe Premiere Pro CC 2015\Plug-ins\Common\Wraptor.prm
2015-06-03 22:02 - 2015-06-03 22:02 - 03499008 _____ () E:\Program Files (x86)\Adobe\Adobe Premiere Pro CC 2015\DNxHDCodec.dll
2015-06-03 22:02 - 2015-06-03 22:02 - 00302592 _____ () E:\Program Files (x86)\Adobe\Adobe Premiere Pro CC 2015\MOG_Framework_2.2.14_vc10.dll
2015-06-03 22:02 - 2015-06-03 22:02 - 00019968 _____ () E:\Program Files (x86)\Adobe\Adobe Premiere Pro CC 2015\MXF_SDK_Metadata_AS11_1.3.50_vs10.dll
2015-06-03 22:02 - 2015-06-03 22:02 - 00294912 _____ () E:\Program Files (x86)\Adobe\Adobe Premiere Pro CC 2015\MXF_SDK_MXFIO_AS11_1.3.50_vs10.dll
2015-06-03 22:02 - 2015-06-03 22:02 - 03567616 _____ () E:\Program Files (x86)\Adobe\Adobe Premiere Pro CC 2015\mog_xqilla22.dll
2015-06-03 22:03 - 2015-06-03 22:03 - 00048128 _____ () E:\Program Files (x86)\Adobe\Adobe Premiere Pro CC 2015\pthreadVC.dll
2016-03-02 17:27 - 2016-03-01 21:49 - 02140824 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\libglesv2.dll
2016-03-02 17:27 - 2016-03-01 21:49 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\libegl.dll
2016-03-02 17:27 - 2016-03-01 21:49 - 29267608 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\PepperFlash\pepflashplayer.dll
2015-03-30 17:35 - 2014-07-17 04:18 - 00219648 _____ () E:\xampp\apache\bin\pcre.dll
2015-03-30 17:36 - 2014-11-12 18:41 - 00127488 _____ () E:\xampp\php\libpq.dll
2015-03-30 17:35 - 2014-11-12 18:41 - 00117760 _____ () E:\xampp\apache\bin\libssh2.dll
2013-08-01 00:23 - 2013-08-01 00:23 - 00301912 _____ () C:\Windows\system32\WinTab32.DLL
2015-11-16 17:43 - 2015-11-16 17:43 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2013-08-01 00:23 - 2013-08-01 00:23 - 00249688 _____ () C:\Windows\SysWOW64\WinTab32.DLL
2013-08-01 00:23 - 2013-08-01 00:23 - 00241496 _____ () C:\Windows\SysWOW64\MyDrawLineWindowDll.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2015-11-25 19:35 - 2015-11-25 19:35 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-11-25 19:35 - 2015-11-25 19:35 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-11-25 19:35 - 2015-11-25 19:35 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2015-11-25 19:35 - 2015-11-25 19:35 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2015-11-25 13:22 - 2015-11-25 13:22 - 00089264 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin7.dll
2015-11-25 19:35 - 2015-11-25 19:35 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2014-01-31 11:46 - 2016-02-09 18:17 - 00782336 _____ () E:\Program Files (x86)\Steam\SDL2.dll
2014-12-02 17:42 - 2015-07-03 09:12 - 04962816 _____ () E:\Program Files (x86)\Steam\v8.dll
2014-12-02 17:42 - 2015-07-03 09:12 - 01556992 _____ () E:\Program Files (x86)\Steam\icui18n.dll
2014-12-02 17:42 - 2015-07-03 09:12 - 01187840 _____ () E:\Program Files (x86)\Steam\icuuc.dll
2014-05-07 16:06 - 2016-03-04 15:20 - 02547792 _____ () E:\Program Files (x86)\Steam\video.dll
2014-08-28 14:12 - 2016-02-08 16:14 - 02549760 _____ () E:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 14:12 - 2016-02-08 16:14 - 00442880 _____ () E:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 14:12 - 2016-02-08 16:14 - 00491008 _____ () E:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 14:12 - 2016-02-08 16:14 - 00332800 _____ () E:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-28 14:12 - 2016-02-08 16:14 - 00485888 _____ () E:\Program Files (x86)\Steam\libswscale-3.dll
2014-01-31 11:46 - 2016-03-04 15:20 - 00802896 _____ () E:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-02-19 13:54 - 2016-02-17 15:25 - 00281088 _____ () E:\Program Files (x86)\Steam\openvr_api.dll
2014-01-31 11:47 - 2016-02-08 18:33 - 48400672 _____ () E:\Program Files (x86)\Steam\bin\libcef.dll
2014-12-19 09:31 - 2015-09-24 16:56 - 00119208 _____ () E:\Program Files (x86)\Steam\winh264.dll
2015-04-08 22:46 - 2016-02-17 00:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:6F770ABC [126]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\Control Panel\Desktop\\Wallpaper -> E:\Program Files (x86)\XnView\\xnview_wallpaper_20160215.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupreg: iTunesHelper => "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F637FA3F-2D4A-433D-A3CA-5214D8C206C0}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7ABCB8F9-07C7-4B65-B7BA-E3060DF2852C}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DF39E5F4-4208-4FE3-B30F-D8DF2EB24D0A}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{59B2BAC5-2331-4F38-AF24-27264B8C8CE7}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{914EC7BD-45D7-4889-9346-59089F32939C}E:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe
FirewallRules: [UDP Query User{2DA46542-6109-4690-AAD1-98A66027153E}E:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe
FirewallRules: [{D9F359D1-7126-4EA7-93D9-14310839DC27}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{8A613A91-4864-447B-BA91-D9E686091228}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{BD2E034F-592A-49DB-BA93-61A7ACAD147C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{2BCD6037-4F2C-4685-9CCD-9529C953099E}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{92559D8C-847C-461C-89C1-B7011FEF9A33}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{72747498-70C3-4A1D-891C-0D57295B3ED3}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{582845CF-0B74-4D26-AF59-8EC26EB8217A}] => (Allow) E:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{E1FC3122-7CC0-4797-A694-693ADE5B7925}E:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{29891EAE-2632-404A-9DFC-BF120BB53B5E}E:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{19254958-811B-4431-8431-0EC3B57C3A7D}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [{E45D713B-485B-49A0-8A6B-66C24EA74E57}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [{89C10E45-754E-4ECD-B3D0-BD0DDC2914C0}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9164FC47-3EBD-4BB0-BBFF-FF716E305CD4}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{625A19D6-B3E7-4D6A-840F-F826B2CF8110}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{B1A7F96A-E83D-4050-9A44-CA83869BACA7}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [TCP Query User{AF7AD9FD-03BB-433B-83F6-8C45CC19443F}E:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [UDP Query User{59B55A0F-1CA1-4130-9EEB-C916233CBDCE}E:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [{7E1E1697-E083-475D-9438-A18A642E39A7}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{A2B82F11-4092-4CFB-9050-7E3502523C45}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{C6F60883-6BCD-4AF5-B005-7928BBA246A4}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{020381D1-91C3-48B9-916B-83C4C7BA8A1B}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{89DFA5DB-D69C-476B-8928-E08A2381D37D}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{17DCE81B-4C05-4E08-8B5B-4A65B6BA243C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [TCP Query User{8CA953DC-D76A-4560-9367-00B5AAA8107C}E:\program files (x86)\adobe\adobe after effects cc 2014\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe] => (Allow) E:\program files (x86)\adobe\adobe after effects cc 2014\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe
FirewallRules: [UDP Query User{B2B802F8-0C94-487F-8E67-06E5E12A79F9}E:\program files (x86)\adobe\adobe after effects cc 2014\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe] => (Allow) E:\program files (x86)\adobe\adobe after effects cc 2014\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe
FirewallRules: [{07993BD3-C5C7-4E1A-A984-1AC2FCACDF7A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CEEA70D7-8DC0-4067-BAFD-6378B6CD0074}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{01E092B8-4E8C-4584-9B55-DD56EB890787}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\EvolveBeta\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{6893859C-30AB-4B86-9886-1E3A0BFABAB1}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\EvolveBeta\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{72A77B16-2FA3-4837-9201-07DD633BAE3B}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{E8A50493-A9EB-4E01-BA40-426D0283615B}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{EBAE35DE-4EB2-4B8A-925F-AD94055A404C}E:\xampp\apache\bin\httpd.exe] => (Block) E:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{154A117E-FC6C-4625-9F41-417589A7AC5D}E:\xampp\apache\bin\httpd.exe] => (Block) E:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{F8EEE277-DEF1-4CEA-BAB5-F885E22EBF2D}E:\xampp\filezillaftp\filezillaserver.exe] => (Block) E:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [UDP Query User{1DB4D3F0-0D20-444A-8A4E-43DEF54D445F}E:\xampp\filezillaftp\filezillaserver.exe] => (Block) E:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [TCP Query User{8CF7C4D6-19C1-4C40-A07F-95776E85CA9B}E:\xampp\mysql\bin\mysqld.exe] => (Block) E:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{71AEE837-BF06-4B20-B09D-E51DC962F262}E:\xampp\mysql\bin\mysqld.exe] => (Block) E:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{D029FD57-2270-45D0-8A48-AD016BAAFA03}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{CCD2CF6E-B1AD-478F-90ED-651927F12A35}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{48F3A332-CBDE-47AF-9F86-A99F584C4409}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{00991AED-E1C3-4952-83DD-54B28C4B7576}E:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe] => (Allow) E:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe
FirewallRules: [UDP Query User{57CB6FF0-C74C-4ED7-8BA2-77BCC97AD3E1}E:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe] => (Allow) E:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe
FirewallRules: [{1223C29B-909F-4F1B-A2F6-C538384B9EA1}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{6EB9CEC9-B925-4260-B5D2-F492BB477545}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{01BDA3F0-975E-4F2F-9556-ABBB9D50A8C0}E:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{EB4FE223-EF0C-4B50-850D-0288BFC5A70F}E:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [{F3FE8B3B-FDB1-4162-B8B8-D209F0F32B7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CB0637C1-C961-4D04-A77A-5750DFB35BEB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{86950C2F-4E65-4FDB-9C09-BCDCB8525077}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{94093B65-7B14-49C1-99C1-ABCB2FBF7D08}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3FE0A5B8-69BB-4BA2-A5B3-328E7EB61660}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{BAC3C1C3-1B21-410F-B195-45263F495316}E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{3C6B7D75-6E4D-445B-8B42-BC9A6DFEE2B6}E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{C17EE7E1-E2B7-40D5-A441-F6F326DDC4F0}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7E7DB430-23AC-476D-AB99-707395B024FD}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{41B94FD9-6B52-42F9-A0A0-55781F8ECDA1}E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{EFDF20DD-F901-435B-99F8-A872A937057B}E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{D5283AED-AF66-4EB7-848E-2AEEF159E38A}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\half-life 2 deathmatch\hl2.exe
FirewallRules: [{69BFC6EA-659E-4DCA-B580-6327FB959AAA}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\half-life 2 deathmatch\hl2.exe
FirewallRules: [TCP Query User{E5E8E383-8EC0-4B9A-95BB-00B3F6649C57}E:\program files\android\android studio\bin\studio64.exe] => (Allow) E:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{18C5C740-DB7F-44BB-BE08-8066FA8B8D4E}E:\program files\android\android studio\bin\studio64.exe] => (Allow) E:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{4E61BFA0-E3C9-454A-9701-5756702F1E91}] => (Allow) E:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{A00381E8-1EF5-448A-A6A0-BE91C590B357}] => (Allow) E:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{8C0191CC-AA9E-474A-B75D-9D8A5DD0618A}] => (Allow) E:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{21E3D29E-E6A7-4162-A877-4FC5AD45C5F0}] => (Allow) E:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{E7E8915B-E678-4B3A-960D-F53692379072}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{D143E230-8C8E-40B0-BCE0-E8308A876198}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{0BE86C39-1BA7-4E93-8E3F-DFEE90F900CD}E:\program files\android\android studio\bin\studio64.exe] => (Allow) E:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{975C2F35-A7A2-4023-A586-86D0B71A7E0C}E:\program files\android\android studio\bin\studio64.exe] => (Allow) E:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{6F163F04-1BD3-429C-9433-003955FC32AB}E:\program files\java\jdk1.8.0_60\bin\java.exe] => (Allow) E:\program files\java\jdk1.8.0_60\bin\java.exe
FirewallRules: [UDP Query User{C2B9D974-583D-47A8-B1E1-39D8C1EDE46D}E:\program files\java\jdk1.8.0_60\bin\java.exe] => (Allow) E:\program files\java\jdk1.8.0_60\bin\java.exe
FirewallRules: [{0310978D-E4BE-4F75-9F5B-B5DBC2D39170}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{504BF91D-FB78-4926-8940-2EAE6CFBCEE8}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{89A7CC24-F5C6-440C-A091-B0C7AB9A0AF2}E:\program files\java\jdk1.8.0_60\bin\java.exe] => (Allow) E:\program files\java\jdk1.8.0_60\bin\java.exe
FirewallRules: [UDP Query User{4800AC1C-4D14-42C6-B5A1-335BFF4BB3AA}E:\program files\java\jdk1.8.0_60\bin\java.exe] => (Allow) E:\program files\java\jdk1.8.0_60\bin\java.exe
FirewallRules: [TCP Query User{62714497-0A42-4084-83A1-87867091A5AF}E:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) E:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{CF2E0257-20C6-4CA6-AD1A-3CAF4A0BC24D}E:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) E:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [{6F7617AE-CEC5-4D37-8196-4E20816DB67C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Duck Game\DuckGame.exe
FirewallRules: [{5849998D-A052-4D6C-99E9-75B3FD229835}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Duck Game\DuckGame.exe
FirewallRules: [{BDC669BA-1766-448A-B04B-EF1EFBC00864}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [{0D70B24F-C779-400C-A12F-2D2ED3CEE73C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [{9A2AAD2C-81C9-4CA0-A88A-15ABFC9FF313}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{6B10F03E-A177-451B-91A0-F4407A854C1E}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{105E61F1-55CA-41CA-A0C1-AFC99A111AA8}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{9EBB944E-372E-4E52-AC66-414AA31FC7F8}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{EB95098E-5DEA-485A-B6F6-72AAA9D85972}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\[bleep] Yeah\HELLYEAH.exe
FirewallRules: [{EE0F825B-E239-4728-BEF2-42FE24C55C00}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\[bleep] Yeah\HELLYEAH.exe
FirewallRules: [{A33B06B1-7F98-42F6-BFB0-62A77182C4D9}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Mechwarrior Online\Bin64\MWOClient.exe
FirewallRules: [{4C4F0543-6AF6-42D4-8459-1AAD2935FEAA}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Mechwarrior Online\Bin64\MWOClient.exe
FirewallRules: [{73E57FFC-029F-43AB-9D47-30474BECD4FA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{08AB5C37-91F9-4B6A-9AE9-B7402D517D9D}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{3E98DF2B-35F3-415A-B67E-E906B65E9018}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{3AC37E57-9829-4F9A-8924-7E6BF289FE1E}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{58085895-B38C-4DDE-9026-3D7506497457}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{E6624EE9-812A-4390-9184-7496CB38D4C1}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{141CCAD9-86E8-4F6C-BCC9-7F256C7630F8}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
 
==================== Restore Points =========================
 
21-02-2016 19:00:02 Windows Backup
28-02-2016 19:00:02 Windows Backup
01-03-2016 14:31:31 Windows Update
07-03-2016 12:47:47 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/09/2016 12:52:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (03/08/2016 07:31:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (03/08/2016 01:34:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (03/06/2016 09:32:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (03/06/2016 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (03/05/2016 12:32:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (03/04/2016 02:41:44 PM) (Source: Distributed Link Tracking Client) (EventID: 12503) (User: )
Description: H
 
Error: (03/04/2016 02:41:43 PM) (Source: Distributed Link Tracking Client) (EventID: 12503) (User: )
Description: H
 
Error: (03/04/2016 02:41:37 PM) (Source: Distributed Link Tracking Client) (EventID: 12503) (User: )
Description: H
 
Error: (03/04/2016 12:33:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
 
System errors:
=============
Error: (03/07/2016 02:33:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR5.
 
Error: (03/07/2016 02:32:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (03/06/2016 01:06:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (03/06/2016 01:06:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (03/04/2016 04:07:20 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error: (03/02/2016 11:32:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (03/02/2016 11:32:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (03/01/2016 01:35:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (03/01/2016 01:35:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (03/01/2016 11:08:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6300 Six-Core Processor 
Percentage of memory in use: 57%
Total physical RAM: 8165.71 MB
Available physical RAM: 3431.09 MB
Total Virtual: 16329.63 MB
Available Virtual: 9569.7 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:238.37 GB) (Free:106.83 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:34.72 GB) NTFS
Drive f: (Antec Drive 1) (Fixed) (Total:444.3 GB) (Free:27.6 GB) NTFS
Drive g: (PRESARIO_RP) (Fixed) (Total:21.45 GB) (Free:17.19 GB) FAT32
Drive h: (WD 2TB External) (Fixed) (Total:1863.01 GB) (Free:361.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 42BD9D28)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D1D8572A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 0F240C51)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=0C)
Partition 2: (Active) - (Size=444.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000CE27C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts

Good day,

I will answer to your thread as soon as possible.

 

Sincerely,

Machiavelli


  • 0

#3
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts

Hello InkAnt201, welcome to Geeks to Go Malware Removal forum!

 
My name is Machiavelli. I will be assisting you with your malware-related problems.
 
======================================================
 
Please consider the following points during this process:

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. 
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across an issues whilst following my instructions, please stop and inform me of the issue.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time.
  • I will notify you when I believe your computer is free of malware. Bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 

======================================================

 

Connecting to the Internet without an Anti-Virus is a risk to you, and to everyone as well. Your computer is susceptible to malware involving Botnets and Zombie Computers . Using Anti-Virus software will help minimize the risk and help prevent your computer from being used to pass on malware to other machines. When compromised, malware spreads faster and more extensively, distributed denial-of-service (DDoS) attacks are easier to launch, spammers have more platforms from which to send E-mails and more zombies are created to perpetuate the cycle.
 
Nowadays, a multi-layed approach to security that incorporates Anti-Virus software is required to protect your computer from the latest malware. Without an Anti-Virus, your computer is not only more susceptible to malware, but also means you are less likely to realise your computer is compromised - sometimes the only symptom is an alert from your Anti-Virus. Please refer to the following articles for more information.

Please download and install ONE of the Anti-Virus' listed below.

For a paid solution, my choice of Anti-Virus is ESET NOD32, and for a free solution, my choice of Anti-Virus is avast!. Please be aware that there is no universal "one size fits all" solution that works for everyone and there is no single best anti-virus. What works for one person may not work for another.

 

===========================================

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2664767064-889826173-3791459063-1000\...\Run: [AdobeBridge] => [X]
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    AlternateDataStreams: C:\ProgramData\TEMP:6F770ABC [126]
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S1].txt.
 
======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • JRT.txt
  • AdwCleaner[C1].txt

 

Sincerely,

Machiavelli


  • 0

#4
InkAnt201

InkAnt201

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi Machiavelli, 

I have installed avast! (free) from your suggestion.

Here are the three copy/pasted logs per your instructions. :)

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Peter (2016-03-13 20:41:37) Run:1
Running from C:\Users\Peter\Desktop\FRST
Loaded Profiles: Peter (Available Profiles: Peter)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\...\Run: [AdobeBridge] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
AlternateDataStreams: C:\ProgramData\TEMP:6F770ABC [126]
EmptyTemp:
end
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\ProgramData\TEMP => ":6F770ABC" ADS removed successfully.
EmptyTemp: => 1.1 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 20:42:11 ====

 

 

JRT.txt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Peter (Administrator) on Sun 03/13/2016 at 20:47:39.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\Peter\AppData\Local\crashrpt (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/13/2016 at 20:49:20.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

AdwCleaner[C1].txt:

# AdwCleaner v5.102 - Logfile created 13/03/2016 at 21:51:06
# Updated 13/03/2016 by Xplode
# Database : 2016-03-13.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Peter - PETER-PC
# Running from : C:\Users\Peter\Desktop\FRST\adwcleaner_5.102.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Peter\AppData\Local\Steam\htmlcache
[-] Folder Deleted : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Myfree Codec
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pdabfienifkbhoihedcgeogidfmibmhp
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1095 bytes] - [13/03/2016 21:51:06]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [1259 bytes] - [13/03/2016 20:53:47]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1281 bytes] ##########

  • 0

#5
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts

Great.

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

  • 0

#6
InkAnt201

InkAnt201

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

New FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01

Ran by Peter (administrator) on PETER-PC (14-03-2016 14:41:58)
Running from C:\Users\Peter\Desktop\FRST
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apache Software Foundation) E:\xampp\apache\bin\httpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apache Software Foundation) E:\xampp\apache\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() E:\xampp\mysql\bin\mysqld.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Samsung) E:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Don HO [email protected]) E:\Program Files (x86)\Notepad++\notepad++.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
(Adobe Systems Inc.) E:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Samsung Electronics Co., Ltd.) E:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Piriform Ltd) E:\Program Files (x86)\Piriform Suite\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-02] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => E:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => E:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [32768 2013-08-01] (Tablet Driver)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2015-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => E:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-03-13] (AVAST Software)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\...\Run: [CCleaner Monitoring] => E:\Program Files (x86)\Piriform Suite\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\...\Run: [Adobe Acrobat Synchronizer] => E:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [881336 2015-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\...\Run: [KiesPDLR.exe] => E:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-07-27] (Samsung)
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\...\MountPoints2: {dca8e119-21ac-11e4-8059-bc5ff4faef21} - J:\DTE_Privacy_launcher.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-13] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{209FF436-8EBA-462E-A0D6-954A4FF6AEE3}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-02] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-13] (AVAST Software)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-02] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-13] (AVAST Software)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\bwmrkgqk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-25] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-02] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> E:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-01] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> E:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @lastpass.com/NPLastPass -> E:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-01] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> E:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> E:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - E:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - E:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
StartMenuInternet: FIREFOX.EXE - E:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://www.dictionary.com/wordoftheday","hxxp://www.uccs.edu/office365/login.html","hxxp://www.lindsredding.com/2012/03/11/a-overdue-lesson-in-perspective/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.26\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-02-10]
CHR Extension: (Facebook Video Downloader) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2016-01-14]
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Sexy Undo Close Tab) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2014-10-23]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga [2015-01-09]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-24]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-10]
CHR Extension: (Google Docs Offline) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
CHR Extension: (Avast Online Security) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-13]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-03-09]
CHR Extension: (Terms of Service; Didn’t Read) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdoplcnndgiblooccencgcggcoihigg [2015-11-24]
CHR Extension: (Skype) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-20]
CHR Extension: (Ghostery) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Neater Bookmarks) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2014-07-26]
CHR Extension: (Image Size Info) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihdhfbfoagfkpcncinlbhfdgpegcigf [2016-02-12]
CHR Extension: (Recent Bookmarks) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\olndffocioplakeilhkgenfgdincjlpn [2014-07-26]
CHR Extension: (Click&Clean App) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-03-13]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-13]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Apache2.4; E:\xampp\apache\bin\httpd.exe [22016 2014-07-17] (Apache Software Foundation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-13] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
U2 HiPatchService; E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-02-02] (Hi-Rez Studios) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mysql; E:\xampp\mysql\bin\mysqld.exe [11021824 2014-09-11] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-05] (Electronic Arts)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2013-08-01] (Tablet Driver) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-13] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-13] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [154024 2016-03-13] (AVAST Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 cpuz136; \??\C:\Users\Peter\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-13 21:59 - 2016-03-13 22:00 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-13 21:59 - 2016-03-13 21:59 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-03-13 21:59 - 2016-03-13 21:59 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw26A1.tmp
2016-03-13 21:59 - 2016-03-13 21:59 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1457927960843
2016-03-13 21:59 - 2016-03-13 21:59 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1457927959907
2016-03-13 21:59 - 2016-03-13 21:59 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-03-13 21:59 - 2016-03-13 21:59 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2752.tmp
2016-03-13 21:59 - 2016-03-13 21:59 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-13 21:59 - 2016-03-13 21:59 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.1457927958158
2016-03-13 21:59 - 2016-03-13 21:59 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-03-13 21:59 - 2016-03-13 21:59 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2763.tmp
2016-03-13 21:59 - 2016-03-13 21:59 - 00286440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.1457927958721
2016-03-13 21:59 - 2016-03-13 21:59 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-13 21:59 - 2016-03-13 21:59 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2783.tmp
2016-03-13 21:59 - 2016-03-13 21:59 - 00154024 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2016-03-13 21:59 - 2016-03-13 21:59 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.1457927960843
2016-03-13 21:59 - 2016-03-13 21:59 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-03-13 21:59 - 2016-03-13 21:59 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2712.tmp
2016-03-13 21:59 - 2016-03-13 21:59 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-13 21:59 - 2016-03-13 21:59 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw26E1.tmp
2016-03-13 21:59 - 2016-03-13 21:59 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-13 21:59 - 2016-03-13 21:59 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2732.tmp
2016-03-13 21:59 - 2016-03-13 21:59 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-13 21:59 - 2016-03-13 21:59 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-13 21:59 - 2016-03-13 21:59 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2701.tmp
2016-03-13 21:59 - 2016-03-13 21:59 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-13 21:59 - 2016-03-13 21:59 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-03-13 21:59 - 2016-03-13 21:59 - 00000000 ____D C:\Users\Peter\AppData\Roaming\AVAST Software
2016-03-13 21:59 - 2016-03-13 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-13 21:59 - 2016-03-13 21:59 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-03-13 21:59 - 2016-03-13 21:59 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-13 21:58 - 2016-03-13 21:58 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-13 21:57 - 2016-03-13 21:57 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-13 20:52 - 2016-03-13 21:51 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-13 20:49 - 2016-03-13 20:49 - 00000633 _____ C:\Users\Peter\Desktop\JRT.txt
2016-03-09 17:10 - 2016-03-09 17:10 - 00000000 ____D C:\Program Files (x86)\ESET
2016-03-09 17:09 - 2016-03-09 17:10 - 02870984 _____ (ESET) C:\Users\Peter\Desktop\esetsmartinstaller_enu.exe
2016-03-09 16:47 - 2016-03-09 17:00 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-09 16:46 - 2016-03-09 16:46 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-09 16:46 - 2016-03-09 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-09 16:46 - 2016-03-09 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-09 16:46 - 2016-03-09 16:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-09 16:46 - 2015-10-05 10:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-09 16:46 - 2015-10-05 10:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-09 16:46 - 2015-10-05 10:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-09 16:45 - 2016-03-09 16:45 - 22908888 _____ (Malwarebytes ) C:\Users\Peter\Desktop\mbam-setup-2.2.0.1024.exe
2016-03-09 14:15 - 2016-03-13 21:57 - 00000000 ____D C:\Users\Peter\Desktop\FRST
2016-03-09 14:11 - 2016-03-14 14:41 - 00000000 ____D C:\FRST
2016-03-01 15:31 - 2016-01-22 14:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-01 15:31 - 2016-01-22 14:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-01 15:31 - 2016-01-22 00:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-01 15:31 - 2016-01-22 00:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-01 15:31 - 2016-01-22 00:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-01 15:31 - 2016-01-22 00:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-01 15:31 - 2016-01-22 00:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-01 15:31 - 2016-01-22 00:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-01 15:31 - 2016-01-22 00:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-01 15:31 - 2016-01-22 00:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-01 15:31 - 2016-01-22 00:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-01 15:31 - 2016-01-22 00:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-01 15:31 - 2016-01-22 00:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-01 15:31 - 2016-01-22 00:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-01 15:31 - 2016-01-22 00:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-01 15:31 - 2016-01-22 00:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-01 15:31 - 2016-01-22 00:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-01 15:31 - 2016-01-22 00:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-01 15:31 - 2016-01-22 00:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-01 15:31 - 2016-01-22 00:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-01 15:31 - 2016-01-22 00:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-01 15:31 - 2016-01-21 23:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-01 15:31 - 2016-01-21 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-01 15:31 - 2016-01-21 23:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-01 15:31 - 2016-01-21 23:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-01 15:31 - 2016-01-21 23:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-01 15:31 - 2016-01-21 23:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-01 15:31 - 2016-01-21 23:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-01 15:31 - 2016-01-21 23:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-01 15:31 - 2016-01-21 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-01 15:31 - 2016-01-21 23:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-01 15:31 - 2016-01-21 23:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-01 15:31 - 2016-01-21 23:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-01 15:31 - 2016-01-21 23:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-01 15:31 - 2016-01-21 23:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-01 15:31 - 2016-01-21 23:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-01 15:31 - 2016-01-21 23:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-01 15:31 - 2016-01-21 23:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-01 15:31 - 2016-01-21 23:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-01 15:31 - 2016-01-21 23:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-01 15:31 - 2016-01-21 23:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-01 15:31 - 2016-01-21 23:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-01 15:31 - 2016-01-21 23:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-01 15:30 - 2016-02-06 04:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-01 15:30 - 2016-02-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-01 15:30 - 2016-02-06 04:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-01 15:30 - 2016-02-06 04:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-01 15:30 - 2016-02-06 04:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-01 15:30 - 2016-02-06 04:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-01 15:30 - 2016-02-06 03:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-01 15:30 - 2016-02-06 03:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-01 15:30 - 2016-02-06 03:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-01 15:30 - 2016-02-06 03:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-01 15:30 - 2016-02-06 03:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-01 15:30 - 2016-02-06 03:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-01 15:30 - 2016-02-06 03:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-01 15:30 - 2016-02-06 02:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-01 15:30 - 2016-01-22 00:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-01 15:30 - 2016-01-22 00:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-01 15:30 - 2016-01-22 00:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-01 15:30 - 2016-01-22 00:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-01 15:30 - 2016-01-22 00:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-01 15:30 - 2016-01-22 00:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-01 15:30 - 2016-01-22 00:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-01 15:30 - 2016-01-22 00:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-01 15:30 - 2016-01-22 00:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-01 15:30 - 2016-01-22 00:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-01 15:30 - 2016-01-22 00:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-01 15:30 - 2016-01-22 00:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-01 15:30 - 2016-01-22 00:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-01 15:30 - 2016-01-22 00:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-01 15:30 - 2016-01-22 00:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-01 15:30 - 2016-01-22 00:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-01 15:30 - 2016-01-22 00:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-01 15:30 - 2016-01-22 00:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-01 15:30 - 2016-01-22 00:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-01 15:30 - 2016-01-22 00:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-01 15:30 - 2016-01-22 00:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-01 15:30 - 2016-01-22 00:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-01 15:30 - 2016-01-22 00:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-03-01 15:30 - 2016-01-22 00:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-03-01 15:30 - 2016-01-22 00:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-01 15:30 - 2016-01-22 00:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-01 15:30 - 2016-01-22 00:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-01 15:30 - 2016-01-22 00:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-03-01 15:30 - 2016-01-22 00:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-01 15:30 - 2016-01-22 00:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-01 15:30 - 2016-01-22 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-01 15:30 - 2016-01-22 00:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-01 15:30 - 2016-01-22 00:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-01 15:30 - 2016-01-22 00:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-01 15:30 - 2016-01-22 00:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-01 15:30 - 2016-01-22 00:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-01 15:30 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-01 15:30 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-01 15:30 - 2016-01-22 00:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-01 15:30 - 2016-01-22 00:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-01 15:30 - 2016-01-22 00:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-01 15:30 - 2016-01-22 00:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-01 15:30 - 2016-01-22 00:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-01 15:30 - 2016-01-22 00:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-01 15:30 - 2016-01-22 00:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-01 15:30 - 2016-01-22 00:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-01 15:30 - 2016-01-22 00:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-01 15:30 - 2016-01-22 00:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-01 15:30 - 2016-01-22 00:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-01 15:30 - 2016-01-22 00:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-01 15:30 - 2016-01-22 00:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-01 15:30 - 2016-01-22 00:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-03-01 15:30 - 2016-01-22 00:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-03-01 15:30 - 2016-01-22 00:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-01 15:30 - 2016-01-22 00:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-01 15:30 - 2016-01-22 00:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-01 15:30 - 2016-01-22 00:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-03-01 15:30 - 2016-01-22 00:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-01 15:30 - 2016-01-22 00:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-03-01 15:30 - 2016-01-22 00:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 23:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-01 15:30 - 2016-01-21 23:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-01 15:30 - 2016-01-21 23:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-01 15:30 - 2016-01-21 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-01 15:30 - 2016-01-21 23:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-01 15:30 - 2016-01-21 23:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-01 15:30 - 2016-01-21 23:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-01 15:30 - 2016-01-21 22:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-01 15:30 - 2016-01-21 22:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-01 15:30 - 2016-01-21 22:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-01 15:30 - 2016-01-21 22:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-01 15:30 - 2016-01-21 22:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-01 15:30 - 2016-01-21 22:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-01 15:30 - 2016-01-21 22:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-01 15:30 - 2016-01-21 22:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-01 15:30 - 2016-01-21 22:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-01 15:30 - 2016-01-21 22:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-01 15:30 - 2016-01-21 22:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 22:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 22:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-01 15:30 - 2016-01-21 22:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-01 15:30 - 2016-01-16 13:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-01 15:30 - 2016-01-16 12:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-01 15:30 - 2016-01-07 11:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-01 15:30 - 2016-01-07 11:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-03-01 15:30 - 2016-01-06 13:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-03-01 15:30 - 2016-01-06 13:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-03-01 15:30 - 2016-01-06 12:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-03-01 15:30 - 2015-12-08 15:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-03-01 15:30 - 2015-12-08 15:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-03-01 15:30 - 2015-12-08 15:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-03-01 15:30 - 2015-12-08 15:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-03-01 15:30 - 2015-12-08 15:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-03-01 15:30 - 2015-12-08 15:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-03-01 15:30 - 2015-12-08 15:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-03-01 15:30 - 2015-12-08 15:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-03-01 15:30 - 2015-12-08 15:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-03-01 15:30 - 2015-12-08 15:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-03-01 15:30 - 2015-12-08 15:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-03-01 15:30 - 2015-12-08 15:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-03-01 15:30 - 2015-12-08 15:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-03-01 15:30 - 2015-12-08 15:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-03-01 15:30 - 2015-12-08 15:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-03-01 15:30 - 2015-12-08 15:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-03-01 15:30 - 2015-12-08 15:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-03-01 15:30 - 2015-12-08 15:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-03-01 15:30 - 2015-12-08 15:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-03-01 15:30 - 2015-12-08 15:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-03-01 15:30 - 2015-12-08 15:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-03-01 15:30 - 2015-12-08 15:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-03-01 15:30 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-03-01 15:30 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-03-01 15:30 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-03-01 15:30 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-03-01 15:30 - 2015-12-08 15:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-03-01 15:30 - 2015-12-08 15:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-03-01 15:30 - 2015-12-08 15:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-03-01 15:30 - 2015-12-08 15:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-03-01 15:30 - 2015-12-08 15:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-03-01 15:30 - 2015-12-08 15:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-03-01 15:30 - 2015-12-08 15:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-03-01 15:30 - 2015-12-08 15:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-03-01 15:30 - 2015-12-08 15:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-03-01 15:30 - 2015-12-08 15:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-03-01 15:30 - 2015-12-08 15:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-03-01 15:30 - 2015-12-08 13:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-03-01 15:30 - 2015-12-08 13:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-03-01 15:30 - 2015-12-08 13:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-03-01 15:30 - 2015-12-08 13:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-03-01 15:30 - 2015-12-08 13:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-03-01 15:30 - 2015-12-08 13:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-03-01 15:30 - 2015-12-08 12:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-03-01 15:30 - 2015-12-08 12:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-03-01 15:30 - 2015-12-08 12:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-03-01 15:30 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-03-01 15:30 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-03-01 15:30 - 2015-11-13 17:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-03-01 15:30 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-03-01 15:30 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-03-01 15:30 - 2015-11-13 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-03-01 15:30 - 2015-11-11 12:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-03-01 15:30 - 2015-11-11 12:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-03-01 15:30 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-03-01 15:30 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-03-01 15:30 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-03-01 15:30 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-03-01 15:30 - 2015-11-10 12:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-03-01 15:30 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-03-01 15:30 - 2015-11-10 12:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-03-01 15:30 - 2015-11-05 13:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-03-01 15:30 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-03-01 15:30 - 2015-11-05 03:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-03-01 15:30 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-03-01 15:30 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-03-01 15:30 - 2015-10-13 10:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-03-01 15:30 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-03-01 15:30 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-03-01 15:30 - 2015-10-01 12:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-03-01 15:30 - 2015-10-01 12:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-03-01 15:30 - 2015-10-01 12:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-03-01 15:30 - 2015-10-01 12:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-03-01 15:30 - 2015-10-01 12:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-03-01 15:30 - 2015-10-01 12:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-03-01 15:30 - 2015-10-01 12:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-03-01 15:30 - 2015-10-01 11:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-03-01 15:30 - 2015-10-01 11:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-03-01 15:30 - 2015-09-23 07:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-03-01 15:30 - 2015-09-23 07:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-03-01 15:30 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-03-01 15:30 - 2015-08-06 12:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-03-01 15:30 - 2015-08-06 12:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-03-01 15:30 - 2015-08-06 11:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-03-01 15:30 - 2015-08-06 11:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-03-01 15:30 - 2015-08-05 11:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-03-01 15:26 - 2015-11-03 13:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-03-01 15:26 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-03-01 15:25 - 2015-09-01 21:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-01 15:25 - 2015-09-01 21:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-01 15:25 - 2015-09-01 21:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-01 15:25 - 2015-09-01 21:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-01 15:25 - 2015-09-01 20:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-01 15:25 - 2015-09-01 20:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-01 15:25 - 2015-09-01 20:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-01 15:25 - 2015-09-01 20:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-01 15:25 - 2015-09-01 19:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-01 15:25 - 2015-09-01 19:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-14 14:22 - 2014-07-26 15:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-14 12:46 - 2014-07-28 23:06 - 00000000 ____D C:\Users\Peter\AppData\Roaming\vlc
2016-03-14 11:42 - 2015-06-07 17:41 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-14 09:07 - 2014-08-15 14:10 - 00000000 ____D C:\Users\Peter\AppData\Local\Adobe
2016-03-13 22:00 - 2009-07-13 22:45 - 00032336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-13 22:00 - 2009-07-13 22:45 - 00032336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-13 21:59 - 2015-02-06 14:54 - 00000000 ____D C:\Users\Peter\AppData\Local\Steam
2016-03-13 21:58 - 2009-07-13 23:13 - 00796934 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-13 21:58 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-03-13 21:52 - 2015-07-02 14:01 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-13 21:52 - 2014-07-26 15:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-13 21:52 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-13 20:44 - 2014-07-28 10:45 - 498235392 _____ C:\Users\Peter\AppData\Local\SageThumbs.db3
2016-03-11 18:11 - 2015-04-24 16:14 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2016-03-11 14:07 - 2015-04-10 17:54 - 00000000 ____D C:\Users\Peter\AppData\Local\CrashDumps
2016-03-10 15:23 - 2014-07-26 15:26 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-09 20:01 - 2015-04-08 23:40 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-03-08 21:44 - 2015-01-01 20:05 - 00000000 ____D C:\Users\Peter\AppData\Local\NVIDIA
2016-03-08 13:03 - 2014-08-08 13:36 - 00000033 _____ C:\Users\Peter\AppData\Roaming\AdobeWLCMCache.dat
2016-03-02 13:04 - 2015-09-29 13:36 - 00000000 ____D C:\ProgramData\Oracle
2016-03-02 12:34 - 2015-11-02 23:19 - 00000000 ____D C:\Program Files\Java
2016-03-02 12:34 - 2015-09-29 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-03-02 12:34 - 2014-09-04 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-02 12:33 - 2015-09-29 13:36 - 00000000 ____D C:\Users\Peter\.oracle_jre_usage
2016-03-02 12:33 - 2014-09-04 11:30 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-03-02 02:22 - 2015-04-20 23:25 - 00000000 ____D C:\Windows\rescache
2016-03-02 01:46 - 2009-07-13 22:45 - 05037656 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-02 01:45 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-02 01:45 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-01 15:47 - 2014-07-27 01:31 - 00000000 ____D C:\Windows\system32\MRT
2016-03-01 15:42 - 2014-07-27 01:31 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-01 15:35 - 2014-07-26 15:32 - 00789056 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-29 21:02 - 2015-10-31 11:44 - 00000000 ____D C:\Users\Peter\AppData\Local\ElevatedDiagnostics
2016-02-25 13:03 - 2014-08-15 12:48 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-25 13:03 - 2014-08-15 12:48 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-23 17:49 - 2014-07-26 15:26 - 00096072 _____ C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-17 00:40 - 2015-11-29 16:25 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-02-17 00:40 - 2015-01-01 20:04 - 01903344 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-02-17 00:40 - 2015-01-01 20:04 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-02-17 00:40 - 2015-01-01 20:04 - 01571624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-02-17 00:40 - 2015-01-01 20:04 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-02-15 19:02 - 2015-08-31 21:40 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Curse Client
 
==================== Files in the root of some directories =======
 
2014-08-08 13:36 - 2016-03-08 13:03 - 0000033 _____ () C:\Users\Peter\AppData\Roaming\AdobeWLCMCache.dat
2014-11-18 12:23 - 2015-07-23 12:29 - 0001456 _____ () C:\Users\Peter\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-12-27 16:51 - 2015-12-27 16:51 - 0000963 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel
2014-08-27 13:57 - 2014-08-27 13:57 - 0007619 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
2014-07-28 10:45 - 2016-03-13 20:44 - 498235392 _____ () C:\Users\Peter\AppData\Local\SageThumbs.db3
2014-07-26 15:20 - 2014-07-26 15:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-09 13:50
 
==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Peter (2016-03-14 14:42:25)
Running from C:\Users\Peter\Desktop\FRST
Windows 7 Home Premium Service Pack 1 (X64) (2014-07-26 21:16:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2664767064-889826173-3791459063-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2664767064-889826173-3791459063-1002 - Limited - Enabled)
Guest (S-1-5-21-2664767064-889826173-3791459063-501 - Limited - Disabled)
Peter (S-1-5-21-2664767064-889826173-3791459063-1000 - Administrator - Enabled) => C:\Users\Peter
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.08 beta (x64) (HKLM\...\7-Zip) (Version: 15.08 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.1.0 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.1.181 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{7F823F8E-4348-11E4-8BF8-81763C49AA32}) (Version: 15.1.0 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.1.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.1.0.122 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.1 - Adobe Systems Incorporated)
Adobe Muse CC 2014 (HKLM\...\{3BFA80E7-C4DB-45E7-B6B7-5E1804ED3652}) (Version: 2014.1.0.375 - Adobe Systems, Incorporated)
Adobe Muse CC 2014 (HKLM-x32\...\{F80BB030-D3E3-11E4-B787-F144E7411942}) (Version: 2014.3.2.11 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.1 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blender (HKLM\...\{BBE9D9F0-3F77-4E26-9E10-1AFB56D41363}) (Version: 2.76.0 - Blender Foundation)
Bulk Image Sizer (HKLM-x32\...\{30DDBC77-5F8A-4A36-934E-096F70D003B8}) (Version: 1.0.0 - Home Use)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Dragon UnPACKer 5 (HKLM-x32\...\DragonUnPACKer5_is1) (Version: 5.7.0 Beta - Alexandre Devilliers (aka Elbereth))
Duck Game (HKLM-x32\...\Steam App 312530) (Version:  - Landon Podbielski)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version:  - Ryan Gregg)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.26 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Reloaded Games)
[bleep] Yeah! (HKLM-x32\...\Steam App 205230) (Version:  - Arkedo)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version:  - Blit Software)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version:  - Tripwire Interactive)
Kotor Tool (HKLM-x32\...\Kotor Tool) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LibreOffice 5.0.1.2 (HKLM-x32\...\{927AE35D-72BC-437D-BAC7-EE47D03DEE54}) (Version: 5.0.1.2 - The Document Foundation)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.186 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MechWarrior Online (HKLM\...\Steam App 342200) (Version:  - Piranha Games Inc.)
MechWarrior Online (HKLM-x32\...\{9f17023b-d04f-432b-b08a-3bb4c3a7ed3c}) (Version: 1.6.0.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.6.1.0 - Piranha Games Inc.) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Firefox 43.0.1 (x86 en-US) (HKU\S-1-5-21-2664767064-889826173-3791459063-1000\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 en-US)) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 en-US) (HKU\S-1-5-21-2664767064-889826173-3791459063-1000\...\Mozilla Thunderbird 31.6.0 (x86 en-US)) (Version: 31.6.0 - Mozilla)
MTXExtractor (HKLM-x32\...\{3C33D2A4-7375-49A1-B32E-1ECD544ADA3C}) (Version: 1.0.1 - mektek.net)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.56.1 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.14.810.11 - Hi-Rez Studios)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Recovery Toolbox for Photoshop 2.0 (HKLM-x32\...\Recovery Toolbox for Photoshop_is1) (Version:  - Recovery Toolbox, Inc.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SageThumbs 2.0.0.19 (HKLM\...\SageThumbs) (Version: 2.0.0.19 - Cherubic Software)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version:  - Sega)
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 3.1.3218.4 - Hi-Rez Studios)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
STAR WARS™ Knights of the Old Republic™ II: The Sith Lords™ (HKLM-x32\...\Steam App 208580) (Version:  - Obsidian Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tableau 9.2 (9200.15.1215.2037) (HKLM\...\{0854BAAD-ECE1-4C6E-BD7B-01CDA2BE3646}) (Version: 9.2.89 - Tableau Software)
Tablet Driver V8.01 (HKLM-x32\...\TabletDriver) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TSLRCM 1.8.4 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version:  - )
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VTF Shell Extensions 1.7.5.0 (HKLM\...\VTF Shell Extensions 1.7.5.0) (Version: 1.0.6.1 - Neil Jedrzejewski)
VTFEdit 1.3.3 (HKLM\...\VTFEdit_is1) (Version:  - Neil Jedrzejewski & Ryan Gregg)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)
XnView 2.22 (HKLM-x32\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2664767064-889826173-3791459063-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0446F80E-A953-4189-AD65-E2D0DFF533A7} - System32\Tasks\{EEF06103-DB32-4CD6-8B2A-08F3935EC05C} => E:\Program Files (x86)\Steam\SteamApps\common\mass effect\Binaries\MassEffect.exe [2011-12-28] (BioWare)
Task: {0701929F-C650-4A5F-BEF1-F1B53F18493A} - System32\Tasks\AdobeAAMUpdater-1.0-Peter-PC-Peter => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {38EBCA0B-B742-4006-9C3E-E70C2A383C0E} - System32\Tasks\CCleanerSkipUAC => E:\Program Files (x86)\Piriform Suite\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {4261D9FA-C368-46E7-85E3-A31EF2D63E30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {619866EE-37A5-4132-9AF6-9EDA4D8E427C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-13] (AVAST Software)
Task: {ABF13FA4-FC9C-407E-A4FB-0230DEB88126} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-13] (AVAST Software)
Task: {B59E50FC-7999-4780-B5DF-F3C7E6379A26} - System32\Tasks\{DC735316-860C-4C6C-96E8-3ECC992128ED} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
Task: {D1A0EF7B-FA97-481C-974A-64DEFF37EB7A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DF422E9E-F701-4559-9DF1-E375E46D7B0D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-02 14:01 - 2015-12-16 08:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-11-14 05:23 - 2015-11-14 05:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-03-29 04:25 - 2015-03-29 04:25 - 00043480 _____ () E:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 03:49 - 2014-05-12 03:49 - 00222720 _____ () E:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-30 18:36 - 2014-09-11 08:13 - 11021824 _____ () E:\xampp\mysql\bin\mysqld.exe
2016-03-08 21:44 - 2016-02-17 00:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-08 21:44 - 2016-02-17 00:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-01-08 19:09 - 2016-02-17 00:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2014-07-02 15:54 - 2014-07-02 15:54 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-02 15:59 - 2014-07-02 15:59 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-02 15:54 - 2014-07-02 15:54 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-02 15:59 - 2014-07-02 15:59 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-11-14 05:22 - 2015-11-14 05:22 - 31401120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-03-10 15:23 - 2016-03-10 01:46 - 02224280 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.26\libglesv2.dll
2016-03-10 15:23 - 2016-03-10 01:45 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.26\libegl.dll
2016-03-10 15:23 - 2016-03-10 01:46 - 31390872 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.26\PepperFlash\pepflashplayer.dll
2015-03-30 18:35 - 2014-07-17 05:18 - 00219648 _____ () E:\xampp\apache\bin\pcre.dll
2015-03-30 18:36 - 2014-11-12 19:41 - 00127488 _____ () E:\xampp\php\libpq.dll
2015-03-30 18:35 - 2014-11-12 19:41 - 00117760 _____ () E:\xampp\apache\bin\libssh2.dll
2015-04-08 23:46 - 2016-02-17 01:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-08-01 01:23 - 2013-08-01 01:23 - 00301912 _____ () C:\Windows\system32\WinTab32.DLL
2011-07-18 15:07 - 2011-07-18 15:07 - 00014336 _____ () E:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-06 17:42 - 2014-01-06 17:42 - 01611264 _____ () E:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2015-11-16 18:43 - 2015-11-16 18:43 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2013-08-01 01:23 - 2013-08-01 01:23 - 00249688 _____ () C:\Windows\SysWOW64\WinTab32.DLL
2013-08-01 01:23 - 2013-08-01 01:23 - 00241496 _____ () C:\Windows\SysWOW64\MyDrawLineWindowDll.dll
2015-11-16 18:43 - 2015-11-16 18:43 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2015-11-16 18:43 - 2015-11-16 18:43 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2015-11-25 20:35 - 2015-11-25 20:35 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-11-25 20:35 - 2015-11-25 20:35 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-11-25 20:35 - 2015-11-25 20:35 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2015-11-25 20:35 - 2015-11-25 20:35 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2015-11-25 14:22 - 2015-11-25 14:22 - 00089264 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin7.dll
2015-11-25 20:35 - 2015-11-25 20:35 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-03-13 21:59 - 2016-03-13 21:59 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-13 21:59 - 2016-03-13 21:59 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-13 21:59 - 2016-03-13 21:59 - 02838016 _____ () C:\Program Files\AVAST Software\Avast\defs\16030800\algo.dll
2016-03-13 21:59 - 2016-03-13 21:59 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-13 21:59 - 2016-03-13 21:59 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-03-14 13:08 - 2016-03-14 13:08 - 02840576 _____ () C:\Program Files\AVAST Software\Avast\defs\16031401\algo.dll
2016-03-13 21:59 - 2016-03-13 21:59 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2664767064-889826173-3791459063-1000\Control Panel\Desktop\\Wallpaper -> E:\Program Files (x86)\XnView\\xnview_wallpaper_20160215.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupreg: iTunesHelper => "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F637FA3F-2D4A-433D-A3CA-5214D8C206C0}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7ABCB8F9-07C7-4B65-B7BA-E3060DF2852C}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DF39E5F4-4208-4FE3-B30F-D8DF2EB24D0A}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{59B2BAC5-2331-4F38-AF24-27264B8C8CE7}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{914EC7BD-45D7-4889-9346-59089F32939C}E:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe
FirewallRules: [UDP Query User{2DA46542-6109-4690-AAD1-98A66027153E}E:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe
FirewallRules: [{D9F359D1-7126-4EA7-93D9-14310839DC27}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{8A613A91-4864-447B-BA91-D9E686091228}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{BD2E034F-592A-49DB-BA93-61A7ACAD147C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{2BCD6037-4F2C-4685-9CCD-9529C953099E}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{92559D8C-847C-461C-89C1-B7011FEF9A33}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{72747498-70C3-4A1D-891C-0D57295B3ED3}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{582845CF-0B74-4D26-AF59-8EC26EB8217A}] => (Allow) E:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{E1FC3122-7CC0-4797-A694-693ADE5B7925}E:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{29891EAE-2632-404A-9DFC-BF120BB53B5E}E:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{19254958-811B-4431-8431-0EC3B57C3A7D}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [{E45D713B-485B-49A0-8A6B-66C24EA74E57}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [{89C10E45-754E-4ECD-B3D0-BD0DDC2914C0}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9164FC47-3EBD-4BB0-BBFF-FF716E305CD4}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{625A19D6-B3E7-4D6A-840F-F826B2CF8110}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{B1A7F96A-E83D-4050-9A44-CA83869BACA7}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [TCP Query User{AF7AD9FD-03BB-433B-83F6-8C45CC19443F}E:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [UDP Query User{59B55A0F-1CA1-4130-9EEB-C916233CBDCE}E:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [{7E1E1697-E083-475D-9438-A18A642E39A7}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{A2B82F11-4092-4CFB-9050-7E3502523C45}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{C6F60883-6BCD-4AF5-B005-7928BBA246A4}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{020381D1-91C3-48B9-916B-83C4C7BA8A1B}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{89DFA5DB-D69C-476B-8928-E08A2381D37D}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{17DCE81B-4C05-4E08-8B5B-4A65B6BA243C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [TCP Query User{8CA953DC-D76A-4560-9367-00B5AAA8107C}E:\program files (x86)\adobe\adobe after effects cc 2014\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe] => (Allow) E:\program files (x86)\adobe\adobe after effects cc 2014\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe
FirewallRules: [UDP Query User{B2B802F8-0C94-487F-8E67-06E5E12A79F9}E:\program files (x86)\adobe\adobe after effects cc 2014\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe] => (Allow) E:\program files (x86)\adobe\adobe after effects cc 2014\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe
FirewallRules: [{07993BD3-C5C7-4E1A-A984-1AC2FCACDF7A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CEEA70D7-8DC0-4067-BAFD-6378B6CD0074}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{01E092B8-4E8C-4584-9B55-DD56EB890787}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\EvolveBeta\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{6893859C-30AB-4B86-9886-1E3A0BFABAB1}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\EvolveBeta\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{72A77B16-2FA3-4837-9201-07DD633BAE3B}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{E8A50493-A9EB-4E01-BA40-426D0283615B}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{EBAE35DE-4EB2-4B8A-925F-AD94055A404C}E:\xampp\apache\bin\httpd.exe] => (Block) E:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{154A117E-FC6C-4625-9F41-417589A7AC5D}E:\xampp\apache\bin\httpd.exe] => (Block) E:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{F8EEE277-DEF1-4CEA-BAB5-F885E22EBF2D}E:\xampp\filezillaftp\filezillaserver.exe] => (Block) E:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [UDP Query User{1DB4D3F0-0D20-444A-8A4E-43DEF54D445F}E:\xampp\filezillaftp\filezillaserver.exe] => (Block) E:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [TCP Query User{8CF7C4D6-19C1-4C40-A07F-95776E85CA9B}E:\xampp\mysql\bin\mysqld.exe] => (Block) E:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{71AEE837-BF06-4B20-B09D-E51DC962F262}E:\xampp\mysql\bin\mysqld.exe] => (Block) E:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{D029FD57-2270-45D0-8A48-AD016BAAFA03}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{CCD2CF6E-B1AD-478F-90ED-651927F12A35}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{48F3A332-CBDE-47AF-9F86-A99F584C4409}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{00991AED-E1C3-4952-83DD-54B28C4B7576}E:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe] => (Allow) E:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe
FirewallRules: [UDP Query User{57CB6FF0-C74C-4ED7-8BA2-77BCC97AD3E1}E:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe] => (Allow) E:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe
FirewallRules: [{1223C29B-909F-4F1B-A2F6-C538384B9EA1}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{6EB9CEC9-B925-4260-B5D2-F492BB477545}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{01BDA3F0-975E-4F2F-9556-ABBB9D50A8C0}E:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{EB4FE223-EF0C-4B50-850D-0288BFC5A70F}E:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [{F3FE8B3B-FDB1-4162-B8B8-D209F0F32B7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CB0637C1-C961-4D04-A77A-5750DFB35BEB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{86950C2F-4E65-4FDB-9C09-BCDCB8525077}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{94093B65-7B14-49C1-99C1-ABCB2FBF7D08}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3FE0A5B8-69BB-4BA2-A5B3-328E7EB61660}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{BAC3C1C3-1B21-410F-B195-45263F495316}E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{3C6B7D75-6E4D-445B-8B42-BC9A6DFEE2B6}E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{C17EE7E1-E2B7-40D5-A441-F6F326DDC4F0}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7E7DB430-23AC-476D-AB99-707395B024FD}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{41B94FD9-6B52-42F9-A0A0-55781F8ECDA1}E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{EFDF20DD-F901-435B-99F8-A872A937057B}E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{D5283AED-AF66-4EB7-848E-2AEEF159E38A}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\half-life 2 deathmatch\hl2.exe
FirewallRules: [{69BFC6EA-659E-4DCA-B580-6327FB959AAA}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\half-life 2 deathmatch\hl2.exe
FirewallRules: [TCP Query User{E5E8E383-8EC0-4B9A-95BB-00B3F6649C57}E:\program files\android\android studio\bin\studio64.exe] => (Allow) E:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{18C5C740-DB7F-44BB-BE08-8066FA8B8D4E}E:\program files\android\android studio\bin\studio64.exe] => (Allow) E:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{4E61BFA0-E3C9-454A-9701-5756702F1E91}] => (Allow) E:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{A00381E8-1EF5-448A-A6A0-BE91C590B357}] => (Allow) E:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{8C0191CC-AA9E-474A-B75D-9D8A5DD0618A}] => (Allow) E:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{21E3D29E-E6A7-4162-A877-4FC5AD45C5F0}] => (Allow) E:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{E7E8915B-E678-4B3A-960D-F53692379072}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{D143E230-8C8E-40B0-BCE0-E8308A876198}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{0BE86C39-1BA7-4E93-8E3F-DFEE90F900CD}E:\program files\android\android studio\bin\studio64.exe] => (Allow) E:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{975C2F35-A7A2-4023-A586-86D0B71A7E0C}E:\program files\android\android studio\bin\studio64.exe] => (Allow) E:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{6F163F04-1BD3-429C-9433-003955FC32AB}E:\program files\java\jdk1.8.0_60\bin\java.exe] => (Allow) E:\program files\java\jdk1.8.0_60\bin\java.exe
FirewallRules: [UDP Query User{C2B9D974-583D-47A8-B1E1-39D8C1EDE46D}E:\program files\java\jdk1.8.0_60\bin\java.exe] => (Allow) E:\program files\java\jdk1.8.0_60\bin\java.exe
FirewallRules: [{0310978D-E4BE-4F75-9F5B-B5DBC2D39170}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{504BF91D-FB78-4926-8940-2EAE6CFBCEE8}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{89A7CC24-F5C6-440C-A091-B0C7AB9A0AF2}E:\program files\java\jdk1.8.0_60\bin\java.exe] => (Allow) E:\program files\java\jdk1.8.0_60\bin\java.exe
FirewallRules: [UDP Query User{4800AC1C-4D14-42C6-B5A1-335BFF4BB3AA}E:\program files\java\jdk1.8.0_60\bin\java.exe] => (Allow) E:\program files\java\jdk1.8.0_60\bin\java.exe
FirewallRules: [TCP Query User{62714497-0A42-4084-83A1-87867091A5AF}E:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) E:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{CF2E0257-20C6-4CA6-AD1A-3CAF4A0BC24D}E:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) E:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [{6F7617AE-CEC5-4D37-8196-4E20816DB67C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Duck Game\DuckGame.exe
FirewallRules: [{5849998D-A052-4D6C-99E9-75B3FD229835}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Duck Game\DuckGame.exe
FirewallRules: [{BDC669BA-1766-448A-B04B-EF1EFBC00864}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [{0D70B24F-C779-400C-A12F-2D2ED3CEE73C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [{9A2AAD2C-81C9-4CA0-A88A-15ABFC9FF313}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{6B10F03E-A177-451B-91A0-F4407A854C1E}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{105E61F1-55CA-41CA-A0C1-AFC99A111AA8}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{9EBB944E-372E-4E52-AC66-414AA31FC7F8}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{EB95098E-5DEA-485A-B6F6-72AAA9D85972}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\[bleep] Yeah\HELLYEAH.exe
FirewallRules: [{EE0F825B-E239-4728-BEF2-42FE24C55C00}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\[bleep] Yeah\HELLYEAH.exe
FirewallRules: [{A33B06B1-7F98-42F6-BFB0-62A77182C4D9}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Mechwarrior Online\Bin64\MWOClient.exe
FirewallRules: [{4C4F0543-6AF6-42D4-8459-1AAD2935FEAA}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Mechwarrior Online\Bin64\MWOClient.exe
FirewallRules: [{E6624EE9-812A-4390-9184-7496CB38D4C1}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{141CCAD9-86E8-4F6C-BCC9-7F256C7630F8}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2BF44787-8D60-4578-93DC-2F95EEC4747F}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{EEA3D2E2-6C7A-416D-9D81-0A133A021877}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{1941E1E5-DE5B-4FF5-8251-72D35D8FDC67}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{315EF3D8-11CD-4BA3-BC55-00BC52D68332}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{E5837E19-9527-41F5-BB40-1B6A747FD3D5}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
 
==================== Restore Points =========================
 
21-02-2016 20:00:02 Windows Backup
28-02-2016 20:00:02 Windows Backup
01-03-2016 15:31:31 Windows Update
07-03-2016 13:47:47 Windows Update
13-03-2016 20:14:04 Windows Backup
13-03-2016 20:41:37 Restore Point Created by FRST
13-03-2016 20:47:40 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/14/2016 10:23:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (03/13/2016 09:54:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/13/2016 08:45:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/13/2016 08:41:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6be7a963-50a1-4716-8119-918d3b4d6e2d}
 
Error: (03/13/2016 08:41:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/12/2016 04:42:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/12/2016 12:07:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/12/2016 12:07:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (03/11/2016 02:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RocketLeague.exe, version: 1.0.10897.0, time stamp: 0x56d88af2
Faulting module name: RocketLeague.exe, version: 1.0.10897.0, time stamp: 0x56d88af2
Exception code: 0xc0000005
Fault offset: 0x00708238
Faulting process id: 0x1d44
Faulting application start time: 0xRocketLeague.exe0
Faulting application path: RocketLeague.exe1
Faulting module path: RocketLeague.exe2
Report Id: RocketLeague.exe3
 
Error: (03/11/2016 01:33:12 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 
System errors:
=============
Error: (03/13/2016 09:59:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (03/13/2016 09:59:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (03/13/2016 09:51:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1069
 
Error: (03/13/2016 09:51:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (03/13/2016 09:51:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (03/13/2016 09:51:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (03/13/2016 09:51:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/13/2016 09:51:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/13/2016 09:51:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Network Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/13/2016 09:51:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WinTab Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6300 Six-Core Processor 
Percentage of memory in use: 73%
Total physical RAM: 8165.71 MB
Available physical RAM: 2185.91 MB
Total Virtual: 16329.63 MB
Available Virtual: 8902.26 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:238.37 GB) (Free:103.65 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:34.82 GB) NTFS
Drive f: (Antec Drive 1) (Fixed) (Total:444.3 GB) (Free:27.6 GB) NTFS
Drive g: (PRESARIO_RP) (Fixed) (Total:21.45 GB) (Free:17.19 GB) FAT32
Drive h: (WD 2TB External) (Fixed) (Total:1863.01 GB) (Free:358.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 42BD9D28)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D1D8572A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 0F240C51)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=0C)
Partition 2: (Active) - (Size=444.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000CE27C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 

 

==================== End of Addition.txt ============================

  • 0

#7
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts

STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Your version of MBAM is outdated. Please download the Malwarebytes Anti-Malware setup file to your Desktop.
  • Please download the Malwarebytes Anti-Malware setup file to your Desktop.
  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs, followed by the first Scan Log.
  • Click Export, followed by Copy to ClipboardPaste the log in your next reply. 
     

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png.  
  • Click esetExport.png and save the file to your Desktop, naming it something such as "ESET Scan".
  • Click the Back button.
  • Note: If no threats were found, there will be no log to save. 
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM Scan log
  • ESET Online Scan log

  • 0

#8
InkAnt201

InkAnt201

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

MBAM Scan Log:
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/15/2016
Scan Time: 1:42 PM
Logfile: MBAM Scan Log.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.15.06
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Peter
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359046
Time Elapsed: 10 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.ProCleanerSoftware, HKU\S-1-5-21-2664767064-889826173-3791459063-1000\SOFTWARE\Caphyon, Quarantined, [b85a2b5d5e3b85b145f72368bb4959a7], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESET Online Scan Log
E:\Downloads\dfsetup218 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Downloads\dfsetup218.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Downloads\FileZilla_3.10.3_win64-setup.exe a variant of Win32/InstallCore.ACZ potentially unwanted application
E:\Downloads\spsetup126.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Downloads\Unlocker1.9.2.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
F:\Documents and Settings\Owner\Desktop\gimp_958.exe a variant of Win32/InstallIQ potentially unwanted application
F:\Program Files\IZArc\OpenCandy\OCSetupHlp.dll Win32/OpenCandy potentially unsafe application
F:\WINDOWS\system32\CloseApp.exe Win32/CloseApp.A potentially unsafe application
F:\WINDOWS\system32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
H:\Backups\Office Desktop Backup\Documents and Settings\Old System C Drive\Program Files\AWS\WeatherBug\Install\WxBugSetup502b4.EXE a variant of Win32/AdInstaller potentially unwanted application
H:\Backups\Office Desktop Backup\Documents and Settings\Peter Farrell\Desktop\Seldom Used\frzfontsFree.exe multiple threats
H:\Backups\Office Desktop Backup\Documents and Settings\Peter Farrell\Local Settings\Application Data\Downloaded Installations\{263E1DB9-E7C3-4F3E-AC28-9A519AD52AC8}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
H:\Backups\Office Desktop Backup\Documents and Settings\Peter Farrell\My Documents\pal_install_a4650_r131001_p266000.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
H:\Backups\Office Desktop Backup\Documents and Settings\Peter Farrell\My Documents\Downloads\cbsidlm-tr1_12-CD_Label_Designer-ORG-10063633(1).exe Win32/DownloadAdmin.G potentially unwanted application
H:\Backups\Office Desktop Backup\Documents and Settings\Peter Farrell\My Documents\Downloads\cbsidlm-tr1_12-CD_Label_Designer-ORG-10063633.exe Win32/DownloadAdmin.G potentially unwanted application
H:\Backups\Office Desktop Backup\Documents and Settings\Peter Farrell\My Documents\Downloads\cbsidlm-tr1_12-exPressit_SE-ORG-10539969(1).exe Win32/DownloadAdmin.G potentially unwanted application
H:\Backups\Office Desktop Backup\Documents and Settings\Peter Farrell\My Documents\Downloads\cbsidlm-tr1_12-exPressit_SE-ORG-10539969.exe Win32/DownloadAdmin.G potentially unwanted application
H:\Backups\Office Desktop Backup\Documents and Settings\Peter Farrell\My Documents\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Documents and Settings\Old System C Drive\Program Files\AWS\WeatherBug\Install\WxBugSetup502b4.EXE a variant of Win32/AdInstaller potentially unwanted application
H:\Backups\Office Desktop Backup\Local Disk\Documents and Settings\Peter Farrell\Desktop\Seldom Used\frzfontsFree.exe multiple threats
H:\Backups\Office Desktop Backup\Local Disk\Documents and Settings\Peter Farrell\Local Settings\Application Data\Downloaded Installations\{263E1DB9-E7C3-4F3E-AC28-9A519AD52AC8}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Documents and Settings\Peter Farrell\My Documents\pal_install_a4650_r131001_p266000.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Documents and Settings\Peter Farrell\My Documents\Downloads\cbsidlm-tr1_12-CD_Label_Designer-ORG-10063633(1).exe Win32/DownloadAdmin.G potentially unwanted application
H:\Backups\Office Desktop Backup\Local Disk\Documents and Settings\Peter Farrell\My Documents\Downloads\cbsidlm-tr1_12-CD_Label_Designer-ORG-10063633.exe Win32/DownloadAdmin.G potentially unwanted application
H:\Backups\Office Desktop Backup\Local Disk\Documents and Settings\Peter Farrell\My Documents\Downloads\cbsidlm-tr1_12-exPressit_SE-ORG-10539969(1).exe Win32/DownloadAdmin.G potentially unwanted application
H:\Backups\Office Desktop Backup\Local Disk\Documents and Settings\Peter Farrell\My Documents\Downloads\cbsidlm-tr1_12-exPressit_SE-ORG-10539969.exe Win32/DownloadAdmin.G potentially unwanted application
H:\Backups\Office Desktop Backup\Local Disk\Documents and Settings\Peter Farrell\My Documents\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\UpdateManager.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\AskToolbarInstaller-12.10.0_WCL2-V7.msi a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\AskToolbarInstaller-12.10.2_WCL2-V7.msi a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\AskToolbarInstaller-12.10.6_WCL2-V7.msi a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Local Disk\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\VNT\vntldr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\UpdateManager.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\AskToolbarInstaller-12.10.0_WCL2-V7.msi a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\AskToolbarInstaller-12.10.2_WCL2-V7.msi a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\AskToolbarInstaller-12.10.6_WCL2-V7.msi a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
H:\Backups\Office Desktop Backup\Program Files\AskPartnerNetwork\Toolbar\WCL2-V7\Source\program files\VNT\vntldr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
H:\Backups\Office Desktop Backup\WINDOWS\Installer\167cf8.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
H:\Backups\Office Desktop Backup\WINDOWS\Installer\8af1caeb.msi a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
H:\Backups\XP Machine Backup\F Drive Backup (See My Pics)\Downloads\BestVideoDownloader.exe a variant of Win32/KBM potentially unwanted application
H:\Backups\XP Machine Backup\F Drive Backup (See My Pics)\Downloads\cbsidlm-tr1_13-DivX_Plus_Software-BP-10062728.exe Win32/DownloadAdmin.G potentially unwanted application
H:\Backups\XP Machine Backup\F Drive Backup (See My Pics)\Downloads\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
H:\Backups\XP Machine Backup\F Drive Backup (See My Pics)\Downloads\dfsetup211.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
H:\Backups\XP Machine Backup\F Drive Backup (See My Pics)\Downloads\dfsetup214 (1).exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
H:\Backups\XP Machine Backup\F Drive Backup (See My Pics)\Downloads\dfsetup214.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
H:\Backups\XP Machine Backup\F Drive Backup (See My Pics)\Downloads\Shockwave_Installer_Slim (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
H:\Backups\XP Machine Backup\F Drive Backup (See My Pics)\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
H:\Backups\XP Machine Backup\F Drive Backup (See My Pics)\Downloads\Unconfirmed 411275.crdownload a variant of Win32/InstallIQ potentially unwanted application
H:\Backups\XP Machine Backup\F Drive Backup (See My Pics)\Downloads (Up to May 2012)\dffsetup_d3dx9_43.exe a variant of Win32/Systweak potentially unwanted application
H:\Backups\XP Machine Backup\F Drive Backup (See My Pics)\Downloads (Up to May 2012)\dfsetup209.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
H:\Backups\XP Machine Backup\F Drive Backup (See My Pics)\Downloads (Up to May 2012)\fsSetup132.exe Win32/Toolbar.Widgi potentially unwanted application
H:\Backups\XP Machine Backup\F Drive Backup (See My Pics)\Downloads (Up to May 2012)\spsetup116.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
H:\Backups\XP Machine Backup\F Drive Backup (See My Pics)\Flash Drive Backup (Jan 15, 2012)\klite_setup.exe Win32/Toolbar.Zugo potentially unwanted application
H:\PETER-PC\Backup Set 2015-12-06 190001\Backup Files 2015-12-06 190001\Backup files 31.zip a variant of Win32/InstallCore.ACZ potentially unwanted application
H:\PETER-PC\Backup Set 2015-12-06 190001\Backup Files 2015-12-06 190001\Backup files 34.zip a variant of Win32/Toolbar.Babylon.E potentially unwanted application
H:\PETER-PC\Backup Set 2015-12-06 190001\Backup Files 2016-01-11 115805\Backup files 4.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application

  • 0

#9
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts

You can remove the threats found by ESET manually if you like.

 

How is your system running?


  • 0

#10
InkAnt201

InkAnt201

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

It seems to be running normally. 

Only 'new' (quote marks for uncertainty) thing I've noticed is that when running a tab in Chrome with much of my RAM near maxed out (After Effects, Photoshop, etc.) tabs in Chrome will sometimes reload when I return to them -- I don't recall it doing that before, but I'm not surprised that Chrome will relinquish system resources when I'm doing a render or something particularly taxing.

 
 


Edited by InkAnt201, 18 March 2016 - 12:01 PM.

  • 0

#11
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts

All Clean!
Congratulations, your computer appears clean!  smile.png
I see no signs of malware on your computer, and feel satisfied our work here is done. The steps below will remove the tools we have used and reset any settings changed. I have also provided a list of resources and tools you may find useful. Chrome's behaviour seems normal to me.
 

AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- DelFix will remove the specialised tools we used to clean your computer. Any leftover logs, files, folders or tools remaining on your computer which were not removed can be deleted manually (right-click the file + delete). DelFix will also create a new System Restore Point, and delete all bar the most recent. 
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme installed, you can uninstall it by pressing the Windows Key pdKOQKY.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching forMalwarebytes.
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common attack vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • KsUqI5A.png AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • 6YRrgUC.png Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • jv4nhMJ.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. 
  • DgW1XL2.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • j1OLIec.png SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • sHjS79L.png Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs. 
  • JEP5iWI.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website. 
     

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and feel happy with the state of your computer. Once I have confirmation, we can wrap things up and I will close this topic. 
 
Thank you for using GeeksToGo.
 
Safe Surfing,  thumbup.gif
Machiavelli


  • 0

#12
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP