Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infection: Reimageplus.com/PCKeeper.com pop up on chrome [Solved]

chrome trojan virus popup spam x64 windows 8.1 browser virus

  • This topic is locked This topic is locked

#1
andydude00

andydude00

    Member

  • Member
  • PipPip
  • 83 posts

Hi I have a Windows 8.1 64 bit architecture pc with a virus. Sometimes usually when I right click or when I am searching on google I get a pop up tab for Reimageplus.com, PCKeeper.com, or some other site. I have tried running bitdefender, malwarebytes, superantispyware and nothing has been able to stop this pop up. It happens less than a few days ago but it still occurs. I notice no other weird behavior except that youtube videos sound weird in the first 10 seconds (this could be a bitdefender issue as I recently installed it after my trend antivirus subscription ended). Please help me as my limited computer knowledge is not enough to defeat this. 

 

 

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by User (administrator) on OWNER (25-06-2016 12:58:28)
Running from C:\Users\User\Downloads
Loaded Profiles: User &  (Available Profiles: User)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3164536 2013-06-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1651600 2016-04-25] (Bitdefender)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2715536 2015-04-10] (Dominik Reichl)
HKLM-x32\...\Run: [Digital Coupon Print Driver] => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5524336 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24105936 2016-06-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-14] (Valve Corporation)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-06-09] (Electronic Arts)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-25] (Google Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [MusicManager] => C:\Users\User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2015-08-23] (BitTorrent, Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2739240 2015-11-13] ()
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-05-31] (SUPERAntiSpyware)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {0c7ba6ae-d01c-11e4-be71-c8f7339b1634} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {0c7babd7-d01c-11e4-be71-c8f7339b1634} - "D:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {5abbadae-63f5-11e5-be87-c8f7339b1634} - "G:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {5fb423a3-da68-11e4-be77-c8f7339b1634} - "D:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {62e1f16f-73ad-11e5-be87-c8f7339b1634} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {8249c56d-152c-11e6-be97-1867b022fa4e} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {cb8377ce-52f3-11e5-be84-c8f7339b1634} - "F:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-14] (Valve Corporation)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-06-09] (Electronic Arts)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-25] (Google Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MusicManager] => C:\Users\User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2015-08-23] (BitTorrent, Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2739240 2015-11-13] ()
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-05-31] (SUPERAntiSpyware)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0c7ba6ae-d01c-11e4-be71-c8f7339b1634} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0c7babd7-d01c-11e4-be71-c8f7339b1634} - "D:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5abbadae-63f5-11e5-be87-c8f7339b1634} - "G:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5fb423a3-da68-11e4-be77-c8f7339b1634} - "D:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {62e1f16f-73ad-11e5-be87-c8f7339b1634} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8249c56d-152c-11e6-be97-1867b022fa4e} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cb8377ce-52f3-11e5-be84-c8f7339b1634} - "F:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Belvedere.lnk [2015-08-22]
ShortcutTarget: Belvedere.lnk -> C:\Program Files (x86)\Belvedere\Belvedere.exe (Lifehacker)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-04-08]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2015-10-03]
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-10-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-07-25]
ShortcutTarget: MEGAsync.lnk -> C:\Users\User\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2015-04-04]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-04-21]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{634E8892-9C31-4637-9398-50FFE19C6E61}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BD44EB3C-D327-453D-9CFA-F95AD0D73CEE}: [DhcpNameServer] 168.94.0.14 168.94.0.15
Tcpip\..\Interfaces\{E26A98C8-9187-4314-BC64-DC5EFDDCF372}: [DhcpNameServer] 8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-27] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-27] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-27] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-04-27] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-27] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
Toolbar: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4198864589-2716103951-1576274748-1001: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-4198864589-2716103951-1576274748-1001: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-05] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-05-12]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-29]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-29]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
CHR Extension: (Habitual) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bblicfmcdjkhhnafcogoldjiihbnjili [2015-07-25]
CHR Extension: (MindMeister) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm [2015-08-22]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-07]
CHR Extension: (Amazon Music with Prime Music) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkfgcfgfpgmkogcnibdjcckkpdiajgp [2015-07-25]
CHR Extension: (OneTab) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-25]
CHR Extension: (Slacker Radio) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckngegfcpnbbcejpfnakcdcjgigaiole [2015-07-25]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (ShortOrange) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgedljgicfnmjkpbblhbmkfocceckb [2016-02-18]
CHR Extension: (Bitdefender Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-06-18]
CHR Extension: (Box for Chrome OS Beta) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikonaebkejmpbpcnnmfaeopkaenicgf [2015-07-25]
CHR Extension: (Gingko App) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgfhngpppagnmfjocmhlioockncfgjn [2015-08-22]
CHR Extension: (TickTick - Todo & Task List) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eempgbpnkjnacmilmobpbhbfpdjdcpgd [2015-08-22]
CHR Extension: (Add to Feedly™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkjjleifeeaccajkekdcckflfpenoen [2015-12-24]
CHR Extension: (Google Play Music) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-06-25]
CHR Extension: (Stitcher) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcenjghnbkdmdncneijobnbgjcadnbge [2015-07-25]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-29]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (TeamGantt Project Management) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcoffgicdhbbbpdopfhaemdbdglnkcok [2015-08-22]
CHR Extension: (Gantter for Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo [2015-07-25]
CHR Extension: (feedly) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-07-25]
CHR Extension: (Fitocracy) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmigjnmikbkdocofcfpdeemonedpjlpn [2015-07-25]
CHR Extension: (Kindle Cloud Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-08-22]
CHR Extension: (Google Play Music) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-07]
CHR Extension: (Clearly) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-07-25]
CHR Extension: (Adblock Pro) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjecmbfimjajmfodkcbomajpjfalkncg [2015-04-19]
CHR Extension: (Google Play) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-08-22]
CHR Extension: (PaymoApp) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenbfhcjnclnoepkkahpnibbekkekihp [2015-08-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-03]
CHR Extension: (LINE) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde [2016-06-17]
CHR Extension: (Pocket) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-07-25]
CHR Extension: (Sunrise Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2015-08-22]
CHR Extension: (My Cloud Player) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbfjhlpinelhnncgfpgfekddidnbnaab [2015-07-25]
CHR Extension: (Save to Pocket) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-06-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]
CHR Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-05-13]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
 
Opera: 
=======
OPR Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\afgbccjghcnbcdjgogpckamibfkceahd [2016-06-03]
OPR Extension: (Atavi bookmarks) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bihjdnaakmmjplhilkgboobdhpihklib [2015-10-04]
OPR Extension: (Browse++) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopdhnignaicgifmnocnpamikdhdpcne [2015-10-04]
OPR Extension: (Opera Addons Portal) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\gjcfmfokccpieoonenflmcacfbdhbdck [2016-05-30]
OPR Extension: (Pocket (formerly Read It Later)) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\hedlhkdmdlcjhiblbmfggdiaeekblnoi [2015-10-04]
OPR Extension: (Opera Addons Portal) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibonkoolioojccgfdgkbicfcfpldoobn [2015-10-04]
OPR Extension: (Clearly) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mallmmeebeojpflmiolfchfcgbjflklc [2015-10-04]
OPR Extension: (Raindrop.io - Smart Bookmarks) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\nccmjelmbbbhcddoflopnicllmjknnmk [2015-10-04]
OPR Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-06-04]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-05-27] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-03] (Dropbox, Inc.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593664 2015-06-19] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-09] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [950200 2016-05-24] (Bitdefender)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3196768 2015-09-25] (Samsung Electronics CO., LTD.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-11] (Bitdefender)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [127312 2016-02-22] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2015-01-13] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
S3 cmnxusbser; C:\Windows\system32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3351520 2014-07-02] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Windows ® Win 7 DDK provider)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2014-12-23] (Realsil Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [376024 2014-12-26] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2015-01-13] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 SBIOSIO; \??\C:\Users\User\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-25 12:58 - 2016-06-25 12:58 - 02387456 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-06-25 12:58 - 2016-06-25 12:58 - 00049189 _____ C:\Users\User\Downloads\FRST.txt
2016-06-25 12:58 - 2016-06-25 12:58 - 00000000 ____D C:\FRST
2016-06-25 01:40 - 2016-06-25 12:47 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-25 01:39 - 2016-06-25 01:39 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-25 01:39 - 2016-06-25 01:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-25 01:39 - 2016-06-25 01:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-25 01:39 - 2016-06-25 01:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-25 01:39 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-25 01:39 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-25 01:39 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-25 01:36 - 2016-06-25 01:36 - 22851472 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-25 01:35 - 2016-06-25 01:35 - 00001814 _____ C:\Users\User\Desktop\JRT.txt
2016-06-25 01:32 - 2016-06-25 01:32 - 01610816 _____ (Malwarebytes) C:\Users\User\Downloads\JRT.exe
2016-06-25 01:29 - 2016-06-25 01:29 - 00000787 _____ C:\bdlog.txt
2016-06-25 01:25 - 2016-06-25 01:28 - 00000000 ____D C:\AdwCleaner
2016-06-25 01:21 - 2016-06-25 01:21 - 03703360 _____ C:\Users\User\Downloads\adwcleaner_5.200.exe
2016-06-24 23:26 - 2016-06-24 23:26 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-24 23:26 - 2016-06-24 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-24 23:26 - 2016-06-24 23:26 - 00000000 ____D C:\Program Files\iTunes
2016-06-24 23:26 - 2016-06-24 23:26 - 00000000 ____D C:\Program Files\iPod
2016-06-24 23:26 - 2016-06-24 23:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-06-24 23:25 - 2016-06-24 23:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-06-24 23:25 - 2016-06-24 23:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-06-24 22:14 - 2016-06-24 22:14 - 00001820 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-06-24 22:14 - 2016-06-24 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-06-24 22:14 - 2016-06-24 22:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-06-24 19:52 - 2016-06-24 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-24 02:28 - 2016-06-25 10:28 - 00000520 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 07605e90-8911-4fb9-9443-4c66d7c7d19e.job
2016-06-24 02:28 - 2016-06-25 02:00 - 00000520 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task a7b65bb7-58e9-4955-b2d7-9db1272d7cf5.job
2016-06-24 02:28 - 2016-06-24 02:28 - 00003566 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task a7b65bb7-58e9-4955-b2d7-9db1272d7cf5
2016-06-24 02:28 - 2016-06-24 02:28 - 00003484 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 07605e90-8911-4fb9-9443-4c66d7c7d19e
2016-06-24 02:28 - 2016-06-24 02:28 - 00000000 ____D C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2016-06-24 02:28 - 2016-06-24 02:28 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-06-24 02:23 - 2016-06-24 02:23 - 26384240 _____ (SUPERAntiSpyware) C:\Users\User\Desktop\SUPERAntiSpyware.exe
2016-06-18 11:36 - 2016-06-18 11:36 - 00002217 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-06-18 11:36 - 2016-06-18 11:36 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2016-06-18 11:36 - 2016-06-18 11:36 - 00000385 _____ C:\Users\User\AppData\Roaminguser_gensett.xml
2016-06-18 11:36 - 2016-06-18 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-06-18 11:36 - 2016-06-18 11:36 - 00000000 ____D C:\ProgramData\BDLogging
2016-06-18 11:36 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2016-06-18 11:36 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2016-06-18 11:35 - 2016-06-18 11:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Bitdefender
2016-06-18 11:35 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2016-06-18 11:35 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2016-06-18 11:35 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2016-06-18 11:35 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2016-06-18 11:34 - 2016-06-18 11:51 - 00000000 ____D C:\ProgramData\Bitdefender
2016-06-18 11:34 - 2016-06-18 11:34 - 00000000 ____D C:\Program Files\Bitdefender
2016-06-18 11:34 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-06-18 11:34 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-06-17 21:39 - 2016-06-18 11:34 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-06-17 21:39 - 2016-06-17 21:39 - 00003640 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-06-17 21:39 - 2016-06-17 21:39 - 00000000 ____D C:\Users\User\AppData\Roaming\QuickScan
2016-06-17 21:37 - 2016-06-25 12:49 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-06-17 21:37 - 2016-06-17 21:37 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-06-17 21:35 - 2016-06-17 21:35 - 10539088 _____ C:\Users\User\Downloads\bitdefender_windows_b63370c9-402e-43f5-a9f8-5ebeb6951376.exe
2016-06-17 21:34 - 2016-06-17 21:34 - 10539088 _____ C:\Users\User\Downloads\bitdefender_windows_1dc8ca96-cefd-46d4-bc02-e9ec5fdfc2a9.exe
2016-06-17 19:58 - 2016-06-17 19:58 - 15850936 _____ (Trend Micro Inc. ) C:\Users\User\Downloads\Ti_100_win_en_Tool_UninstallTool_hfb0001.exe
2016-06-17 19:57 - 2016-06-17 19:57 - 13709368 _____ C:\Users\User\Downloads\Bitdefender_2016_UninstallTool.exe
2016-06-17 19:30 - 2016-06-14 13:13 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-17 19:30 - 2016-06-14 13:13 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-15 03:48 - 2016-05-16 17:13 - 00563016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 03:48 - 2016-05-16 17:13 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 03:48 - 2016-05-16 17:13 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 03:48 - 2016-05-16 17:13 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 03:48 - 2016-05-13 19:07 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 03:48 - 2016-05-13 19:07 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 03:48 - 2016-05-13 19:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 03:48 - 2016-05-13 18:34 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-06-15 03:48 - 2016-05-13 17:58 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-06-15 03:48 - 2016-05-12 14:38 - 00135336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 03:48 - 2016-05-12 13:43 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2016-06-15 03:48 - 2016-05-12 12:17 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 03:48 - 2016-05-12 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 03:48 - 2016-05-12 12:07 - 01360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 03:48 - 2016-05-12 11:59 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 03:48 - 2016-05-12 11:43 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 03:48 - 2016-05-12 11:37 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 03:48 - 2016-05-06 11:45 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 03:48 - 2016-05-06 11:23 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 03:47 - 2016-06-03 13:11 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-06-15 03:47 - 2016-06-03 09:38 - 01413120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 03:47 - 2016-06-02 13:51 - 00050352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 03:47 - 2016-05-29 11:04 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 03:47 - 2016-05-29 11:04 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-06-15 03:47 - 2016-05-29 11:04 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 03:47 - 2016-05-29 11:04 - 00276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 03:47 - 2016-05-29 11:04 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-06-15 03:47 - 2016-05-29 11:04 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 03:47 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 03:47 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 03:47 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 03:47 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 03:47 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 03:47 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 03:47 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-06-15 03:47 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-06-15 03:47 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 03:47 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-06-15 03:47 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 03:47 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-06-15 03:47 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-06-15 03:47 - 2016-05-20 17:25 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-06-15 03:47 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-06-15 03:47 - 2016-05-20 17:21 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-06-15 03:47 - 2016-05-20 17:19 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-06-15 03:47 - 2016-05-20 17:16 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-06-15 03:47 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 03:47 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-06-15 03:47 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 03:47 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-06-15 03:47 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 03:47 - 2016-05-20 17:09 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-06-15 03:47 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-06-15 03:47 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 03:47 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-06-15 03:47 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 03:47 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 03:47 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 03:47 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-06-15 03:47 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 03:47 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-06-15 03:47 - 2016-05-18 19:15 - 01379040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 03:47 - 2016-05-18 16:35 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 03:47 - 2016-05-18 01:31 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 03:47 - 2016-05-18 01:31 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 03:47 - 2016-05-14 16:01 - 00363104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 03:47 - 2016-05-14 16:01 - 00320720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 03:47 - 2016-05-13 19:09 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-06-15 03:47 - 2016-05-13 19:07 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 03:47 - 2016-05-13 19:04 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 03:47 - 2016-05-13 18:19 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 03:47 - 2016-05-13 17:58 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 03:47 - 2016-05-13 17:45 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 03:47 - 2016-05-13 17:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 03:47 - 2016-05-13 17:26 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-15 03:47 - 2016-05-09 17:35 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-06-15 03:47 - 2016-05-09 16:56 - 05270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-06-15 03:47 - 2016-05-09 16:45 - 07793152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 03:47 - 2016-05-09 16:23 - 05265920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 03:47 - 2016-04-14 11:25 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-06-15 03:47 - 2016-04-14 11:11 - 02464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-06-15 03:47 - 2016-04-12 11:46 - 14467584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 03:47 - 2016-04-12 11:30 - 12879872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 03:47 - 2016-01-31 15:17 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2016-06-15 03:47 - 2016-01-31 14:07 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-06-15 03:47 - 2016-01-31 13:42 - 03320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-06-15 03:47 - 2016-01-31 13:14 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-06-12 07:24 - 2016-06-12 07:24 - 00002971 _____ C:\Users\User\Desktop\c2a1a07779aec69af8069beeeccee206.jpeg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-25 12:51 - 2015-10-03 20:46 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-25 12:50 - 2015-11-13 23:59 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-06-25 12:41 - 2015-07-25 22:10 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001UA.job
2016-06-25 12:25 - 2015-03-29 18:41 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-25 12:06 - 2016-01-11 06:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-25 10:49 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-25 03:32 - 2015-07-19 09:48 - 00000000 ____D C:\Users\User\OneDrive
2016-06-25 02:04 - 2015-03-21 18:22 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4198864589-2716103951-1576274748-1001
2016-06-25 02:02 - 2015-03-21 10:47 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2016-06-25 01:56 - 2014-03-18 05:45 - 00000000 ____D C:\WINDOWS\ShellNew
2016-06-25 01:35 - 2014-03-18 06:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-25 01:35 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-06-25 01:32 - 2015-08-23 12:54 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2016-06-25 01:31 - 2016-04-21 01:37 - 00000000 ____D C:\Users\User\.rainlendar2
2016-06-25 01:31 - 2015-10-03 13:24 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2016-06-25 01:31 - 2015-07-18 11:59 - 00000000 ___RD C:\Users\User\Google Drive
2016-06-25 01:31 - 2015-05-02 10:19 - 00000000 ____D C:\ProgramData\Origin
2016-06-25 01:30 - 2015-10-03 20:46 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-25 01:30 - 2015-04-03 21:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-25 01:30 - 2015-03-29 18:41 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-25 01:29 - 2015-11-15 17:15 - 00000091 _____ C:\HaxLogs.txt
2016-06-25 01:29 - 2015-03-21 10:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-25 01:29 - 2015-03-21 10:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-25 01:29 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-25 01:29 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-06-25 00:00 - 2015-07-19 11:54 - 00000000 ____D C:\Users\User\Incomplete
2016-06-24 23:26 - 2015-08-08 18:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-24 23:25 - 2015-08-08 18:46 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-06-24 19:52 - 2015-10-03 20:46 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-24 06:41 - 2015-07-25 22:10 - 00000864 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001Core.job
2016-06-24 06:04 - 2015-04-14 21:44 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2016-06-23 04:38 - 2015-03-21 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-21 04:36 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-06-18 17:12 - 2015-09-12 18:10 - 00000000 ____D C:\Users\User\AppData\Roaming\Fences
2016-06-18 15:10 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-18 15:09 - 2015-03-28 14:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-06-17 20:00 - 2015-07-25 09:58 - 00000000 ____D C:\Users\User\AppData\Roaming\KeePass
2016-06-17 19:37 - 2015-03-21 10:30 - 00000000 ____D C:\ProgramData\Trend Micro
2016-06-17 19:35 - 2015-12-19 06:41 - 00000000 ____D C:\Users\User\AppData\Local\Trend Micro
2016-06-17 19:29 - 2013-08-22 10:44 - 05102992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-17 19:27 - 2015-04-16 01:01 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-06-17 19:27 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-06-17 18:26 - 2015-03-29 18:42 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 18:26 - 2015-03-29 18:42 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 18:18 - 2015-09-13 02:30 - 00000000 ____D C:\Users\User\AppData\Local\JDownloader v2.0
2016-06-17 11:06 - 2016-01-11 06:25 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-06-17 11:06 - 2015-11-13 23:59 - 00003848 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-06-17 04:00 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-16 23:41 - 2015-10-04 22:59 - 00003840 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1444013975
2016-06-16 23:41 - 2015-10-04 22:59 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-06-16 23:41 - 2015-10-04 22:59 - 00000000 ____D C:\Program Files (x86)\Opera
2016-06-15 16:40 - 2015-03-21 10:24 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-15 06:50 - 2015-03-21 10:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 06:43 - 2015-03-21 10:24 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-14 23:37 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-14 19:09 - 2015-07-25 21:31 - 00000000 ____D C:\Users\User\AppData\Local\MEGAsync
2016-06-09 23:45 - 2015-05-02 10:19 - 00000000 ____D C:\Program Files (x86)\Origin
2016-06-01 01:26 - 2015-04-03 21:58 - 00002058 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-06-01 01:26 - 2015-04-03 21:58 - 00002056 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-06-01 01:26 - 2015-04-03 21:58 - 00002046 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-06-01 01:26 - 2015-04-03 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-29 06:20 - 2015-04-11 09:32 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-29 06:20 - 2015-04-11 09:32 - 00000000 ___SD C:\WINDOWS\system32\GWX
 
==================== Files in the root of some directories =======
 
2015-10-30 20:47 - 2015-10-30 20:47 - 0000000 _____ () C:\Users\User\AppData\Roaming\Stardockfences_debug_snapshot.dat
2015-03-21 10:30 - 2015-03-21 10:30 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2015-09-06 05:37 - 2015-09-06 05:37 - 0000218 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2015-04-22 21:23 - 2016-03-21 11:59 - 0000010 _____ () C:\Users\User\AppData\Local\sponge.last.runtime.cache
2016-03-02 19:35 - 2016-03-02 19:35 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-07-18 14:14 - 2015-07-18 14:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-08 02:06 - 2015-04-08 02:10 - 0000839 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\libeay32.dll
C:\Users\User\AppData\Local\Temp\msvcr120.dll
C:\Users\User\AppData\Local\Temp\OfficeSetup.exe
C:\Users\User\AppData\Local\Temp\proxy_vole5841007602319212540.dll
C:\Users\User\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-25 03:32
 
==================== End of FRST.txt ============================
 
 
Addition LOG
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by User (2016-06-25 12:58:51)
Running from C:\Users\User\Downloads
Windows 8.1 (Update) (X64) (2015-03-21 22:56:10)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4198864589-2716103951-1576274748-500 - Administrator - Disabled)
Guest (S-1-5-21-4198864589-2716103951-1576274748-501 - Limited - Disabled)
User (S-1-5-21-4198864589-2716103951-1576274748-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
4K Stogram 1.9 (HKLM-x32\...\4K Stogram_is1) (Version: 1.9.5.964 - Open Media LLC)
5600 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon Kindle (HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{9043E92C-183C-7633-0237-96CE00F5C909}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Belvedere 0.7.1 (HKLM-x32\...\Belvedere) (Version: 0.7.1 - Lifehacker)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.28.1503 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Renegade (HKLM-x32\...\{97B5E8B9-D5E6-49C4-8CDA-7E096BE2601A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Deluge 1.3.11 (HKLM-x32\...\Deluge) (Version:  - )
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Digital Coupon Printer (HKLM-x32\...\{2095A496-250E-4A1F-90AD-691246819A9A}) (Version: 3.17.0.0 - Hopster, Inc. an Inmar company)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Elevated Installer (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
ETDWare X64 11.7.19.9_WHQL (HKLM\...\Elantech) (Version: 11.7.19.9 - ELAN Microelectronic Corp.)
Evernote v. 6.0.6 (HKLM-x32\...\{FC4A0E2E-0CD3-11E6-B80E-005056951CAD}) (Version: 6.0.6.1769 - Evernote Corp.)
Fallout 3 (HKLM-x32\...\Steam App 22300) (Version:  - Bethesda Game Studios)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fences (HKLM-x32\...\Fences) (Version:  - Stardock Corporation)
Fences (Version: 1.0 - Stardock Corporation) Hidden
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Free Video Editor version 1.4.15.913 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.15.913 - DVDVideoSoft Ltd.)
Garmin Express (HKLM-x32\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Greyfox (HKLM-x32\...\Steam App 341310) (Version:  - Lesley Dodd)
hakuneko (HKLM-x32\...\hakuneko_is1) (Version: 1.3.12 - Ronny Wegener <[email protected]>)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java SE Development Kit 7 Update 80 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170800}) (Version: 1.7.0.800 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 1.29 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.29 - Dominik Reichl)
KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl)
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version:  - Gazillion Entertainment)
MediaInfo 0.7.77 (HKLM\...\MediaInfo) (Version: 0.7.77 - MediaArea.net)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4833.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MindMaple Lite 1.71 (HKLM-x32\...\MindMaple_is1) (Version: v1.71 - MindMaple Inc.)
Mp3tag v2.77 (HKLM-x32\...\Mp3tag) (Version: v2.77 - Florian Heidenreich)
Music Manager (HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MusicManager) (Version:  - Google, Inc.)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
Opera Stable 38.0.2220.31 (HKLM-x32\...\Opera 38.0.2220.31) (Version: 38.0.2220.31 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
PdaNet+ for Android 4.17 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3.1 r2602 - )
RAW Image Viewer (HKLM-x32\...\{3C867AA0-22EC-4B27-8C60-A354AA37D68C}_is1) (Version:  - IdeaMK)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.71 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7055 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.54 - Samsung Electronics CO., LTD.) Hidden
Samsung Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Samsung Update (HKLM-x32\...\{A9D16B9C-AA6D-4154-80CA-17099A2C308F}) (Version: 2.2.16 - Samsung Electronics CO., LTD.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Scrivener (HKLM-x32\...\Scrivener 1900) (Version: 1900 - Literature and Latte)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.4700 - DTS, Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version:  - FireFly Studios)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1220 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Timelines: Assault on America (HKLM-x32\...\Steam App 234060) (Version:  - 4Flash Interactive)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts)
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic Entertainment)
WD Drive Utilities (HKLM-x32\...\{22662b08-91e0-4540-bb98-c96f32e09417}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{429a42d7-4c55-44d4-b38a-5872a0d70495}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD SmartWare (HKLM\...\{EC54143B-24CC-47D2-AB39-0F5701988BA4}) (Version: 2.1.0.11 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
yabause 0.9.14 (HKLM-x32\...\ (Win64)) (Version: 0.9.14 - Yabause team)
YouTube Free Downloader (HKLM-x32\...\YouTube Free Downloader) (Version: 5.1.1 - YouTubeFreeDownloader)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {022CA635-5D89-4999-A442-09D9D80ECC43} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {075DC3FD-7238-4EE4-B215-7ECF89863935} - System32\Tasks\RtHDVBg_SRSSA => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-09-26] (Realtek Semiconductor)
Task: {0FF80CF3-2AF1-4B45-9E45-A125DF65F19D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {10D1C743-C356-43C2-9E68-108040E74813} - System32\Tasks\SUPERAntiSpyware Scheduled Task a7b65bb7-58e9-4955-b2d7-9db1272d7cf5 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {1DC040E0-7D2F-4AC7-A67D-208093A60864} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {25C85F87-9EF5-418C-87EE-AD7E2C91AE8B} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2015-06-19] (Samsung Electronics CO., LTD.)
Task: {3F513832-55FE-47DA-9702-572DC96DCED1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {429CF09C-723F-42FC-A45A-2C09F74DB553} - System32\Tasks\HP AR Program Upload - 75cdb0c8122b498e8722a385a83650eb63077291aa7843a0b8ed9de84109eebd => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {4A118958-AD40-4D24-B36B-B6CD48D4D318} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-18] (Microsoft Corporation)
Task: {535004F3-16FF-4247-BDC3-309BA51CE063} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-03] (Dropbox, Inc.)
Task: {62A4E0C1-96E3-40DA-8CE9-881F10395844} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {790D56F9-0CD5-463D-8348-A558CCA94A3F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-09-30] (Realtek Semiconductor)
Task: {7C07F944-072E-4595-8985-4B977CE939A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: {8620A148-7B32-4EA0-8039-028D209C7788} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] ()
Task: {86E795EB-5B95-4BDE-AFB3-BEFF4EB2B0D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {9966B8B5-EB87-4CC8-AF54-36C067F409B2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-18] (Microsoft Corporation)
Task: {9EAF150F-05ED-4639-A726-37157A69A576} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {A3CB9429-D737-4C32-A9AA-F57B33D23E4D} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-08-05] (Samsung Electronics CO., LTD.)
Task: {A56C139A-749A-46AA-A2BF-1B1AD6314085} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {B6B109B1-951D-4ACD-9DE1-DB14219FB374} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-25] (Google Inc.)
Task: {CCED6FF9-1B2D-40A7-B4FF-B0D6CB436C06} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe
Task: {D305FE44-1CB9-4049-A6EC-13809B72B55A} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-04-18] (Bitdefender)
Task: {DD468263-DED3-42A2-B08E-EB64699E4A72} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-08-18] (Samsung Electronics CO., LTD.)
Task: {DD71A3BE-213C-4ADD-9F32-C81D5A5CC7F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: {E12B607E-7623-4265-B327-D637D6917828} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-25] (Google Inc.)
Task: {E972368E-3648-42DF-AE66-2A305FF680EE} - System32\Tasks\SUPERAntiSpyware Scheduled Task 07605e90-8911-4fb9-9443-4c66d7c7d19e => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {EF9E8AE5-3AF0-4901-8DAF-D544C8D30716} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-03] (Dropbox, Inc.)
Task: {F276E8E4-1873-4B56-A90F-9201E9D709AD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {F9E117BE-A9E1-481E-8693-67DEA6E8C71D} - System32\Tasks\Opera scheduled Autoupdate 1444013975 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-13] (Opera Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 07605e90-8911-4fb9-9443-4c66d7c7d19e.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task a7b65bb7-58e9-4955-b2d7-9db1272d7cf5.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ad.Block Pro.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jafeimghomcdjobocjhkolakbihggbak
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Adblock Pro.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jjecmbfimjajmfodkcbomajpjfalkncg
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Box for Chrome OS Beta.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dikonaebkejmpbpcnnmfaeopkaenicgf
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Habitual.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bblicfmcdjkhhnafcogoldjiihbnjili
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\LINE.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=menkifleemblimdogmoihpfopnplikde
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sunrise Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mojepfklcankkmikonjlnidiooanmpbb
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TickTick - Todo & Task List.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=eempgbpnkjnacmilmobpbhbfpdjdcpgd
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-06-18 11:35 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-06-18 11:35 - 2016-05-09 11:29 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
2016-06-18 11:35 - 2016-05-09 11:29 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
2016-06-18 11:35 - 2016-05-09 11:29 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
2016-06-18 11:35 - 2016-05-09 11:29 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-29 21:51 - 2016-04-19 19:26 - 00114888 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2015-10-18 03:47 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-01 10:13 - 2014-05-01 10:13 - 00470016 _____ () C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 01272128 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsAPI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2015-07-18 14:13 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-10-18 03:47 - 2015-09-01 08:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-05-01 10:15 - 2014-05-01 10:15 - 00463360 _____ () C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll
2016-06-17 18:26 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 18:26 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-06-17 18:26 - 2016-06-15 05:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\User\Desktop\SUPERAntiSpyware.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\mbam-setup-2.2.1.1043.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2016-06-25 12:48 - 00001028 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CABB33D8-1FCD-42BA-B336-1CE5FFC073F1}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{F6B19AEB-BD9D-425F-8819-27FC29FCAFE6}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{736A78F3-80CD-456B-B925-09539B3655C8}] => (Allow) LPort=7935
FirewallRules: [{982FFABF-FCE5-41AD-835B-EF85A13B9B3B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{D5CDD5A1-0605-42B0-823D-3ECFBA641F92}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F53DCFB-7051-4C25-8F82-20F7B199F1B5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C2A62B2F-D503-4D00-AA0F-383983F444D7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{54402180-1452-4B8F-845E-6467A8E6B364}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{E9193CE5-9A17-4391-A1F8-CCA0F7F230BD}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{36D37D79-05E1-46DE-A593-34BAE69801A4}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{179041BC-5FEC-4F90-B3FE-6AC6E24E50D4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{130767D1-65B9-4776-86D0-BD81A179F0FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C8BFFDCA-7B1C-440B-A028-2767A65E8CDE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{E717D2B4-3489-4A40-9DB9-F692A6A615B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{03B5A5E3-A064-4A72-8A9F-767958275A9D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{35319969-72F4-417E-9720-02062097D799}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{F0B6ACD2-A7B7-462D-87B0-A85853464E21}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{694C792C-B077-48F8-852E-BAD10274C153}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{5070BDDF-C8A5-4768-BB1A-8A6AECCA5FE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{7597B646-D1A0-4587-8CCA-AC31224BCC01}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{67B3A109-8E2B-4263-8175-215FDD5850B0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{47990F7C-46D8-4B94-B6AA-D5B15F3F4C57}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{CF5E8D49-A561-41F8-8A9D-FAAEA6FDB864}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{E3B06554-4DBC-40F2-AE1C-88DB7A28C720}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{C556A13A-8ED4-4EEC-80AD-998BDCC80824}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{B6B0A453-2E73-4703-B7FD-D653EC54A661}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{ED96D959-D000-4137-8159-793B0F2F334F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{F75C214C-E067-47BC-BAB4-2A104C8775B4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{13967C7A-C63A-4E45-9EE3-40FC11CD6AF5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{92BCFA27-C510-4E21-A9C7-0E42D73C16FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{61BB684B-4E4F-49AA-900F-292A1D56D225}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{3B450AE6-5A3F-4265-A8B8-827573CCABE7}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe
FirewallRules: [{99235222-8555-4C00-BE29-06432B2819C2}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe
FirewallRules: [{4B9BA2FF-BE0B-4C27-B070-F4263525E243}] => (Allow) C:\Program Files (x86)\Origin Games\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{0E51C795-FE96-43FE-B403-B4914EE0DEE9}] => (Allow) C:\Program Files (x86)\Origin Games\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{A0B7B5D1-FE0A-4C61-ADFC-C32379F7AA19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{1C5C55B6-3FFB-4CA1-836C-0C9B186E1B0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{1652C2C7-19A1-4D82-8B6D-8CAF902515E8}] => (Allow) C:\Program Files (x86)\Origin Games\Renegade\RenegadeLauncher.exe
FirewallRules: [{8F8E57CB-776A-45BA-86DE-0F4FE6B84B7C}] => (Allow) C:\Program Files (x86)\Origin Games\Renegade\RenegadeLauncher.exe
FirewallRules: [{22D7558B-16FB-4E2C-AF65-EFBA581476CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold3\bin\win32_release\Stronghold3.exe
FirewallRules: [{FB806AFA-6919-4CC3-A28C-394302D7A03F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold3\bin\win32_release\Stronghold3.exe
FirewallRules: [{D6EB9020-B307-4F16-A013-5D229658CDF7}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe
FirewallRules: [{C17E3488-1CDA-4F38-920E-D957CDF76552}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe
FirewallRules: [{9EB16BCC-522A-4F75-BDE3-80C2A145CFD1}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{C17D00A7-C09B-492F-BF14-51902BA94A42}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{8356CCCA-54D3-4493-87BA-7E490C18ECF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{77C76D66-D349-4EA6-9C47-A6C178AFE087}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{F980FF1D-C909-46EB-9FE3-C67183F18803}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{BCEED949-A4E5-4564-AF2F-0207A223CD7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{C52C9060-2BF3-4B5C-8EAE-93261470F8FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Timelines - Assault on America\bin\rts_game.exe
FirewallRules: [{98D774D3-FAD5-4342-9DA2-8A068E2707A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Timelines - Assault on America\bin\rts_game.exe
FirewallRules: [{08C1B68F-B000-4543-92F1-B97D5FC98015}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Greyfox\Game.exe
FirewallRules: [{AB4081F3-BE5D-41AF-B936-BCE18C9D2FD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Greyfox\Game.exe
FirewallRules: [TCP Query User{7993BBAD-C55F-4EC7-BCD0-90538C1B60DA}C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{64BD55ED-BAF6-4793-A6BC-4A42086EF7E8}C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{BB512CC1-4717-4070-9353-5C5BB4674F21}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{2FE6D90C-8E4C-42C7-9843-50EF21E425EF}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{57F6B160-175E-4025-8CEE-9338251CE827}] => (Allow) LPort=15600
FirewallRules: [{E4FE137A-2A77-4107-A353-B345A33655CD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{B390D2B0-0B1B-4C24-A622-18C7FDDE70DF}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{D1BB29B6-B404-4338-B46D-2FF46A9E9FD5}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{B51086CB-5654-4AAB-8CD2-D8E6E5268CDE}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{9398795E-E03A-4B2B-846F-811970DC9839}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{8366FF16-9CAC-458F-A4D2-30C73E6A6573}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{C6C1B4C8-D855-4717-AF9B-F23155384FF8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4792FBAD-08EC-4303-BB2D-6DAF147FD2E8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{C5AF1F96-A817-46E1-8B6A-06DC31C91268}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EE7C22B7-9CE4-447C-A076-273CE41F8237}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{0CE07A4B-D64E-4E68-A8E2-910FD086663B}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{1DAFFDB9-3CF1-49F3-A312-D8BD4F3A2FCC}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{3B77540E-47F6-405E-A6DD-02DD2A7FC561}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{5E0081DE-6CFF-464E-AE77-F0A8AF9CF002}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{01D071AE-FA47-41F5-920E-93220C56387A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{69AF852F-3C66-43B7-88C4-BCC79C940A60}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{63727F5A-6279-4803-B0D1-D8DC2A813459}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{893EED2B-17E2-43E9-8736-7F1F69C72C90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4C979610-563D-41A8-9DDC-EA720B78AAF9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{C8CB2046-F30D-43C6-9C57-5E1FCEC9B3BE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{2EB180C7-458E-4DAA-9DEA-F34493EDACC2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{6AB71123-DD39-466F-86AC-CDDFF880ECF0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{4B8A8C4D-AE82-42AE-8A9B-4A83465ECAC7}] => (Allow) LPort=5357
FirewallRules: [{77165EAF-48FC-43DC-866D-57AA5D082AD9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1204E166-ADBD-43F5-BF52-9EABA61352A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Greyfox\EQLauncher.exe
FirewallRules: [{D8B0FE0D-34EC-43BF-9E88-CC51EF6C6293}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Greyfox\EQLauncher.exe
FirewallRules: [TCP Query User{88A6C140-0567-43F0-9063-EC62F3DC56B5}C:\program files\yabause 0.9.14\yabause.exe] => (Allow) C:\program files\yabause 0.9.14\yabause.exe
FirewallRules: [UDP Query User{4327292A-FB73-4A51-81C7-3FEA0477DB72}C:\program files\yabause 0.9.14\yabause.exe] => (Allow) C:\program files\yabause 0.9.14\yabause.exe
FirewallRules: [TCP Query User{63EB4D4F-0025-4A6F-95B3-529FC123074E}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{3DED8A12-04F9-4D50-801A-9D078ABF9239}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [{ECF9F785-8ACE-49EC-971C-62DDB70D8728}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4F91D721-BE02-4E56-9CCE-FA08C41E7C3D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{1B84E41E-AC5D-4A61-9780-63D558E73BE2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
05-06-2016 07:02:46 Scheduled Checkpoint
14-06-2016 06:08:56 Scheduled Checkpoint
22-06-2016 06:51:43 Scheduled Checkpoint
25-06-2016 01:33:14 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: HP Officejet Pro 8610
Description: HP Officejet Pro 8610
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/25/2016 05:04:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12578
 
Error: (06/25/2016 05:04:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12578
 
Error: (06/25/2016 05:04:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/25/2016 05:04:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11297
 
Error: (06/25/2016 05:04:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11297
 
Error: (06/25/2016 05:04:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/25/2016 05:04:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10031
 
Error: (06/25/2016 05:04:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10031
 
Error: (06/25/2016 05:04:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/25/2016 05:04:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8765
 
 
System errors:
=============
Error: (06/25/2016 05:04:46 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/25/2016 05:04:46 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/25/2016 05:04:46 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/25/2016 05:04:45 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/25/2016 05:04:45 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/25/2016 05:04:38 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (06/25/2016 05:04:38 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.
 
Error: (06/25/2016 05:04:38 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (06/25/2016 05:04:38 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.
 
Error: (06/25/2016 05:04:38 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
 
CodeIntegrity:
===================================
  Date: 2016-06-13 00:18:24.333
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-13 00:18:24.141
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-13 00:18:23.944
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-13 00:18:23.753
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-13 00:18:23.557
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-13 00:18:23.261
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-13 00:18:23.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-13 00:18:22.873
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-13 00:18:22.675
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-13 00:18:22.475
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3635QM CPU @ 2.40GHz
Percentage of memory in use: 59%
Total physical RAM: 8078.8 MB
Available physical RAM: 3274.57 MB
Total Virtual: 15502.8 MB
Available Virtual: 9960.16 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.25 GB) (Free:37.8 GB) NTFS
Drive d: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive e: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.
 
==================== End of Addition.txt ============================
 
 

  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Hi andydude00,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others. If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed. All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen. If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to. Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-

 

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.


Let's get started....



Download CKScanner from here

Important : Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

  • 0

#3
andydude00

andydude00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Thank you for your help on this!!!
 
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cs6\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs6\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs6\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cs6\plug-ins\zh_cn\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs6\plug-ins\zh_cn\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs6\plug-ins\zh_cn\vstplugins\decrackler6.dll
c:\program files (x86)\adobe\adobe dreamweaver cs6\configuration\taglibraries\html\keygen.vtm
c:\users\user\dropbox\books\cracking_the_gmat_2012_edition.epub
c:\users\user\google drive\interview\cracking the coding interview, 5th edition.pdf
hosts 127.0.0.1                   activate.adobe.com
hosts 127.0.0.1                   practivate.adobe.com
hosts 127.0.0.1                   lmlicenses.wip4.adobe.com
hosts 127.0.0.1                   lm.licenses.adobe.com
scanner sequence 3.DI.11.FOAPKZ
 ----- EOF ----- 

Edited by andydude00, 30 June 2016 - 11:13 PM.

  • 0

#4
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

FIRST >>>>




:upset: :upset: :upset: ALERT!!! P2P WARNING ALERT!!! :upset: :upset: :upset:



You have a P2P / file sharing application on your system!! While this may not be a surprize to you (most likely installed by you or another user on the system) and the file sharing application itself may be safe, the files shared could be a little more than you hoped for. File sharing has been shown to be a major source for trojans, virii, worms and webbot attacks to spread on the internet. There are exploits in file sharing software that can be used to compromise your system and personal information. You may be sharing a lot more than just a little bandwidth to 'help the community share' information.

Geeks to Go recommends that you uninstall your P2P software; you have to have open pathways (network ports) in and out of your system and you could be helping to move illegal files (copyrighted material (software, movies, video, etc.) even if you don't 'download' them yourself.

If you choose to keep your P2P program installed, I must ask that you de-activate / shutdown the software and not use it until the cleaning of your system is done.

Application to uninstall: µTorrent

Need more info? Read these:

SECOND >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Digital Coupon Printer

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


THIRD >>>>

Your logs show that ADOBE is Pirated Software (Cracked / keygen). Please remove it if you want continued assistance here.


FORTH >>>>

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt




Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Digital Coupon Print Driver] => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
C:\Program Files (x86)\Digital Coupon Printer
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {0c7ba6ae-d01c-11e4-be71-c8f7339b1634} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {0c7babd7-d01c-11e4-be71-c8f7339b1634} - "D:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {5abbadae-63f5-11e5-be87-c8f7339b1634} - "G:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {5fb423a3-da68-11e4-be77-c8f7339b1634} - "D:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {62e1f16f-73ad-11e5-be87-c8f7339b1634} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {8249c56d-152c-11e6-be97-1867b022fa4e} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {cb8377ce-52f3-11e5-be84-c8f7339b1634} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0c7ba6ae-d01c-11e4-be71-c8f7339b1634} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0c7babd7-d01c-11e4-be71-c8f7339b1634} - "D:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5abbadae-63f5-11e5-be87-c8f7339b1634} - "G:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5fb423a3-da68-11e4-be77-c8f7339b1634} - "D:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {62e1f16f-73ad-11e5-be87-c8f7339b1634} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8249c56d-152c-11e6-be97-1867b022fa4e} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cb8377ce-52f3-11e5-be84-c8f7339b1634} - "F:\VZW_Software_upgrade_assistant.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
Hosts:
Tcpip\..\Interfaces\{BD44EB3C-D327-453D-9CFA-F95AD0D73CEE}: [DhcpNameServer] 168.94.0.14 168.94.0.15
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
Toolbar: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
C:\Program Files\Trend Micro
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
CHR Extension: (OneTab) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-25]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
S3 SBIOSIO; \??\C:\Users\User\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
C:\Users\User\AppData\Local\Temp\__Samsung_Update
2015-07-18 14:14 - 2015-07-18 14:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\User\AppData\Local\Temp\libeay32.dll
C:\Users\User\AppData\Local\Temp\msvcr120.dll
C:\Users\User\AppData\Local\Temp\OfficeSetup.exe
C:\Users\User\AppData\Local\Temp\proxy_vole5841007602319212540.dll
C:\Users\User\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {CCED6FF9-1B2D-40A7-B4FF-B0D6CB436C06} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


LAST >>>>

We need to get a fresh scan from FRST.

  • If you still have the Addition.txt file on your desktop, please delete it now.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please. Otherwise, just wait for the "The tool is ready to use." message.
  • Please check the Addition.txt in the Option Scan section of FRST.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Information to Reply with >>>>

  • You understand about uTorrent and that at least it is not running for the rest of the cleaning. Thanks.
  • The uninstall went how? Any problems?
  • The ADOBE software in question is removed?
  • The Fixliog.txt log file text.
  • The fresh FRST / Addition log texts. (You can use more than one reply post if needed.)
  • How is your system now?

  • 0

#5
andydude00

andydude00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

Sorry I was out on holiday. Will begin process tomorrow. 


  • 0

#6
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Will keep an eye out for your reply(s).  Thanks and hope your holidays were great!!


  • 0

#7
andydude00

andydude00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

Hi I am back from holiday. I have deleted the adobe apps (did not know they were stolen apps) they came with laptop when I bought it from friend. I will post new file info.


  • 0

#8
andydude00

andydude00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
  • You understand about uTorrent and that at least it is not running for the rest of the cleaning.  YES I UNDERSTAND
  • The uninstall went how? Any problems? - UNINSTALLED APPS YOU REQUESTED
  • The ADOBE software in question is removed? - DONE
  • The Fixliog.txt log file text. - Saved fixlog.txt to desktop
  • The fresh FRST / Addition log texts. (You can use more than one reply post if needed.)
  • How is your system now? - only notice issues sometimes, not as much as before 

---------------------------------------------------------------------------------------------------------------

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-07-2016
Ran by User (administrator) on OWNER (26-07-2016 20:50:43)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\nacl64.exe
(Google Inc.) C:\Users\User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Lifehacker) C:\Program Files (x86)\Belvedere\Belvedere.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Launchy\Launchy.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Mega Limited) C:\Users\User\AppData\Local\MEGAsync\MEGAsync.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3164536 2013-06-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1654160 2016-07-02] (Bitdefender)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2715536 2015-04-10] (Dominik Reichl)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5524336 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-08] (Valve Corporation)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-06-09] (Electronic Arts)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [943944 2016-06-23] (Google Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-25] (Google Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [MusicManager] => C:\Users\User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2739240 2015-11-13] ()
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {0c7ba6ae-d01c-11e4-be71-c8f7339b1634} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {0c7babd7-d01c-11e4-be71-c8f7339b1634} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {5abbadae-63f5-11e5-be87-c8f7339b1634} - "G:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {5fb423a3-da68-11e4-be77-c8f7339b1634} - "D:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {62e1f16f-73ad-11e5-be87-c8f7339b1634} - "D:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {8249c56d-152c-11e6-be97-1867b022fa4e} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {cb8377ce-52f3-11e5-be84-c8f7339b1634} - "F:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-20] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-20] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-20] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-20] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-20] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-20] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Belvedere.lnk [2015-08-22]
ShortcutTarget: Belvedere.lnk -> C:\Program Files (x86)\Belvedere\Belvedere.exe (Lifehacker)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-04-08]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2015-10-03]
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-10-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-07-25]
ShortcutTarget: MEGAsync.lnk -> C:\Users\User\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2015-04-04]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-04-21]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{634E8892-9C31-4637-9398-50FFE19C6E61}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BD44EB3C-D327-453D-9CFA-F95AD0D73CEE}: [DhcpNameServer] 168.94.0.14 168.94.0.15
Tcpip\..\Interfaces\{E26A98C8-9187-4314-BC64-DC5EFDDCF372}: [DhcpNameServer] 8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-07-02] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll => No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-27] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-27] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-07-02] (Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-27] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-04-27] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-27] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll No File
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-07-02] (Bitdefender)
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-07-02] (Bitdefender)
Toolbar: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4198864589-2716103951-1576274748-1001: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-4198864589-2716103951-1576274748-1001: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-05] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-05-12]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-29]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-29]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
CHR Extension: (Habitual) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bblicfmcdjkhhnafcogoldjiihbnjili [2015-07-25]
CHR Extension: (MindMeister) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm [2015-08-22]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-02]
CHR Extension: (Amazon Music with Prime Music) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkfgcfgfpgmkogcnibdjcckkpdiajgp [2015-07-25]
CHR Extension: (OneTab) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-26]
CHR Extension: (Slacker Radio) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckngegfcpnbbcejpfnakcdcjgigaiole [2015-07-25]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (ShortOrange) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgedljgicfnmjkpbblhbmkfocceckb [2016-02-18]
CHR Extension: (Fair AdBlock App (by STANDS)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2016-06-27]
CHR Extension: (Bitdefender Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-06-18]
CHR Extension: (Box for Chrome OS Beta) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikonaebkejmpbpcnnmfaeopkaenicgf [2016-07-02]
CHR Extension: (Gingko App) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgfhngpppagnmfjocmhlioockncfgjn [2015-08-22]
CHR Extension: (TickTick - Todo & Task List) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eempgbpnkjnacmilmobpbhbfpdjdcpgd [2015-08-22]
CHR Extension: (Add to Feedly™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkjjleifeeaccajkekdcckflfpenoen [2015-12-24]
CHR Extension: (Google Play Music) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-07-23]
CHR Extension: (Stitcher) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcenjghnbkdmdncneijobnbgjcadnbge [2015-07-25]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-29]
CHR Extension: (Fair Ads (by STANDS)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2016-07-02]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (TeamGantt Project Management) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcoffgicdhbbbpdopfhaemdbdglnkcok [2015-08-22]
CHR Extension: (Gantter for Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo [2015-07-25]
CHR Extension: (feedly) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-07-25]
CHR Extension: (Fitocracy) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmigjnmikbkdocofcfpdeemonedpjlpn [2015-07-25]
CHR Extension: (Kindle Cloud Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-08-22]
CHR Extension: (Google Play Music) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-07]
CHR Extension: (Clearly) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-07-25]
CHR Extension: (Google Play) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-08-22]
CHR Extension: (PaymoApp) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenbfhcjnclnoepkkahpnibbekkekihp [2015-08-22]
CHR Extension: (Fair AdBlock (by STANDS)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2016-07-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-03]
CHR Extension: (LINE) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde [2016-07-08]
CHR Extension: (Pocket) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-07-25]
CHR Extension: (Sunrise Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2015-08-22]
CHR Extension: (My Cloud Player) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbfjhlpinelhnncgfpgfekddidnbnaab [2015-07-25]
CHR Extension: (Save to Pocket) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]
CHR Extension: (Trend Micro Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmajmomenlhgihenlbjcfbopoghpckg [2016-06-27]
CHR Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-07-02]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\afgbccjghcnbcdjgogpckamibfkceahd [2016-07-12]
OPR Extension: (Atavi bookmarks) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bihjdnaakmmjplhilkgboobdhpihklib [2015-10-04]
OPR Extension: (Browse++) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopdhnignaicgifmnocnpamikdhdpcne [2015-10-04]
OPR Extension: (TabHamster) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\flaibmngbecjljogddbgojfenfcneanb [2016-06-26]
OPR Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\gjcfmfokccpieoonenflmcacfbdhbdck [2016-05-30]
OPR Extension: (Pocket (formerly Read It Later)) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\hedlhkdmdlcjhiblbmfggdiaeekblnoi [2015-10-04]
OPR Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibonkoolioojccgfdgkbicfcfpldoobn [2015-10-04]
OPR Extension: (Clearly) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mallmmeebeojpflmiolfchfcgbjflklc [2015-10-04]
OPR Extension: (Raindrop.io - Smart Bookmarks) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\nccmjelmbbbhcddoflopnicllmjknnmk [2015-10-04]
OPR Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-07-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-02] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-03] (Dropbox, Inc.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593664 2015-06-19] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-09] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [950200 2016-05-24] (Bitdefender)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-14] (Sandboxie Holdings, LLC)
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3196768 2015-09-25] (Samsung Electronics CO., LTD.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-07-02] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-07-02] (Bitdefender)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 PwmSvc; "C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-07-02] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2015-01-13] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
S3 cmnxusbser; C:\Windows\system32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [299816 2016-07-02] (Bitdefender)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
S3 kbfilter; C:\Windows\system32\DRIVERS\kbfilter.sys [67408 2015-01-29] (Trend Micro Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3351520 2014-07-02] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Windows ® Win 7 DDK provider)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2014-12-23] (Realsil Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [376024 2014-12-26] (Realsil Semiconductor Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-14] (Sandboxie Holdings, LLC)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2015-01-13] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-07-02] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
S3 SBIOSIO; \??\C:\Users\User\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-26 20:47 - 2016-07-26 20:47 - 00071891 _____ C:\Users\User\Downloads\Addition.txt
2016-07-26 20:46 - 2016-07-26 20:50 - 00046589 _____ C:\Users\User\Downloads\FRST.txt
2016-07-26 20:45 - 2016-07-26 20:45 - 02394112 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-07-23 15:19 - 2016-07-23 15:22 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part02.rar
2016-07-23 15:19 - 2016-07-23 15:22 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part01.rar
2016-07-23 15:15 - 2016-07-23 15:18 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part24.rar
2016-07-23 15:15 - 2016-07-23 15:15 - 89508526 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part25.rar
2016-07-23 14:00 - 2016-07-23 14:06 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part22.rar
2016-07-23 14:00 - 2016-07-23 14:05 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part23.rar
2016-07-23 14:00 - 2016-07-23 14:04 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part21.rar
2016-07-23 12:34 - 2016-07-23 12:41 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part20.rar
2016-07-23 12:34 - 2016-07-23 12:40 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part19.rar
2016-07-23 12:34 - 2016-07-23 12:40 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part17.rar
2016-07-23 12:34 - 2016-07-23 12:39 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part18.rar
2016-07-23 12:11 - 2016-07-23 12:19 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part14.rar
2016-07-23 12:11 - 2016-07-23 12:18 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part15.rar
2016-07-23 12:11 - 2016-07-23 12:18 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part13.rar
2016-07-23 12:11 - 2016-07-23 12:15 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part16.rar
2016-07-23 11:57 - 2016-07-23 12:03 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part12.rar
2016-07-23 11:57 - 2016-07-23 12:03 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part10.rar
2016-07-23 11:57 - 2016-07-23 12:01 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part11.rar
2016-07-23 11:56 - 2016-07-23 12:02 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part09.rar
2016-07-23 11:22 - 2016-07-23 11:34 - 37344125 _____ C:\Users\User\Downloads\Carly Parker Puma Swede - 4 Tits 2 Clits Your Dick - BigBoobsPOV.zip
2016-07-23 11:05 - 2016-07-23 11:12 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part05.rar
2016-07-23 11:05 - 2016-07-23 11:11 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part08.rar
2016-07-23 11:05 - 2016-07-23 11:11 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part06.rar
2016-07-23 11:05 - 2016-07-23 11:10 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part07.rar
2016-07-23 10:56 - 2016-07-23 11:03 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part04.rar
2016-07-23 10:56 - 2016-07-23 11:02 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part01.rar
2016-07-23 10:56 - 2016-07-23 11:01 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part02.rar
2016-07-23 10:56 - 2016-07-23 11:00 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part03.rar
2016-07-23 10:31 - 2016-07-23 12:15 - 190522445 _____ C:\Users\User\Downloads\Ca.Xu.Pow.So.Sk.part2.rar
2016-07-23 02:57 - 2016-07-23 07:42 - 524288000 _____ C:\Users\User\Downloads\Ca.Xu.Pow.So.Sk.part1.rar
2016-07-23 02:56 - 2016-07-23 02:59 - 524288000 _____ C:\Users\User\Downloads\Ha.Th.Fa.Ap.part2.rar
2016-07-23 02:56 - 2016-07-23 02:59 - 524288000 _____ C:\Users\User\Downloads\Ha.Th.Fa.Ap.part1.rar
2016-07-23 02:56 - 2016-07-23 02:56 - 47943241 _____ C:\Users\User\Downloads\Ha.Th.Fa.Ap.part3.rar
2016-07-23 02:40 - 2016-07-23 02:46 - 524288000 _____ C:\Users\User\Downloads\DD_Conversation Guide For Men.part6.rar
2016-07-23 02:40 - 2016-07-23 02:46 - 524288000 _____ C:\Users\User\Downloads\DD_Conversation Guide For Men.part5.rar
2016-07-23 02:40 - 2016-07-23 02:45 - 466788151 _____ C:\Users\User\Downloads\DD_Conversation Guide For Men.part7.rar
2016-07-23 02:35 - 2016-07-23 02:42 - 524288000 _____ C:\Users\User\Downloads\DD_Conversation Guide For Men.part3.rar
2016-07-23 02:35 - 2016-07-23 02:42 - 524288000 _____ C:\Users\User\Downloads\DD_Conversation Guide For Men.part2.rar
2016-07-23 02:35 - 2016-07-23 02:40 - 524288000 _____ C:\Users\User\Downloads\DD_Conversation Guide For Men.part4.rar
2016-07-23 02:34 - 2016-07-23 02:40 - 524288000 _____ C:\Users\User\Downloads\DD_Conversation Guide For Men.part1.rar
2016-07-23 02:05 - 2016-07-23 02:33 - 00000000 ____D C:\Users\User\Downloads\Tyler - H0tsit At H0me
2016-07-23 02:04 - 2016-07-23 02:05 - 320512174 _____ C:\Users\User\Downloads\Conversational Power 2014.part5.rar
2016-07-23 01:53 - 2016-07-23 02:00 - 524288000 _____ C:\Users\User\Downloads\Conversational Power 2014.part2.rar
2016-07-23 01:53 - 2016-07-23 01:59 - 524288000 _____ C:\Users\User\Downloads\Conversational Power 2014.part4.rar
2016-07-23 01:53 - 2016-07-23 01:59 - 524288000 _____ C:\Users\User\Downloads\Conversational Power 2014.part1.rar
2016-07-23 01:53 - 2016-07-23 01:58 - 524288000 _____ C:\Users\User\Downloads\Conversational Power 2014.part3.rar
2016-07-23 01:48 - 2016-07-23 01:55 - 524288000 _____ C:\Users\User\Downloads\My-Hi.Gu.An.St.part1.rar
2016-07-23 01:48 - 2016-07-23 01:53 - 504583669 _____ C:\Users\User\Downloads\My-Hi.Gu.An.St.part3.rar
2016-07-23 01:48 - 2016-07-23 01:51 - 524288000 _____ C:\Users\User\Downloads\My-Hi.Gu.An.St.part2.rar
2016-07-23 01:44 - 2016-07-23 01:44 - 45655297 _____ C:\Users\User\Downloads\Tinsanity - The Ultimate Tinder Seduction System-G_P.rar
2016-07-22 21:40 - 2016-07-22 21:49 - 524288000 _____ C:\Users\User\Downloads\Nick Savoy Love Systems - Relationship Management-G [email protected]
2016-07-22 21:40 - 2016-07-22 21:48 - 524288000 _____ C:\Users\User\Downloads\Nick Savoy Love Systems - Relationship Management-G [email protected]
2016-07-22 21:40 - 2016-07-22 21:47 - 524288000 _____ C:\Users\User\Downloads\Nick Savoy Love Systems - Relationship Management-G [email protected]
2016-07-22 21:40 - 2016-07-22 21:42 - 374541510 _____ C:\Users\User\Downloads\Nick Savoy Love Systems - Relationship Management-G [email protected]
2016-07-22 00:28 - 2016-07-23 01:57 - 524288000 _____ C:\Users\User\Downloads\Tyler - H0tsit At H0me.part19.rar
2016-07-21 23:54 - 2016-06-15 13:39 - 00000000 ____D C:\Users\User\Downloads\Spectre (2015) 480p 2ch BRRip AAC x264 - [GeekRG]
2016-07-21 12:32 - 2015-07-22 15:10 - 00000000 ____D C:\Users\User\Downloads\Shift
2016-07-21 12:31 - 2016-07-23 01:51 - 00000000 ____D C:\Users\User\Downloads\P Tr-D Ga-e
2016-07-21 06:03 - 2016-07-21 06:08 - 191007573 _____ C:\Users\User\Downloads\Angela Duckworth - Grit The Power of Passion and Perseverance.rar
2016-07-21 04:36 - 2016-07-21 04:36 - 00000000 ____D C:\WINDOWS\EOONotify
2016-07-20 21:49 - 2016-07-17 03:10 - 00000000 ____D C:\Users\User\Downloads\3GAD - Full
2016-07-20 21:03 - 2015-05-25 07:20 - 00000000 ____D C:\Users\User\Downloads\3GAD
2016-07-20 21:02 - 2016-07-20 21:02 - 00000000 ____D C:\Users\User\Downloads\hy0kj.Jeff.Allen..Execute.The.Program..The.ShyAwkward.Girl
2016-07-20 21:01 - 2015-05-16 13:16 - 00000000 ____D C:\Users\User\Downloads\Foundations-
2016-07-20 17:54 - 2015-04-17 10:10 - 00000000 ____D C:\Users\User\Downloads\Execute The Program - RSD Jeffy
2016-07-20 17:49 - 2016-07-10 07:34 - 00000000 ____D C:\Users\User\Downloads\Da.ga-Ge.Ge.Gi
2016-07-20 06:05 - 2016-07-20 07:16 - 351131417 _____ C:\Users\User\Downloads\215644585ches2565.mp4
2016-07-20 06:04 - 2016-07-20 09:56 - 709943031 _____ C:\Users\User\Downloads\578Eeciahaa.mp4
2016-07-20 06:04 - 2016-07-20 06:23 - 55678750 _____ C:\Users\User\Downloads\Kianna_Dior_Kianna's_xmas_[bleep].mp4
2016-07-20 05:57 - 2016-07-20 06:40 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part10.rar
2016-07-20 01:31 - 2016-07-20 02:17 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part09 (1).rar
2016-07-19 20:34 - 2016-07-19 21:22 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part09.rar
2016-07-19 20:32 - 2016-07-20 00:56 - 474464256 _____ C:\Users\User\Downloads\Unconfirmed 941085.crdownload
2016-07-19 13:14 - 2016-07-19 13:58 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part08.rar
2016-07-19 05:41 - 2016-07-19 06:26 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part07.rar
2016-07-18 17:19 - 2016-07-18 18:04 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part06 (1).rar
2016-07-18 05:59 - 2016-07-18 06:43 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part06.rar
2016-07-18 00:43 - 2016-07-18 01:27 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part05.rar
2016-07-17 20:27 - 2016-07-17 21:13 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part04.rar
2016-07-17 12:18 - 2016-07-17 12:18 - 00001115 _____ C:\Users\User\Downloads\Unconfirmed 604055.crdownload
2016-07-17 12:15 - 2016-07-17 13:05 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part03 (1).rar
2016-07-17 12:11 - 2016-07-17 12:11 - 00000000 ____D C:\Users\User\Downloads\jeff.Allen..Execute.The.Program..The.ShyAwkward.Girl
2016-07-17 12:08 - 2016-07-17 12:08 - 00328045 _____ C:\Users\User\Downloads\Mahou Senshi Louie Rune Soldier 2001 E D (2).torrent
2016-07-17 12:08 - 2016-07-17 12:08 - 00328045 _____ C:\Users\User\Downloads\Mahou Senshi Louie Rune Soldier 2001 E D (1).torrent
2016-07-17 12:08 - 2016-07-17 12:08 - 00021883 _____ C:\Users\User\Downloads\Muv Luv Alternative Total Eclipse 2012 Exiled Destiny Dual Audio (1).torrent
2016-07-17 09:05 - 2016-07-17 09:05 - 00328045 _____ C:\Users\User\Downloads\Mahou Senshi Louie Rune Soldier 2001 E D.torrent
2016-07-17 09:05 - 2016-07-17 09:05 - 00023481 _____ C:\Users\User\Downloads\Mamoru kun ni Megami no Shukufuku wo 2006 GrimRipper 10 bit.torrent
2016-07-17 09:05 - 2016-07-17 09:05 - 00021883 _____ C:\Users\User\Downloads\Muv Luv Alternative Total Eclipse 2012 Exiled Destiny Dual Audio.torrent
2016-07-17 09:04 - 2016-07-17 09:04 - 00028374 _____ C:\Users\User\Downloads\Hikari to Mizu no Daphne 2004 Tipota Dual Audio.torrent
2016-07-17 08:58 - 2016-07-17 08:58 - 00198651 _____ C:\Users\User\Downloads\Bleach 2004 HorribleSubs SD 480p HD 720p (2).torrent
2016-07-17 08:44 - 2016-07-17 08:44 - 00198651 _____ C:\Users\User\Downloads\Bleach 2004 HorribleSubs SD 480p HD 720p (1).torrent
2016-07-17 08:39 - 2016-07-17 09:25 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part03.rar
2016-07-17 08:30 - 2016-07-17 08:30 - 00198651 _____ C:\Users\User\Downloads\Bleach 2004 HorribleSubs SD 480p HD 720p.torrent
2016-07-17 02:14 - 2016-07-17 03:00 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part02.rar
2016-07-16 21:22 - 2016-07-16 22:08 - 1073741860 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part01.rar
2016-07-16 21:21 - 2016-07-16 21:22 - 00002575 _____ C:\Users\User\Downloads\Unconfirmed 723572.crdownload
2016-07-16 20:14 - 2016-07-20 21:02 - 00000000 ____D C:\Users\User\Downloads\LS Social Circle Mastery
2016-07-15 21:11 - 2016-07-15 21:21 - 124825802 _____ C:\Users\User\Downloads\kianna578978.rar
2016-07-14 13:17 - 2016-07-14 13:45 - 86857402 _____ C:\Users\User\Downloads\Hitomi sco 27.zip
2016-07-14 13:17 - 2016-07-14 13:37 - 63706225 _____ C:\Users\User\Downloads\sr326.rar
2016-07-14 06:08 - 2016-07-14 06:37 - 260660843 _____ C:\Users\User\Downloads\LAFRN.rar
2016-07-14 06:08 - 2016-07-14 06:30 - 68104693 _____ C:\Users\User\Downloads\Hitomi sco 23.zip
2016-07-14 06:08 - 2016-07-14 06:12 - 13446808 _____ C:\Users\User\Downloads\Sha Rizel - The Brunette in Red.zip
2016-07-13 13:01 - 2016-07-13 13:37 - 332648240 _____ C:\Users\User\Downloads\Msrt_BBTGCOT_sd (1).rar
2016-07-13 12:58 - 2016-07-13 13:12 - 26140565 _____ C:\Users\User\Downloads\Hitomi Knee Socks Nude 66 pix.zip
2016-07-13 06:33 - 2016-05-25 09:22 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-07-13 06:33 - 2016-05-25 09:22 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-07-13 06:33 - 2016-05-25 09:12 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-07-13 06:33 - 2016-05-25 09:12 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-07-13 06:05 - 2016-07-13 06:50 - 406171132 _____ C:\Users\User\Downloads\MWECEEvEhM.rar
2016-07-13 06:05 - 2016-07-13 06:13 - 25044504 _____ C:\Users\User\Downloads\Hitomi sco 11.zip
2016-07-12 23:59 - 2016-07-13 00:36 - 112440452 _____ C:\Users\User\Downloads\Hitomi sco 24.zip
2016-07-12 19:50 - 2016-07-12 20:03 - 23306226 _____ C:\Users\User\Downloads\Sha Rizel - Tight is Right.zip
2016-07-12 19:48 - 2016-07-12 20:52 - 753561008 _____ C:\Users\User\Downloads\diamond_fo.rar
2016-07-12 19:47 - 2016-07-12 20:13 - 234980853 _____ C:\Users\User\Downloads\SSBOAT.rar
2016-07-12 19:47 - 2016-07-12 19:49 - 18421588 _____ C:\Users\User\Downloads\Hitomi sco 14.zip
2016-07-12 18:21 - 2016-06-25 16:05 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-07-12 18:21 - 2016-06-25 14:13 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2016-07-12 18:21 - 2016-06-25 12:24 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2016-07-12 18:21 - 2016-06-25 12:15 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-07-12 18:21 - 2016-06-25 12:13 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-07-12 18:21 - 2016-06-25 12:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2016-07-12 18:21 - 2016-06-22 09:48 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-07-12 18:21 - 2016-06-21 14:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2016-07-12 18:21 - 2016-06-21 10:12 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2016-07-12 18:21 - 2016-06-21 09:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-07-12 18:21 - 2016-06-21 09:48 - 01208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-07-12 18:21 - 2016-06-21 09:48 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-07-12 18:21 - 2016-06-21 09:48 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-07-12 18:21 - 2016-06-21 09:48 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-07-12 18:21 - 2016-06-21 09:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-07-12 18:21 - 2016-06-21 09:48 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-07-12 18:21 - 2016-06-11 15:45 - 07445856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-07-12 18:21 - 2016-06-11 14:14 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-07-12 18:21 - 2016-06-11 14:11 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-07-12 18:21 - 2016-06-11 13:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-07-12 18:21 - 2016-06-11 13:22 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-07-12 18:21 - 2016-06-11 13:22 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-07-12 18:21 - 2016-06-11 13:13 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-07-12 18:21 - 2016-06-11 13:12 - 20348928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-07-12 18:21 - 2016-06-11 13:07 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-07-12 18:21 - 2016-06-11 13:00 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-07-12 18:21 - 2016-06-11 12:57 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-07-12 18:21 - 2016-06-11 12:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-07-12 18:21 - 2016-06-11 12:38 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-07-12 18:21 - 2016-06-11 12:33 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-07-12 18:21 - 2016-06-11 12:31 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-07-12 18:21 - 2016-06-11 12:31 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-07-12 18:21 - 2016-06-11 12:30 - 15409664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-07-12 18:21 - 2016-06-11 12:29 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-07-12 18:21 - 2016-06-11 12:15 - 13806080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-07-12 18:21 - 2016-06-11 12:12 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-07-12 18:21 - 2016-06-11 11:59 - 02392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-07-12 18:21 - 2016-06-11 11:56 - 01315840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-07-12 18:21 - 2016-06-11 11:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-07-12 18:21 - 2016-01-30 15:50 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-07-12 18:21 - 2016-01-30 15:00 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2016-07-12 18:21 - 2016-01-30 14:48 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-07-12 18:21 - 2016-01-30 14:18 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-07-12 18:21 - 2016-01-30 13:48 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2016-07-12 18:21 - 2016-01-30 13:41 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-07-12 18:20 - 2016-06-11 13:56 - 25812992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-07-12 18:20 - 2016-06-11 13:42 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-07-12 18:20 - 2016-06-11 13:23 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-07-12 18:20 - 2016-06-11 13:21 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-07-12 18:20 - 2016-06-11 13:20 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-07-12 18:20 - 2016-06-11 13:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-07-12 18:20 - 2016-06-11 13:03 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-07-12 18:20 - 2016-06-11 13:01 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-07-12 18:20 - 2016-06-11 13:00 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-07-12 18:20 - 2016-06-11 12:43 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-07-12 18:20 - 2016-06-11 12:31 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-07-12 18:20 - 2016-06-11 12:26 - 02869248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-07-12 18:20 - 2016-06-11 12:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-07-12 18:20 - 2016-06-10 17:35 - 04167680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-07-12 13:30 - 2016-07-12 23:27 - 1100991838 _____ C:\Users\User\Downloads\570PhoenixMarie.rar
2016-07-12 13:27 - 2016-07-12 14:07 - 364173066 _____ C:\Users\User\Downloads\sh.rar
2016-07-12 13:26 - 2016-07-12 13:29 - 22987857 _____ C:\Users\User\Downloads\Hitomi sco 16.zip
2016-07-12 05:56 - 2016-07-12 09:11 - 601259111 _____ C:\Users\User\Downloads\G7QDzvYyS.rar
2016-07-12 00:52 - 2016-07-12 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-12 00:09 - 2016-07-12 00:12 - 23203708 _____ C:\Users\User\Downloads\Hitomi Pinup 24.zip
2016-07-12 00:04 - 2016-07-12 00:45 - 495855605 _____ C:\Users\User\Downloads\Ava-Addams-And-Her-Big-Tits-Suck-3-Cocks-At-Gloryhole.rar
2016-07-09 21:29 - 2016-07-12 00:28 - 314697077 _____ C:\Users\User\Downloads\LAINTER.rar
2016-07-09 21:18 - 2016-07-12 00:55 - 219666582 _____ C:\Users\User\Downloads\ck9sujdye4fdsjngh6-8.rar
2016-07-09 21:14 - 2016-07-09 21:16 - 324350025 _____ C:\Users\User\Downloads\li040516an.rar
2016-07-09 20:58 - 2016-07-12 10:42 - 834007040 _____ C:\Users\User\Downloads\Unconfirmed 26002.crdownload
2016-07-09 20:37 - 2016-07-09 20:41 - 39086257 _____ C:\Users\User\Downloads\Hitomi 50s Style 62 pix.zip
2016-07-09 20:33 - 2016-07-09 20:57 - 295384407 _____ C:\Users\User\Downloads\StReS2.rar
2016-07-08 13:40 - 2016-07-08 13:40 - 00016995 _____ C:\Users\User\Downloads\4190721128.Pdf
2016-07-08 13:38 - 2016-07-08 13:38 - 00634649 _____ C:\Users\User\Downloads\4190721128_1.pdf
2016-07-08 06:04 - 2016-07-08 08:08 - 381240535 _____ C:\Users\User\Downloads\1689La_T-P-L-H.rar
2016-07-08 06:03 - 2016-07-08 06:40 - 112421607 _____ C:\Users\User\Downloads\4035z18_T-P-P-D-3213.rar
2016-07-08 01:58 - 2016-07-08 02:02 - 106040919 _____ C:\Users\User\Downloads\2312TeraSpider.rar
2016-07-08 01:57 - 2016-07-08 03:29 - 283068161 _____ C:\Users\User\Downloads\23309_01_big (1).rar
2016-07-08 01:57 - 2016-07-08 02:24 - 283068161 _____ C:\Users\User\Downloads\23309_01_big.rar
2016-07-08 01:56 - 2016-07-08 04:31 - 646789187 _____ C:\Users\User\Downloads\Msrt_BBTGCOT_hd.rar
2016-07-07 05:42 - 2016-07-07 07:21 - 303727250 _____ C:\Users\User\Downloads\4035z55_T-P-P-A-B-F.rar
2016-07-07 05:41 - 2016-07-07 05:43 - 281678302 _____ C:\Users\User\Downloads\te030616pa.rar
2016-07-07 03:01 - 2016-07-07 05:51 - 521211463 _____ C:\Users\User\Downloads\201_040916_333_598 (1).rar
2016-07-07 02:47 - 2016-07-07 04:03 - 321278766 _____ C:\Users\User\Downloads\Pigtails.rar
2016-07-07 02:43 - 2016-07-07 02:54 - 267098306 _____ C:\Users\User\Downloads\3843a_T-P-V-03.rar
2016-07-07 02:25 - 2016-07-07 06:08 - 2693825049 _____ C:\Users\User\Downloads\Puma Swede - Up Her [bleep] #3.rar
2016-07-07 00:18 - 2016-07-07 03:14 - 540508727 _____ C:\Users\User\Downloads\titsktrhrtlsctrs4 (1).rar
2016-07-06 17:29 - 2016-07-06 17:37 - 13816064 _____ C:\Users\User\Downloads\Abbi_Secraa_-_Natural_Boobs_-_Kisses_On_My_Treasures.rar
2016-07-06 17:03 - 2016-07-06 20:59 - 723952020 _____ C:\Users\User\Downloads\5WuRcNnid.rar
2016-07-06 13:00 - 2016-07-06 14:49 - 332648240 _____ C:\Users\User\Downloads\Msrt_BBTGCOT_sd.rar
2016-07-06 12:59 - 2016-07-06 15:55 - 540508727 _____ C:\Users\User\Downloads\titsktrhrtlsctrs4.rar
2016-07-06 06:34 - 2016-07-06 07:17 - 521211463 _____ C:\Users\User\Downloads\201_040916_333_598.rar
2016-07-02 21:43 - 2016-07-02 21:43 - 00000000 ___RD C:\Sandbox
2016-07-02 21:37 - 2016-07-26 20:19 - 00002062 _____ C:\WINDOWS\Sandboxie.ini
2016-07-02 21:37 - 2016-07-22 01:02 - 00001014 _____ C:\Users\User\Desktop\Sandboxed Web Browser.lnk
2016-07-02 21:36 - 2016-07-02 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-07-02 21:36 - 2016-07-02 21:36 - 00000000 ____D C:\Program Files\Sandboxie
2016-07-02 21:32 - 2016-07-02 21:32 - 08969872 _____ (Sandboxie Holdings, LLC) C:\Users\User\Downloads\SandboxieInstall.exe
2016-07-02 21:22 - 2016-07-02 21:22 - 78234541 _____ C:\Users\User\Downloads\Leanne_Crow_-_Sparkle_Hot_Tub_Bikini_2_-_720p.wmv.crdownload
2016-07-02 21:16 - 2016-07-02 21:16 - 00000385 _____ C:\Users\User\AppData\Roaminguser_gensett.xml
2016-07-02 21:16 - 2016-07-02 21:16 - 00000000 ____D C:\Users\User\Documents\My Games
2016-07-02 21:15 - 2016-07-02 21:15 - 823264064 _____ C:\WINDOWS\MEMORY.DMP
2016-07-02 21:15 - 2016-07-02 21:15 - 00294440 _____ C:\WINDOWS\Minidump\070216-6953-01.dmp
2016-07-02 21:15 - 2016-07-02 21:15 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-02 18:02 - 2016-07-02 18:02 - 00002152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2016-07-02 18:02 - 2016-07-02 18:02 - 00002140 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2016-07-02 18:02 - 2016-07-02 18:02 - 00000000 ____D C:\Program Files (x86)\Belarc
2016-07-02 17:57 - 2016-07-02 17:57 - 04401648 _____ C:\Users\User\Downloads\advisorinstaller.exe
2016-07-02 17:44 - 2016-07-02 17:44 - 138645264 _____ (Microsoft Corporation) C:\Users\User\Downloads\msert.exe
2016-07-02 17:39 - 2016-07-02 17:39 - 50716384 _____ (Microsoft Corporation) C:\Users\User\Downloads\Windows-KB890830-x64-V5.37.exe
2016-07-02 15:31 - 2016-07-23 20:16 - 00112412 _____ C:\WINDOWS\ntbtlog.txt
2016-07-02 15:30 - 2016-07-02 15:30 - 00000000 ____D C:\WINDOWS\pss
2016-07-01 01:07 - 2016-07-01 01:07 - 00001134 _____ C:\Users\User\Desktop\ckfiles.txt
2016-07-01 01:05 - 2016-07-01 01:05 - 00468480 _____ () C:\Users\User\Downloads\CKScanner.exe
2016-07-01 01:05 - 2016-07-01 01:05 - 00468480 _____ () C:\Users\User\Desktop\CKScanner.exe
2016-06-29 01:14 - 2016-07-09 20:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-29 01:14 - 2016-06-29 01:14 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-29 01:14 - 2016-06-29 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-29 01:13 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-29 01:13 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-29 01:13 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-29 01:12 - 2016-06-29 01:12 - 00001095 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2016-06-29 01:12 - 2016-06-29 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2016-06-29 01:12 - 2012-05-02 12:17 - 01070152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2016-06-29 01:12 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2016-06-27 02:29 - 2016-06-27 02:29 - 00405898 _____ C:\ProgramData\1467008746.bdinstall.bin
2016-06-27 02:27 - 2016-06-27 02:27 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2016-06-27 02:26 - 2016-07-02 15:47 - 00520032 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-06-27 02:26 - 2016-07-02 15:47 - 00299816 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2016-06-27 02:26 - 2016-06-27 02:42 - 00000000 ____D C:\ProgramData\Bitdefender
2016-06-27 02:26 - 2016-06-27 02:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Bitdefender
2016-06-27 02:26 - 2016-06-27 02:26 - 00003640 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-06-27 02:26 - 2016-06-27 02:26 - 00002217 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-06-27 02:26 - 2016-06-27 02:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-06-27 02:26 - 2016-06-27 02:26 - 00000000 ____D C:\Program Files\Bitdefender
2016-06-27 02:26 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2016-06-27 02:26 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2016-06-27 02:26 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-06-27 02:26 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2016-06-27 02:26 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2016-06-27 02:26 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2016-06-27 02:25 - 2016-06-27 02:26 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-06-27 02:24 - 2016-07-23 20:16 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-06-26 22:49 - 2016-06-26 22:49 - 13709368 _____ C:\Users\User\Desktop\Bitdefender_2016_UninstallTool.exe
2016-06-26 22:22 - 2016-06-26 18:37 - 00018432 _____ C:\Users\User\Downloads\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage
2016-06-26 22:22 - 2016-06-26 18:37 - 00018432 _____ C:\Users\User\Desktop\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage
2016-06-26 22:22 - 2016-06-26 18:37 - 00000000 _____ C:\Users\User\Downloads\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal
2016-06-26 22:22 - 2016-06-26 18:37 - 00000000 _____ C:\Users\User\Desktop\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal
2016-06-26 22:11 - 2016-06-26 22:11 - 00001093 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-06-26 22:11 - 2016-06-26 22:11 - 00000000 ____D C:\Users\User\AppData\Local\VS Revo Group
2016-06-26 22:11 - 2016-06-26 22:11 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-06-26 22:11 - 2016-06-26 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-06-26 22:11 - 2016-06-26 22:11 - 00000000 ____D C:\Program Files\VS Revo Group
2016-06-26 22:11 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-06-26 22:10 - 2016-06-26 22:10 - 11374528 _____ (VS Revo Group ) C:\Users\User\Desktop\RevoUninProSetup.exe
2016-06-26 21:01 - 2016-06-26 21:01 - 00251392 _____ C:\Users\User\Desktop\hijackthis_sfx.exe
2016-06-26 20:01 - 2016-06-26 20:02 - 15850936 _____ (Trend Micro Inc. ) C:\Users\User\Desktop\Ti_100_win_en_Tool_UninstallTool_hfb0001.exe
2016-06-26 19:25 - 2016-06-03 13:11 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-06-26 19:25 - 2016-05-18 19:15 - 01379040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-26 19:25 - 2016-05-18 16:35 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-26 19:25 - 2016-05-18 01:31 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-26 19:25 - 2016-05-18 01:31 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-26 19:25 - 2016-05-16 17:13 - 00563016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-26 19:25 - 2016-05-16 17:13 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-26 19:25 - 2016-05-16 17:13 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-26 19:25 - 2016-05-16 17:13 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-26 19:25 - 2016-05-14 16:01 - 00363104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-26 19:25 - 2016-05-14 16:01 - 00320720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-26 19:25 - 2016-05-13 19:07 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-26 19:25 - 2016-05-13 19:07 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-26 19:25 - 2016-05-13 19:07 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-26 19:25 - 2016-05-13 19:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-26 19:25 - 2016-05-13 19:04 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-26 19:25 - 2016-05-13 18:34 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-06-26 19:25 - 2016-05-13 18:19 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-26 19:25 - 2016-05-13 17:58 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-26 19:25 - 2016-05-13 17:58 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-06-26 19:25 - 2016-05-13 17:45 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-26 19:25 - 2016-05-13 17:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-26 19:25 - 2016-05-13 17:26 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-26 19:25 - 2016-05-12 14:38 - 00135336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-26 19:25 - 2016-05-12 13:43 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2016-06-26 19:25 - 2016-05-12 12:17 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-26 19:25 - 2016-05-12 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-26 19:25 - 2016-05-12 12:07 - 01360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-26 19:25 - 2016-05-12 11:59 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-26 19:25 - 2016-05-12 11:43 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-26 19:25 - 2016-05-12 11:37 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-26 19:25 - 2016-05-09 17:35 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-06-26 19:25 - 2016-05-09 16:56 - 05270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-06-26 19:25 - 2016-05-09 16:45 - 07793152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-26 19:25 - 2016-05-09 16:23 - 05265920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-26 19:25 - 2016-05-06 11:45 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-26 19:25 - 2016-05-06 11:23 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-26 19:25 - 2016-04-14 11:25 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-06-26 19:25 - 2016-04-14 11:11 - 02464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-06-26 19:25 - 2016-04-12 11:46 - 14467584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-26 19:25 - 2016-04-12 11:30 - 12879872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-26 19:25 - 2016-01-31 15:17 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2016-06-26 19:25 - 2016-01-31 14:07 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-06-26 19:25 - 2016-01-31 13:42 - 03320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-06-26 19:25 - 2016-01-31 13:14 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-06-26 17:59 - 2016-06-29 01:13 - 00000000 ____D C:\ProgramData\TEMP
2016-06-26 17:58 - 2016-06-29 01:12 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-06-26 16:54 - 2016-06-26 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-06-26 16:54 - 2016-06-26 16:54 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-26 16:54 - 2016-06-26 16:54 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-06-26 16:51 - 2016-06-26 16:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-06-26 16:13 - 2016-06-26 19:13 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-26 16:13 - 2016-06-26 16:45 - 00000000 ____D C:\ProgramData\HitmanPro
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-26 20:51 - 2015-10-03 20:46 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-07-26 20:51 - 2015-10-03 20:46 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-07-26 20:50 - 2016-06-25 12:58 - 00000000 ____D C:\FRST
2016-07-26 20:41 - 2015-07-25 22:10 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001UA.job
2016-07-26 20:33 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-26 20:32 - 2015-03-28 14:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-07-26 20:32 - 2015-03-21 18:22 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4198864589-2716103951-1576274748-1001
2016-07-26 20:29 - 2015-03-28 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2016-07-26 20:29 - 2015-03-28 19:47 - 00000000 ____D C:\Program Files\Adobe
2016-07-26 20:29 - 2015-03-21 10:49 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-07-26 20:28 - 2015-03-21 10:48 - 00000000 ____D C:\ProgramData\Adobe
2016-07-26 20:27 - 2015-03-28 19:47 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-07-26 20:26 - 2015-03-28 20:28 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-07-26 20:25 - 2015-05-02 10:19 - 00000000 ____D C:\ProgramData\Origin
2016-07-26 20:25 - 2015-03-29 18:41 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-26 20:24 - 2014-03-18 06:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-26 20:24 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-07-26 20:23 - 2015-10-04 22:59 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-26 20:19 - 2015-10-03 13:24 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2016-07-26 20:19 - 2015-03-21 10:47 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2016-07-23 20:16 - 2016-04-21 01:37 - 00000000 ____D C:\Users\User\.rainlendar2
2016-07-23 20:16 - 2015-11-15 17:15 - 00000091 _____ C:\HaxLogs.txt
2016-07-23 20:16 - 2015-07-19 09:48 - 00000000 ____D C:\Users\User\OneDrive
2016-07-23 20:16 - 2015-07-18 11:59 - 00000000 ___RD C:\Users\User\Google Drive
2016-07-23 20:16 - 2015-04-03 21:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-23 20:16 - 2015-03-29 18:41 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-23 20:16 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-23 20:16 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-07-23 20:15 - 2016-06-25 01:29 - 00004706 _____ C:\bdlog.txt
2016-07-23 20:15 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-07-23 20:14 - 2015-08-23 12:54 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2016-07-23 20:06 - 2016-01-11 06:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-23 19:50 - 2015-11-13 23:59 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-23 06:41 - 2015-07-25 22:10 - 00000864 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001Core.job
2016-07-23 02:34 - 2015-03-21 18:16 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2016-07-21 23:55 - 2015-04-14 21:44 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2016-07-21 04:36 - 2015-04-11 09:32 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-07-21 04:36 - 2015-04-11 09:32 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-07-21 04:36 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-20 19:43 - 2015-07-25 21:31 - 00000000 ____D C:\Users\User\AppData\Local\MEGAsync
2016-07-17 05:08 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-07-16 18:25 - 2013-08-22 10:44 - 05102992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-16 18:24 - 2015-04-16 01:01 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-07-16 18:24 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-07-13 06:39 - 2015-03-21 10:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-13 06:34 - 2015-03-21 10:24 - 144749672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-13 06:33 - 2014-03-18 05:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-13 01:06 - 2016-01-11 06:25 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-07-13 01:06 - 2015-11-13 23:59 - 00003848 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-07-13 01:06 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-07-13 01:06 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-12 19:56 - 2015-07-25 09:58 - 00000000 ____D C:\Users\User\AppData\Roaming\KeePass
2016-07-12 03:30 - 2015-03-21 10:51 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-07-12 00:52 - 2015-10-03 20:46 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-07-08 01:49 - 2015-08-22 09:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Stardock
2016-07-02 20:34 - 2015-07-19 11:54 - 00000000 ____D C:\Users\User\Incomplete
2016-07-02 20:23 - 2015-03-29 18:49 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2016-07-02 20:22 - 2015-07-18 14:10 - 00000000 ____D C:\Users\User\AppData\Local\Dropbox
2016-07-02 00:29 - 2013-08-22 11:38 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-07-02 00:29 - 2013-08-22 11:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-29 01:14 - 2016-06-25 01:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-29 01:13 - 2015-03-21 10:31 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-06-29 01:12 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-06-28 21:25 - 2015-03-29 18:42 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-28 21:25 - 2015-03-29 18:42 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-27 06:03 - 2015-04-19 20:13 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-06-26 22:51 - 2016-04-24 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2016-06-26 22:50 - 2016-06-18 11:36 - 00000000 ____D C:\ProgramData\BDLogging
2016-06-26 21:01 - 2015-03-21 18:16 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2016-06-26 20:19 - 2015-03-21 10:30 - 00000000 ____D C:\ProgramData\Trend Micro
2016-06-26 20:12 - 2015-03-21 10:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-26 20:12 - 2015-03-21 10:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-26 20:03 - 2015-12-19 06:41 - 00000000 ____D C:\Users\User\AppData\Local\Trend Micro
2016-06-26 19:44 - 2015-03-21 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-26 19:14 - 2016-06-24 22:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-06-26 19:14 - 2015-08-23 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2016-06-26 19:14 - 2015-08-23 12:37 - 00000000 ____D C:\Program Files\AutoHotkey
2016-06-26 19:14 - 2015-03-21 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Password Manager
2016-06-26 19:13 - 2016-06-25 13:19 - 00000000 ____D C:\Users\User\AppData\Temp
2016-06-26 19:13 - 2016-06-25 01:25 - 00000000 ____D C:\AdwCleaner
2016-06-26 19:13 - 2016-04-21 01:30 - 00000000 ____D C:\Users\User\AppData\Roaming\Rainmeter
2016-06-26 19:13 - 2016-04-21 01:30 - 00000000 ____D C:\Program Files\Rainmeter
2016-06-26 19:13 - 2016-01-31 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-26 19:13 - 2016-01-31 15:25 - 00000000 ____D C:\Program Files\iTunes
2016-06-26 19:13 - 2016-01-31 15:25 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-06-26 19:13 - 2016-01-31 15:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-06-26 19:13 - 2016-01-31 15:23 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-06-26 19:13 - 2015-10-03 22:16 - 00000000 ____D C:\Users\User\AppData\Roaming\Launchy
2016-06-26 19:13 - 2015-09-13 02:30 - 00000000 ____D C:\Users\User\AppData\Local\JDownloader v2.0
2016-06-26 19:13 - 2015-08-08 18:46 - 00000000 ____D C:\ProgramData\Apple Computer
2016-06-26 19:13 - 2015-08-08 18:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-26 19:13 - 2015-08-04 21:29 - 00000000 ____D C:\ProgramData\FitbitConnect
2016-06-26 19:13 - 2015-07-19 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-06-26 19:13 - 2015-07-19 13:52 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2016-06-26 19:13 - 2015-04-04 21:09 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2016-06-26 19:13 - 2015-01-13 20:00 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-06-26 19:13 - 2014-03-18 05:45 - 00000000 ____D C:\WINDOWS\ShellNew
2016-06-26 19:13 - 2013-08-22 11:36 - 00000000 __RSD C:\WINDOWS\Media
2016-06-26 19:13 - 2013-08-22 11:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-06-26 19:13 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SystemResources
2016-06-26 19:13 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-06-26 19:13 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Globalization
2016-06-26 19:13 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-26 19:13 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-06-26 19:12 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-26 19:09 - 2016-01-31 15:25 - 00000000 ____D C:\Program Files\iPod
2016-06-26 19:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\registration
 
==================== Files in the root of some directories =======
 
2015-10-30 20:47 - 2015-10-30 20:47 - 0000000 _____ () C:\Users\User\AppData\Roaming\Stardockfences_debug_snapshot.dat
2015-03-21 10:30 - 2015-03-21 10:30 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2015-09-06 05:37 - 2015-09-06 05:37 - 0000218 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2015-04-22 21:23 - 2016-03-21 11:59 - 0000010 _____ () C:\Users\User\AppData\Local\sponge.last.runtime.cache
2016-06-27 02:29 - 2016-06-27 02:29 - 0405898 _____ () C:\ProgramData\1467008746.bdinstall.bin
2016-03-02 19:35 - 2016-03-02 19:35 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-07-18 14:14 - 2015-07-18 14:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-08 02:06 - 2015-04-08 02:10 - 0000839 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\User\AppData\Local\Temp\OfficeSetup.exe
C:\Users\User\AppData\Local\Temp\proxy_vole8658733503972905890.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-15 05:00
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2016
Ran by User (2016-07-26 20:51:05)
Running from C:\Users\User\Downloads
Windows 8.1 (Update) (X64) (2015-03-21 22:56:10)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4198864589-2716103951-1576274748-500 - Administrator - Disabled)
Guest (S-1-5-21-4198864589-2716103951-1576274748-501 - Limited - Disabled)
User (S-1-5-21-4198864589-2716103951-1576274748-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
4K Stogram 1.9 (HKLM-x32\...\4K Stogram_is1) (Version: 1.9.5.964 - Open Media LLC)
5600 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon Kindle (HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{9043E92C-183C-7633-0237-96CE00F5C909}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AutoHotkey 1.1.22.04 (HKLM\...\AutoHotkey) (Version: 1.1.22.04 - Lexikos)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Belvedere 0.7.1 (HKLM-x32\...\Belvedere) (Version: 0.7.1 - Lifehacker)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.28.1503 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Renegade (HKLM-x32\...\{97B5E8B9-D5E6-49C4-8CDA-7E096BE2601A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Deluge 1.3.11 (HKLM-x32\...\Deluge) (Version:  - )
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Elevated Installer (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
ETDWare X64 11.7.19.9_WHQL (HKLM\...\Elantech) (Version: 11.7.19.9 - ELAN Microelectronic Corp.)
Evernote v. 6.0.6 (HKLM-x32\...\{FC4A0E2E-0CD3-11E6-B80E-005056951CAD}) (Version: 6.0.6.1769 - Evernote Corp.)
Fallout 3 (HKLM-x32\...\Steam App 22300) (Version:  - Bethesda Game Studios)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fences (HKLM-x32\...\Fences) (Version:  - Stardock Corporation)
Fences (Version: 1.0 - Stardock Corporation) Hidden
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Free Video Editor version 1.4.15.913 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.15.913 - DVDVideoSoft Ltd.)
Garmin Express (HKLM-x32\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Greyfox (HKLM-x32\...\Steam App 341310) (Version:  - Lesley Dodd)
hakuneko (HKLM-x32\...\hakuneko_is1) (Version: 1.3.12 - Ronny Wegener <[email protected]>)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java SE Development Kit 7 Update 80 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170800}) (Version: 1.7.0.800 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 1.29 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.29 - Dominik Reichl)
KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl)
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version:  - Gazillion Entertainment)
MediaInfo 0.7.77 (HKLM\...\MediaInfo) (Version: 0.7.77 - MediaArea.net)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4841.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MindMaple Lite 1.71 (HKLM-x32\...\MindMaple_is1) (Version: v1.71 - MindMaple Inc.)
Mp3tag v2.77 (HKLM-x32\...\Mp3tag) (Version: v2.77 - Florian Heidenreich)
Music Manager (HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MusicManager) (Version:  - Google, Inc.)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Opera Stable 38.0.2220.29 (HKLM-x32\...\Opera 38.0.2220.29) (Version: 38.0.2220.29 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
PdaNet+ for Android 4.17 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3.1 r2602 - )
RAW Image Viewer (HKLM-x32\...\{3C867AA0-22EC-4B27-8C60-A354AA37D68C}_is1) (Version:  - IdeaMK)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.71 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7055 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
S Agent (Version: 1.1.54 - Samsung Electronics CO., LTD.) Hidden
Samsung Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Samsung Update (HKLM-x32\...\{A9D16B9C-AA6D-4154-80CA-17099A2C308F}) (Version: 2.2.16 - Samsung Electronics CO., LTD.)
Sandboxie 5.12 (64-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Scrivener (HKLM-x32\...\Scrivener 1900) (Version: 1900 - Literature and Latte)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.4700 - DTS, Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version:  - FireFly Studios)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Timelines: Assault on America (HKLM-x32\...\Steam App 234060) (Version:  - 4Flash Interactive)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Trend Micro DirectPass (Version: 1.9.0.1094 - Trend Micro Inc.) Hidden
Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts)
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic Entertainment)
WD Drive Utilities (HKLM-x32\...\{22662b08-91e0-4540-bb98-c96f32e09417}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{429a42d7-4c55-44d4-b38a-5872a0d70495}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD SmartWare (HKLM\...\{EC54143B-24CC-47D2-AB39-0F5701988BA4}) (Version: 2.1.0.11 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
yabause 0.9.14 (HKLM-x32\...\ (Win64)) (Version: 0.9.14 - Yabause team)
YouTube Free Downloader (HKLM-x32\...\YouTube Free Downloader) (Version: 5.1.1 - YouTubeFreeDownloader)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {075DC3FD-7238-4EE4-B215-7ECF89863935} - System32\Tasks\RtHDVBg_SRSSA => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-09-26] (Realtek Semiconductor)
Task: {0FF80CF3-2AF1-4B45-9E45-A125DF65F19D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {25C85F87-9EF5-418C-87EE-AD7E2C91AE8B} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2015-06-19] (Samsung Electronics CO., LTD.)
Task: {2E294BF5-2603-4A3B-AD0E-93829C48E191} - System32\Tasks\Opera scheduled Autoupdate 1444013975 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-07] (Opera Software)
Task: {3BB22E2C-F9DC-4803-B9AB-5613D231FB55} - System32\Tasks\Microsoft\Windows\Setup\EOONotify => C:\Windows\EOONotify\EOONotify.exe [2016-07-08] (Microsoft Corporation)
Task: {3F513832-55FE-47DA-9702-572DC96DCED1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-07-13] (Microsoft Corporation)
Task: {429CF09C-723F-42FC-A45A-2C09F74DB553} - System32\Tasks\HP AR Program Upload - 75cdb0c8122b498e8722a385a83650eb63077291aa7843a0b8ed9de84109eebd => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {535004F3-16FF-4247-BDC3-309BA51CE063} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-03] (Dropbox, Inc.)
Task: {5475AAF9-451A-4821-9C95-D87FCC6D4393} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {5A44E4C5-B24E-4E4B-BA1A-35A8AC41F88B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {62A4E0C1-96E3-40DA-8CE9-881F10395844} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {790D56F9-0CD5-463D-8348-A558CCA94A3F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-09-30] (Realtek Semiconductor)
Task: {7C07F944-072E-4595-8985-4B977CE939A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: {7C1A1085-8BA3-47A7-BF67-5DFB2037A8F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {8620A148-7B32-4EA0-8039-028D209C7788} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] ()
Task: {A2810CA7-D116-4F08-BEED-EB66BC4531D0} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-04-18] (Bitdefender)
Task: {A3CB9429-D737-4C32-A9AA-F57B33D23E4D} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-08-05] (Samsung Electronics CO., LTD.)
Task: {B6B109B1-951D-4ACD-9DE1-DB14219FB374} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-25] (Google Inc.)
Task: {CCED6FF9-1B2D-40A7-B4FF-B0D6CB436C06} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe
Task: {CE7A0655-6322-49C8-BC86-12191AA6AFC0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {DD468263-DED3-42A2-B08E-EB64699E4A72} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-08-18] (Samsung Electronics CO., LTD.)
Task: {DD71A3BE-213C-4ADD-9F32-C81D5A5CC7F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: {E12B607E-7623-4265-B327-D637D6917828} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-25] (Google Inc.)
Task: {E96F221F-4BD2-4F57-B348-283CAE846979} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-18] (Microsoft Corporation)
Task: {EF9E8AE5-3AF0-4901-8DAF-D544C8D30716} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-03] (Dropbox, Inc.)
Task: {F276E8E4-1873-4B56-A90F-9201E9D709AD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {FF7C8F50-DA6D-47CF-85F2-E2B256A11DC6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-18] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ad.Block Pro.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jafeimghomcdjobocjhkolakbihggbak
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Adblock Pro.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jjecmbfimjajmfodkcbomajpjfalkncg
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Box for Chrome OS Beta.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dikonaebkejmpbpcnnmfaeopkaenicgf
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlock App (by STANDS).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dcnofaichneijfbkdkghmhjjbepjmble
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Habitual.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bblicfmcdjkhhnafcogoldjiihbnjili
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\LINE.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=menkifleemblimdogmoihpfopnplikde
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sunrise Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mojepfklcankkmikonjlnidiooanmpbb
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TickTick - Todo & Task List.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=eempgbpnkjnacmilmobpbhbfpdjdcpgd
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-06-27 02:26 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-06-27 02:26 - 2016-05-09 11:29 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
2016-06-27 02:26 - 2016-05-09 11:29 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
2016-06-27 02:26 - 2016-05-09 11:29 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
2016-06-27 02:26 - 2016-05-09 11:29 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
2016-04-22 01:07 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2016-07-26 20:31 - 2016-05-24 12:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-01 10:13 - 2016-07-20 19:42 - 00592384 _____ () C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll
2014-10-01 22:54 - 2014-10-01 22:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-11-13 07:57 - 2015-11-13 07:57 - 02739240 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2015-10-03 22:16 - 2010-11-10 19:38 - 00380928 _____ () C:\Program Files (x86)\Launchy\Launchy.exe
2015-04-04 21:09 - 2015-01-02 10:19 - 01054520 _____ () C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
2016-03-18 16:10 - 2016-03-18 16:10 - 00037008 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2016-03-18 16:10 - 2016-03-18 16:10 - 01410192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2016-03-18 16:08 - 2016-03-18 16:08 - 00233472 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.DLL
2016-03-18 16:08 - 2016-03-18 16:08 - 00108544 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.DLL
2016-03-18 16:08 - 2016-03-18 16:08 - 00612864 _____ () C:\Program Files\Rainmeter\Plugins\NowPlaying.DLL
2016-03-18 16:08 - 2016-03-18 16:08 - 00123392 _____ () C:\Program Files\Rainmeter\Plugins\WifiStatus.DLL
2016-03-18 16:08 - 2016-03-18 16:08 - 00134656 _____ () C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.DLL
2016-03-18 16:08 - 2016-03-18 16:08 - 00114176 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.DLL
2015-08-05 16:32 - 2015-08-05 16:32 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2015-03-29 21:51 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 01272128 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsAPI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2015-04-03 21:59 - 2016-04-29 16:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-04-03 21:59 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-04-03 21:59 - 2016-07-08 21:06 - 02317904 _____ () C:\Program Files (x86)\Steam\video.dll
2015-04-03 21:59 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-04-03 21:59 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-04-03 21:59 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-04-03 21:59 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-04-03 21:59 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-04-03 21:59 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-04-03 21:59 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-04-03 21:59 - 2016-07-08 21:06 - 00829520 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-12 14:18 - 2016-07-06 18:00 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-07-23 20:16 - 2016-07-23 20:16 - 00098816 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\win32api.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00110080 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\pywintypes27.dll
2016-07-23 20:16 - 2016-07-23 20:16 - 00364544 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\pythoncom27.dll
2016-07-23 20:16 - 2016-07-23 20:16 - 00320512 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\win32com.shell.shell.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00776704 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\_hashlib.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 01176576 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\wx._core_.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00806400 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\wx._gdi_.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00816128 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\wx._windows_.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 01067008 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\wx._controls_.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00733184 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\wx._misc_.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00682496 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\pysqlite2._sqlite.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00088064 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\_ctypes.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00119808 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\win32file.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00108544 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\win32security.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00007168 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\hashobjs_ext.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00017920 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\thumbnails_ext.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00088064 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\usb_ext.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00012288 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\common.time34.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00018432 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\win32event.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00167936 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\win32gui.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00046080 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\_socket.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 01208320 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\_ssl.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00128512 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\_elementtree.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00127488 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\pyexpat.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00038912 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\win32inet.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00036864 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\_psutil_windows.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00525208 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\windows._lib_cacheinvalidation.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00011264 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\win32crypt.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00077312 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\wx._html2.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00027136 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\_multiprocessing.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00020480 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\_yappi.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00035840 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\win32process.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00686080 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\unicodedata.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00078848 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\wx._animate.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00123392 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\wx._wizard.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00024064 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\win32pipe.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00010240 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\select.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00025600 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\win32pdh.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00017408 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\win32profile.pyd
2016-07-23 20:16 - 2016-07-23 20:16 - 00022528 ____R () C:\Users\User\AppData\Local\Temp\_MEI64602\win32ts.pyd
2016-07-26 20:31 - 2016-05-24 11:21 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-05-01 10:15 - 2016-07-20 19:42 - 00564224 _____ () C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll
2016-06-28 21:25 - 2016-06-23 11:08 - 01747784 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libglesv2.dll
2016-06-28 21:25 - 2016-06-23 11:07 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libegl.dll
2015-11-17 13:44 - 2015-11-17 13:44 - 00117248 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-11-17 13:45 - 2015-11-17 13:45 - 00234496 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-11-17 13:45 - 2015-11-17 13:45 - 00253440 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-11-17 13:44 - 2015-11-17 13:44 - 00344064 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2015-04-03 21:59 - 2016-06-14 15:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-12-11 18:40 - 2014-12-11 18:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-08-14 02:31 - 2015-08-14 02:31 - 00252928 _____ () C:\Program Files (x86)\Rainlendar2\libical.dll
2015-08-14 02:31 - 2015-08-14 02:31 - 00051200 _____ () C:\Program Files (x86)\Rainlendar2\libicalss.dll
2014-05-04 06:48 - 2014-05-04 06:48 - 00197632 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2015-11-13 07:57 - 2015-11-13 07:57 - 00068136 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2014-05-04 06:49 - 2014-05-04 06:49 - 00027648 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2015-10-03 22:16 - 2009-12-16 22:13 - 08314880 _____ () C:\Program Files (x86)\Launchy\QtGui4.dll
2015-10-03 22:16 - 2009-12-16 21:56 - 00712704 _____ () C:\Program Files (x86)\Launchy\QtNetwork4.dll
2015-10-03 22:16 - 2009-12-16 21:54 - 02236416 _____ () C:\Program Files (x86)\Launchy\QtCore4.dll
2015-10-03 22:16 - 2009-12-17 00:18 - 00233472 _____ () C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
2015-10-03 22:16 - 2010-11-10 19:39 - 00081920 _____ () C:\Program Files (x86)\Launchy\plugins\calcy.dll
2015-10-03 22:16 - 2010-11-10 19:39 - 00090112 _____ () C:\Program Files (x86)\Launchy\plugins\controly.dll
2015-10-03 22:16 - 2010-11-10 19:38 - 00024064 _____ () C:\Program Files (x86)\Launchy\plugins\gcalc.dll
2015-10-03 22:16 - 2010-11-10 19:38 - 00094208 _____ () C:\Program Files (x86)\Launchy\plugins\runner.dll
2015-10-03 22:16 - 2010-11-10 19:38 - 00057344 _____ () C:\Program Files (x86)\Launchy\plugins\verby.dll
2015-10-03 22:16 - 2010-11-10 19:38 - 00122880 _____ () C:\Program Files (x86)\Launchy\plugins\weby.dll
2016-04-27 18:48 - 2016-04-27 18:48 - 00439480 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2016-04-27 18:48 - 2016-04-27 18:48 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2016-07-20 19:35 - 2016-07-20 19:35 - 00482304 _____ () C:\Users\User\AppData\Local\MEGAsync\libsodium.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2015-07-18 14:13 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-02-26 06:38 - 2016-02-26 06:38 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\Users\User\Desktop\CKScanner.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\advisorinstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\CKScanner.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\msert.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\SandboxieInstall.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\Windows-KB890830-x64-V5.37.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2016-07-23 20:16 - 00001028 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CABB33D8-1FCD-42BA-B336-1CE5FFC073F1}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{F6B19AEB-BD9D-425F-8819-27FC29FCAFE6}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{736A78F3-80CD-456B-B925-09539B3655C8}] => (Allow) LPort=7935
FirewallRules: [{982FFABF-FCE5-41AD-835B-EF85A13B9B3B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{D5CDD5A1-0605-42B0-823D-3ECFBA641F92}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F53DCFB-7051-4C25-8F82-20F7B199F1B5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C2A62B2F-D503-4D00-AA0F-383983F444D7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{54402180-1452-4B8F-845E-6467A8E6B364}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{E9193CE5-9A17-4391-A1F8-CCA0F7F230BD}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{36D37D79-05E1-46DE-A593-34BAE69801A4}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{179041BC-5FEC-4F90-B3FE-6AC6E24E50D4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{130767D1-65B9-4776-86D0-BD81A179F0FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C8BFFDCA-7B1C-440B-A028-2767A65E8CDE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{E717D2B4-3489-4A40-9DB9-F692A6A615B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{03B5A5E3-A064-4A72-8A9F-767958275A9D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{35319969-72F4-417E-9720-02062097D799}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{F0B6ACD2-A7B7-462D-87B0-A85853464E21}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{694C792C-B077-48F8-852E-BAD10274C153}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{5070BDDF-C8A5-4768-BB1A-8A6AECCA5FE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{7597B646-D1A0-4587-8CCA-AC31224BCC01}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{67B3A109-8E2B-4263-8175-215FDD5850B0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{47990F7C-46D8-4B94-B6AA-D5B15F3F4C57}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{CF5E8D49-A561-41F8-8A9D-FAAEA6FDB864}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{E3B06554-4DBC-40F2-AE1C-88DB7A28C720}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{C556A13A-8ED4-4EEC-80AD-998BDCC80824}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{B6B0A453-2E73-4703-B7FD-D653EC54A661}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{ED96D959-D000-4137-8159-793B0F2F334F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{F75C214C-E067-47BC-BAB4-2A104C8775B4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{13967C7A-C63A-4E45-9EE3-40FC11CD6AF5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{92BCFA27-C510-4E21-A9C7-0E42D73C16FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{61BB684B-4E4F-49AA-900F-292A1D56D225}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{3B450AE6-5A3F-4265-A8B8-827573CCABE7}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe
FirewallRules: [{99235222-8555-4C00-BE29-06432B2819C2}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe
FirewallRules: [{4B9BA2FF-BE0B-4C27-B070-F4263525E243}] => (Allow) C:\Program Files (x86)\Origin Games\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{0E51C795-FE96-43FE-B403-B4914EE0DEE9}] => (Allow) C:\Program Files (x86)\Origin Games\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{A0B7B5D1-FE0A-4C61-ADFC-C32379F7AA19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{1C5C55B6-3FFB-4CA1-836C-0C9B186E1B0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{1652C2C7-19A1-4D82-8B6D-8CAF902515E8}] => (Allow) C:\Program Files (x86)\Origin Games\Renegade\RenegadeLauncher.exe
FirewallRules: [{8F8E57CB-776A-45BA-86DE-0F4FE6B84B7C}] => (Allow) C:\Program Files (x86)\Origin Games\Renegade\RenegadeLauncher.exe
FirewallRules: [{22D7558B-16FB-4E2C-AF65-EFBA581476CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold3\bin\win32_release\Stronghold3.exe
FirewallRules: [{FB806AFA-6919-4CC3-A28C-394302D7A03F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold3\bin\win32_release\Stronghold3.exe
FirewallRules: [{D6EB9020-B307-4F16-A013-5D229658CDF7}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe
FirewallRules: [{C17E3488-1CDA-4F38-920E-D957CDF76552}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe
FirewallRules: [{9EB16BCC-522A-4F75-BDE3-80C2A145CFD1}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{C17D00A7-C09B-492F-BF14-51902BA94A42}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{8356CCCA-54D3-4493-87BA-7E490C18ECF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{77C76D66-D349-4EA6-9C47-A6C178AFE087}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{F980FF1D-C909-46EB-9FE3-C67183F18803}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{BCEED949-A4E5-4564-AF2F-0207A223CD7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{C52C9060-2BF3-4B5C-8EAE-93261470F8FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Timelines - Assault on America\bin\rts_game.exe
FirewallRules: [{98D774D3-FAD5-4342-9DA2-8A068E2707A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Timelines - Assault on America\bin\rts_game.exe
FirewallRules: [{08C1B68F-B000-4543-92F1-B97D5FC98015}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Greyfox\Game.exe
FirewallRules: [{AB4081F3-BE5D-41AF-B936-BCE18C9D2FD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Greyfox\Game.exe
FirewallRules: [TCP Query User{7993BBAD-C55F-4EC7-BCD0-90538C1B60DA}C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{64BD55ED-BAF6-4793-A6BC-4A42086EF7E8}C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{BB512CC1-4717-4070-9353-5C5BB4674F21}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{2FE6D90C-8E4C-42C7-9843-50EF21E425EF}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{E4FE137A-2A77-4107-A353-B345A33655CD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{B390D2B0-0B1B-4C24-A622-18C7FDDE70DF}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{D1BB29B6-B404-4338-B46D-2FF46A9E9FD5}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{B51086CB-5654-4AAB-8CD2-D8E6E5268CDE}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{9398795E-E03A-4B2B-846F-811970DC9839}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{8366FF16-9CAC-458F-A4D2-30C73E6A6573}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{C6C1B4C8-D855-4717-AF9B-F23155384FF8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4792FBAD-08EC-4303-BB2D-6DAF147FD2E8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{C5AF1F96-A817-46E1-8B6A-06DC31C91268}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EE7C22B7-9CE4-447C-A076-273CE41F8237}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{0CE07A4B-D64E-4E68-A8E2-910FD086663B}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{1DAFFDB9-3CF1-49F3-A312-D8BD4F3A2FCC}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{3B77540E-47F6-405E-A6DD-02DD2A7FC561}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{5E0081DE-6CFF-464E-AE77-F0A8AF9CF002}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{01D071AE-FA47-41F5-920E-93220C56387A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{69AF852F-3C66-43B7-88C4-BCC79C940A60}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{63727F5A-6279-4803-B0D1-D8DC2A813459}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{893EED2B-17E2-43E9-8736-7F1F69C72C90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B766DA41-2FD7-4C1A-8B1A-66097EF30B4F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4C979610-563D-41A8-9DDC-EA720B78AAF9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{C8CB2046-F30D-43C6-9C57-5E1FCEC9B3BE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{2EB180C7-458E-4DAA-9DEA-F34493EDACC2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{6AB71123-DD39-466F-86AC-CDDFF880ECF0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{4B8A8C4D-AE82-42AE-8A9B-4A83465ECAC7}] => (Allow) LPort=5357
FirewallRules: [{77165EAF-48FC-43DC-866D-57AA5D082AD9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1204E166-ADBD-43F5-BF52-9EABA61352A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Greyfox\EQLauncher.exe
FirewallRules: [{D8B0FE0D-34EC-43BF-9E88-CC51EF6C6293}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Greyfox\EQLauncher.exe
FirewallRules: [TCP Query User{88A6C140-0567-43F0-9063-EC62F3DC56B5}C:\program files\yabause 0.9.14\yabause.exe] => (Allow) C:\program files\yabause 0.9.14\yabause.exe
FirewallRules: [UDP Query User{4327292A-FB73-4A51-81C7-3FEA0477DB72}C:\program files\yabause 0.9.14\yabause.exe] => (Allow) C:\program files\yabause 0.9.14\yabause.exe
FirewallRules: [TCP Query User{63EB4D4F-0025-4A6F-95B3-529FC123074E}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{3DED8A12-04F9-4D50-801A-9D078ABF9239}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [TCP Query User{31CECA32-5328-4B77-90D0-32E60E40C648}C:\users\user\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Allow) C:\users\user\appdata\local\temp\bduninstall\x32\pcsftool.exe
FirewallRules: [UDP Query User{DDD4C9EF-0289-4DBF-85E4-7B9BE5DED0A9}C:\users\user\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Allow) C:\users\user\appdata\local\temp\bduninstall\x32\pcsftool.exe
FirewallRules: [TCP Query User{74DE2B4E-EC70-41BF-8868-7D7980657559}C:\users\user\appdata\local\temp\bduninstall\x64\pcsftool.exe] => (Allow) C:\users\user\appdata\local\temp\bduninstall\x64\pcsftool.exe
FirewallRules: [UDP Query User{5A5A5ECB-5D14-4204-A698-031AC7E085D5}C:\users\user\appdata\local\temp\bduninstall\x64\pcsftool.exe] => (Allow) C:\users\user\appdata\local\temp\bduninstall\x64\pcsftool.exe
FirewallRules: [{64930374-D5C0-45E5-A191-C5D9F1AA35BE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2DC73037-0A83-4637-857B-7C799170FEB8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
07-07-2016 04:13:18 Scheduled Checkpoint
13-07-2016 06:32:34 Windows Update
21-07-2016 04:36:14 Windows Update
26-07-2016 20:50:04 Removed Digital Coupon Printer
 
==================== Faulty Device Manager Devices =============
 
Name: HP Officejet Pro 8610
Description: HP Officejet Pro 8610
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/26/2016 08:33:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SWMAgent.exe, version: 2.2.2.4, time stamp: 0x56045dfb
Faulting module name: SWMAgent.exe, version: 2.2.2.4, time stamp: 0x56045dfb
Exception code: 0xc0000409
Fault offset: 0x001fffac
Faulting process id: 0xbb4
Faulting application start time: 0xSWMAgent.exe0
Faulting application path: SWMAgent.exe1
Faulting module path: SWMAgent.exe2
Report Id: SWMAgent.exe3
Faulting package full name: SWMAgent.exe4
Faulting package-relative application ID: SWMAgent.exe5
 
Error: (07/26/2016 08:19:40 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (07/23/2016 08:15:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasySettingsCmdServer.exe, version: 0.0.0.0, time stamp: 0x5583ba20
Faulting module name: EasySettingsBase.dll, version: 0.0.0.0, time stamp: 0x5583ba08
Exception code: 0xc0000005
Fault offset: 0x0000ce77
Faulting process id: 0x4148
Faulting application start time: 0xEasySettingsCmdServer.exe0
Faulting application path: EasySettingsCmdServer.exe1
Faulting module path: EasySettingsCmdServer.exe2
Report Id: EasySettingsCmdServer.exe3
Faulting package full name: EasySettingsCmdServer.exe4
Faulting package-relative application ID: EasySettingsCmdServer.exe5
 
Error: (07/23/2016 01:33:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18407, time stamp: 0x578254e8
Faulting module name: RPCRT4.dll, version: 6.3.9600.18292, time stamp: 0x56fca3f6
Exception code: 0xc0000005
Fault offset: 0x0000000000014262
Faulting process id: 0x1fe8
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5
 
Error: (07/21/2016 12:30:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Camera.exe version 6.3.9600.17418 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3fcc
 
Start Time: 01d1e36d26e5f463
 
Termination Time: 8
 
Application Path: C:\Windows\Camera\Camera.exe
 
Report Id: 6fe05de2-4f60-11e6-bea1-1867b022fa4e
 
Faulting package full name: Microsoft.MoCamera_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: Microsoft.Camera
 
Error: (07/21/2016 04:36:25 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (07/20/2016 09:45:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18345, time stamp: 0x573de6e7
Faulting module name: RPCRT4.dll, version: 6.3.9600.18292, time stamp: 0x56fca3f6
Exception code: 0xc0000005
Fault offset: 0x0000000000012006
Faulting process id: 0x3c68
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5
 
Error: (07/20/2016 04:16:50 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (07/19/2016 09:09:16 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (07/16/2016 07:49:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SWMAgent.exe, version: 2.2.2.4, time stamp: 0x56045dfb
Faulting module name: SWMAgent.exe, version: 2.2.2.4, time stamp: 0x56045dfb
Exception code: 0xc0000409
Fault offset: 0x001fffac
Faulting process id: 0xb54
Faulting application start time: 0xSWMAgent.exe0
Faulting application path: SWMAgent.exe1
Faulting module path: SWMAgent.exe2
Report Id: SWMAgent.exe3
Faulting package full name: SWMAgent.exe4
Faulting package-relative application ID: SWMAgent.exe5
 
 
System errors:
=============
Error: (07/26/2016 08:33:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SW Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/26/2016 08:19:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SWUpdateService service.
 
Error: (07/26/2016 08:19:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SWUpdateService service.
 
Error: (07/23/2016 08:16:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SWUpdateService service.
 
Error: (07/23/2016 08:16:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Trend Micro Password Manager Central Control Service service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
Error: (07/23/2016 08:15:44 PM) (Source: DCOM) (EventID: 10010) (User: OWNER)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (07/23/2016 08:15:44 PM) (Source: DCOM) (EventID: 10010) (User: OWNER)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (07/18/2016 06:50:24 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: G:\Device\HarddiskVolume72
 
Error: (07/17/2016 08:42:23 AM) (Source: DCOM) (EventID: 10010) (User: OWNER)
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}
 
Error: (07/17/2016 08:41:32 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume G:.
 
A corruption was found in a file system index structure.  The file reference number is 0x100000001d985.  The name of the file is "\New Downloads\[HorribleSubs] Bleach (Batch) [480p] [720p]".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
 
CodeIntegrity:
===================================
  Date: 2016-06-26 22:10:26.326
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:26.125
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:25.923
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:25.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:25.502
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:25.088
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:24.879
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:24.647
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:03.681
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:03.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3635QM CPU @ 2.40GHz
Percentage of memory in use: 52%
Total physical RAM: 8078.8 MB
Available physical RAM: 3870.51 MB
Total Virtual: 17294.8 MB
Available Virtual: 12694 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.25 GB) (Free:50.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#9
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpslenkmnr9.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attached Files


  • 0

#10
andydude00

andydude00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

A few things have messed up since I did the farbar. How do I restore the back up? I lost my onetab links from the chrome extension. Is there a way to recover this?

 

 

 

 

 

Upon using my system I also noticed that my feedly extension does not work. These two are in quarantine by FRS app. How do I turn them back on, if at least temporarily to save my links?


Edited by andydude00, 27 July 2016 - 06:48 PM.

  • 0

Advertisements


#11
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

I need the Fixlog.txt log file please.


  • 0

#12
andydude00

andydude00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by User (administrator) on OWNER (28-07-2016 20:17:40)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\nacl64.exe
(Google Inc.) C:\Users\User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Lifehacker) C:\Program Files (x86)\Belvedere\Belvedere.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Launchy\Launchy.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Mega Limited) C:\Users\User\AppData\Local\MEGAsync\MEGAsync.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\excel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_77\bin\javaw.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_77\bin\javaw.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_77\bin\java.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_77\bin\java.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3164536 2013-06-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1654160 2016-07-02] (Bitdefender)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2715536 2015-04-10] (Dominik Reichl)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5524336 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-08] (Valve Corporation)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-06-09] (Electronic Arts)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [943944 2016-06-23] (Google Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-25] (Google Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [MusicManager] => C:\Users\User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2739240 2015-11-13] ()
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {0c7ba6ae-d01c-11e4-be71-c8f7339b1634} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {0c7babd7-d01c-11e4-be71-c8f7339b1634} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {5abbadae-63f5-11e5-be87-c8f7339b1634} - "G:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {5fb423a3-da68-11e4-be77-c8f7339b1634} - "D:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {62e1f16f-73ad-11e5-be87-c8f7339b1634} - "D:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {8249c56d-152c-11e6-be97-1867b022fa4e} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MountPoints2: {cb8377ce-52f3-11e5-be84-c8f7339b1634} - "F:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-20] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-20] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-20] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-20] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-20] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-20] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Belvedere.lnk [2015-08-22]
ShortcutTarget: Belvedere.lnk -> C:\Program Files (x86)\Belvedere\Belvedere.exe (Lifehacker)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-04-08]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2015-10-03]
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-10-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-07-25]
ShortcutTarget: MEGAsync.lnk -> C:\Users\User\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2015-04-04]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-04-21]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{634E8892-9C31-4637-9398-50FFE19C6E61}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E26A98C8-9187-4314-BC64-DC5EFDDCF372}: [DhcpNameServer] 8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-07-02] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-27] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-27] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-07-02] (Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-27] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-04-27] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-27] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-07-02] (Bitdefender)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-07-02] (Bitdefender)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4198864589-2716103951-1576274748-1001: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-4198864589-2716103951-1576274748-1001: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-05-12]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-29]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-29]
CHR Extension: (Habitual) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bblicfmcdjkhhnafcogoldjiihbnjili [2015-07-25]
CHR Extension: (MindMeister) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm [2015-08-22]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-02]
CHR Extension: (Amazon Music with Prime Music) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkfgcfgfpgmkogcnibdjcckkpdiajgp [2015-07-25]
CHR Extension: (OneTab) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-07-27]
CHR Extension: (Slacker Radio) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckngegfcpnbbcejpfnakcdcjgigaiole [2015-07-25]
CHR Extension: (ShortOrange) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgedljgicfnmjkpbblhbmkfocceckb [2016-02-18]
CHR Extension: (Fair AdBlock App (by STANDS)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2016-06-27]
CHR Extension: (Bitdefender Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-06-18]
CHR Extension: (Box for Chrome OS Beta) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikonaebkejmpbpcnnmfaeopkaenicgf [2016-07-02]
CHR Extension: (Gingko App) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgfhngpppagnmfjocmhlioockncfgjn [2015-08-22]
CHR Extension: (TickTick - Todo & Task List) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eempgbpnkjnacmilmobpbhbfpdjdcpgd [2015-08-22]
CHR Extension: (Add to Feedly™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkjjleifeeaccajkekdcckflfpenoen [2015-12-24]
CHR Extension: (Google Play Music) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-07-27]
CHR Extension: (Stitcher) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcenjghnbkdmdncneijobnbgjcadnbge [2015-07-25]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-29]
CHR Extension: (Fair Ads (by STANDS)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2016-07-02]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (TeamGantt Project Management) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcoffgicdhbbbpdopfhaemdbdglnkcok [2015-08-22]
CHR Extension: (Gantter for Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo [2015-07-25]
CHR Extension: (feedly) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-07-25]
CHR Extension: (Fitocracy) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmigjnmikbkdocofcfpdeemonedpjlpn [2015-07-25]
CHR Extension: (Kindle Cloud Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-08-22]
CHR Extension: (Google Play Music) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-07]
CHR Extension: (Clearly) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-07-25]
CHR Extension: (Google Play) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-08-22]
CHR Extension: (PaymoApp) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenbfhcjnclnoepkkahpnibbekkekihp [2015-08-22]
CHR Extension: (Fair AdBlock (by STANDS)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2016-07-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-07-27]
CHR Extension: (LINE) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde [2016-07-08]
CHR Extension: (Pocket) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-07-25]
CHR Extension: (Sunrise Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2015-08-22]
CHR Extension: (My Cloud Player) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbfjhlpinelhnncgfpgfekddidnbnaab [2015-07-25]
CHR Extension: (Save to Pocket) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-07-23]
CHR Extension: (Trend Micro Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmajmomenlhgihenlbjcfbopoghpckg [2016-06-27]
CHR Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-07-02]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\User\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-07-27]
CHR HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\afgbccjghcnbcdjgogpckamibfkceahd [2016-07-12]
OPR Extension: (Atavi bookmarks) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bihjdnaakmmjplhilkgboobdhpihklib [2015-10-04]
OPR Extension: (Browse++) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopdhnignaicgifmnocnpamikdhdpcne [2015-10-04]
OPR Extension: (TabHamster) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\flaibmngbecjljogddbgojfenfcneanb [2016-06-26]
OPR Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\gjcfmfokccpieoonenflmcacfbdhbdck [2016-05-30]
OPR Extension: (Pocket (formerly Read It Later)) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\hedlhkdmdlcjhiblbmfggdiaeekblnoi [2015-10-04]
OPR Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibonkoolioojccgfdgkbicfcfpldoobn [2015-10-04]
OPR Extension: (Clearly) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mallmmeebeojpflmiolfchfcgbjflklc [2015-10-04]
OPR Extension: (Raindrop.io - Smart Bookmarks) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\nccmjelmbbbhcddoflopnicllmjknnmk [2015-10-04]
OPR Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-07-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-02] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-03] (Dropbox, Inc.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593664 2015-06-19] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-09] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [950200 2016-05-24] (Bitdefender)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-14] (Sandboxie Holdings, LLC)
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3196768 2015-09-25] (Samsung Electronics CO., LTD.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-07-02] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-07-02] (Bitdefender)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-07-02] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2015-01-13] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
S3 cmnxusbser; C:\Windows\system32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [299816 2016-07-02] (Bitdefender)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
S3 kbfilter; C:\Windows\system32\DRIVERS\kbfilter.sys [67408 2015-01-29] (Trend Micro Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3351520 2014-07-02] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Windows ® Win 7 DDK provider)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2014-12-23] (Realsil Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [376024 2014-12-26] (Realsil Semiconductor Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-14] (Sandboxie Holdings, LLC)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2015-01-13] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-07-02] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-28 20:14 - 2016-07-28 20:14 - 00019141 _____ C:\Users\User\Downloads\[Empornium]Video Wall Jonni Darkko Asian Cumshot Collection - 1080p (Four Simultaneous Screens) (1).torrent
2016-07-28 20:14 - 2016-07-28 20:14 - 00011999 _____ C:\Users\User\Downloads\[Empornium]Kianna Dior Gets Plastered Vol.II.torrent
2016-07-28 20:13 - 2016-07-28 20:13 - 00042175 _____ C:\Users\User\Downloads\[Empornium][PornstarsLikeItBig] Kianna Dior - Happy Canada Day, Eh - July 01, 2016 [720p].torrent
2016-07-28 20:13 - 2016-07-28 20:13 - 00019141 _____ C:\Users\User\Downloads\[Empornium]Video Wall Jonni Darkko Asian Cumshot Collection - 1080p (Four Simultaneous Screens).torrent
2016-07-28 20:09 - 2016-07-28 20:09 - 75964152 _____ C:\Users\User\Downloads\Kianna_Dior_Yoga_Blowjob.mp4.crdownload
2016-07-28 20:09 - 2016-07-28 20:09 - 25332708 _____ C:\Users\User\Downloads\Min - Bi List 1 (2009).avi.crdownload
2016-07-28 20:07 - 2016-07-28 20:07 - 118611728 _____ C:\Users\User\Downloads\mmbo.avi.crdownload
2016-07-28 20:04 - 2016-07-28 20:04 - 79195340 _____ C:\Users\User\Downloads\416_kelly_christmas_full-hd_wmv_540p.wmv.crdownload
2016-07-28 17:51 - 2016-07-28 17:58 - 18551373 _____ C:\Users\User\Downloads\Holly Halston - Hands On Lesson - BigBoobsPOV.zip
2016-07-28 17:50 - 2016-07-28 17:50 - 00151274 _____ C:\Users\User\Downloads\[Empornium]MichelleThorneXXXposed - Michelle Thorne &amp; Candy Charms [May 20, 2015].torrent
2016-07-28 17:50 - 2016-07-28 17:50 - 00013287 _____ C:\Users\User\Downloads\[Empornium]CandyXXX Videos2.torrent
2016-07-28 17:49 - 2016-07-28 17:49 - 00755939 _____ C:\Users\User\Downloads\[Empornium]MichelleThornXXXposed.com siterip  (99 clips &amp; 221 picsets).torrent
2016-07-28 17:49 - 2016-07-28 17:49 - 00378790 _____ C:\Users\User\Downloads\[Empornium]CandyCharms.xxx Complete SiteRip - 149 scenes - Till 2016.05.18 - Busty Extra Huge Fake Titties British [bleep].torrent
2016-07-28 17:49 - 2016-07-28 17:49 - 00025407 _____ C:\Users\User\Downloads\[Empornium]CandyCharms.xxx All Videos (requested).torrent
2016-07-28 17:49 - 2016-07-28 17:49 - 00019630 _____ C:\Users\User\Downloads\[Empornium]Candy Charms on Red Light Central TV.torrent
2016-07-28 17:39 - 2016-07-28 17:49 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part25.rar
2016-07-28 17:39 - 2016-07-28 17:49 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part24.rar
2016-07-28 17:39 - 2016-07-28 17:43 - 117056076 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part26.rar
2016-07-28 17:34 - 2016-07-28 17:48 - 661916893 _____ C:\Users\User\Downloads\SOFTARCHIVE.la.Batman.v.Superman.Dawn.of.Justice.2016.720Pad.BluRay.AAC.x264-aSOUL@BluRG.part4.rar
2016-07-28 17:34 - 2016-07-28 17:48 - 1038090240 _____ C:\Users\User\Downloads\SOFTARCHIVE.la.Batman.v.Superman.Dawn.of.Justice.2016.720Pad.BluRay.AAC.x264-aSOUL@BluRG.part3.rar
2016-07-28 17:34 - 2016-07-28 17:47 - 1038090240 _____ C:\Users\User\Downloads\SOFTARCHIVE.la.Batman.v.Superman.Dawn.of.Justice.2016.720Pad.BluRay.AAC.x264-aSOUL@BluRG.part2.rar
2016-07-28 17:34 - 2016-07-28 17:46 - 1038090240 _____ C:\Users\User\Downloads\SOFTARCHIVE.la.Batman.v.Superman.Dawn.of.Justice.2016.720Pad.BluRay.AAC.x264-aSOUL@BluRG.part1.rar
2016-07-28 13:19 - 2016-07-28 13:23 - 310658566 _____ C:\Users\User\Downloads\Softarchive.la.Superman.Unbound.2013.BRRip.XviD.MP3-RARBG.part2.rar
2016-07-28 13:19 - 2016-07-28 13:22 - 576716800 _____ C:\Users\User\Downloads\Softarchive.la.Superman.Unbound.2013.BRRip.XviD.MP3-RARBG.part1.rar
2016-07-28 13:18 - 2016-07-28 14:21 - 189911191 _____ C:\Users\User\Downloads\Minka_And_Her_Friends_-_Gets_Threesome_-_MinkaXXX.wmv
2016-07-28 13:16 - 2016-07-28 13:30 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part22.rar
2016-07-28 13:16 - 2016-07-28 13:29 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part21.rar
2016-07-28 13:16 - 2016-07-28 13:28 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part23.rar
2016-07-28 13:16 - 2016-07-28 13:28 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part20.rar
2016-07-28 06:09 - 2016-07-28 06:16 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part19.rar
2016-07-28 06:09 - 2016-07-28 06:16 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part17.rar
2016-07-28 06:09 - 2016-07-28 06:16 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part16.rar
2016-07-28 06:09 - 2016-07-28 06:15 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part18.rar
2016-07-28 05:58 - 2016-07-28 06:10 - 36784996 _____ C:\Users\User\Downloads\Leanne Crow - Pool Floaties - Set 1 - 25 July 2016.zip
2016-07-28 05:48 - 2016-07-28 05:56 - 1038090240 _____ C:\Users\User\Downloads\SOFTARCHIVE.la.Batman.The.Killing.Joke.2016.1080p.BRRip.x264.AAC-ETRG.part1.rar
2016-07-28 05:48 - 2016-07-28 05:52 - 168498787 _____ C:\Users\User\Downloads\SOFTARCHIVE.la.Batman.The.Killing.Joke.2016.1080p.BRRip.x264.AAC-ETRG.part2.rar
2016-07-28 05:47 - 2016-07-28 05:53 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part15.rar
2016-07-28 05:47 - 2016-07-28 05:53 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part13.rar
2016-07-28 05:47 - 2016-07-28 05:51 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part14.rar
2016-07-27 23:15 - 2016-07-27 23:22 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part12.rar
2016-07-27 23:15 - 2016-07-27 23:21 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part11.rar
2016-07-27 23:14 - 2016-07-27 23:21 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part10.rar
2016-07-27 22:06 - 2016-07-27 22:28 - 66817733 _____ C:\Users\User\Downloads\Hustler USA - September 2013.pdf
2016-07-27 22:01 - 2016-07-27 22:01 - 00000000 ____D C:\Users\User\Documents\HyperCam3
2016-07-27 21:53 - 2016-07-27 22:03 - 732866662 _____ C:\Users\User\Downloads\softarchive.la.The.Nice.Guys.2016.HDRip.XViD-ETRG.rar
2016-07-27 21:49 - 2016-07-27 21:58 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part07.rar
2016-07-27 21:49 - 2016-07-27 21:57 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part09.rar
2016-07-27 21:49 - 2016-07-27 21:56 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part08.rar
2016-07-27 20:52 - 2016-07-27 21:00 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part05.rar
2016-07-27 20:52 - 2016-07-27 20:58 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part06.rar
2016-07-27 20:52 - 2016-07-27 20:56 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part04.rar
2016-07-27 20:33 - 2016-07-27 20:33 - 48521840 _____ C:\Users\User\Downloads\Firefox Setup 47.0.1.exe
2016-07-27 17:20 - 2016-07-27 17:20 - 00026214 _____ C:\ProgramData\1469654400.bdinstall.bin
2016-07-27 17:13 - 2016-07-27 17:19 - 00013361 _____ C:\Users\User\Downloads\Fixlog.txt
2016-07-27 17:13 - 2016-07-27 17:13 - 00000000 ____D C:\Users\User\Downloads\FRST-OlderVersion
2016-07-27 17:12 - 2016-07-27 17:12 - 00005460 _____ C:\Users\User\Downloads\Fixlist (2).txt
2016-07-27 13:33 - 2016-07-27 13:48 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part03.rar
2016-07-27 13:33 - 2016-07-27 13:45 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part02.rar
2016-07-27 13:33 - 2016-07-27 13:45 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part01 (1).rar
2016-07-27 13:01 - 2016-07-27 13:05 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part14.rar
2016-07-27 13:01 - 2016-07-27 13:05 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part13.rar
2016-07-27 13:01 - 2016-07-27 13:05 - 454000094 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part15.rar
2016-07-27 07:09 - 2016-07-27 07:16 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part11.rar
2016-07-27 07:09 - 2016-07-27 07:15 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part12.rar
2016-07-27 07:09 - 2016-07-27 07:12 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part10.rar
2016-07-27 06:14 - 2016-07-27 06:14 - 00005460 _____ C:\Users\User\Downloads\Fixlist (1).txt
2016-07-27 06:13 - 2016-07-27 08:18 - 377052732 _____ C:\Users\User\Downloads\582AvaAdams.mp4.crdownload
2016-07-27 06:13 - 2016-07-27 06:16 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part07.rar
2016-07-27 06:12 - 2016-07-27 06:18 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part09.rar
2016-07-27 06:12 - 2016-07-27 06:18 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part08.rar
2016-07-27 05:56 - 2016-07-27 06:01 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part05.rar
2016-07-27 05:56 - 2016-07-27 06:00 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part04.rar
2016-07-27 05:56 - 2016-07-27 05:59 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part06.rar
2016-07-27 00:07 - 2016-07-27 00:47 - 524288000 _____ C:\Users\User\Downloads\Ja.C-Na.Sh.In.Sy.part01.rar
2016-07-26 23:10 - 2016-07-27 00:31 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part03.rar
2016-07-26 23:10 - 2016-07-27 00:30 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part01 (1).rar
2016-07-26 23:10 - 2016-07-27 00:28 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part02 (1).rar
2016-07-26 20:52 - 2016-07-26 20:52 - 00006827 _____ C:\Users\User\Desktop\fixlist.txt
2016-07-26 20:47 - 2016-07-26 20:52 - 00071728 _____ C:\Users\User\Downloads\Addition.txt
2016-07-26 20:46 - 2016-07-28 20:17 - 00049599 _____ C:\Users\User\Downloads\FRST.txt
2016-07-26 20:45 - 2016-07-27 17:13 - 02394112 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-07-23 15:19 - 2016-07-23 15:22 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part02.rar
2016-07-23 15:19 - 2016-07-23 15:22 - 524288000 _____ C:\Users\User\Downloads\Masters of Dating Inner Circle.part01.rar
2016-07-23 15:15 - 2016-07-23 15:18 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part24.rar
2016-07-23 15:15 - 2016-07-23 15:15 - 89508526 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part25.rar
2016-07-23 14:00 - 2016-07-23 14:06 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part22.rar
2016-07-23 14:00 - 2016-07-23 14:05 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part23.rar
2016-07-23 14:00 - 2016-07-23 14:04 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part21.rar
2016-07-23 12:34 - 2016-07-23 12:41 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part20.rar
2016-07-23 12:34 - 2016-07-23 12:40 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part19.rar
2016-07-23 12:34 - 2016-07-23 12:40 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part17.rar
2016-07-23 12:34 - 2016-07-23 12:39 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part18.rar
2016-07-23 12:11 - 2016-07-23 12:19 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part14.rar
2016-07-23 12:11 - 2016-07-23 12:18 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part15.rar
2016-07-23 12:11 - 2016-07-23 12:18 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part13.rar
2016-07-23 12:11 - 2016-07-23 12:15 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part16.rar
2016-07-23 11:57 - 2016-07-23 12:03 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part12.rar
2016-07-23 11:57 - 2016-07-23 12:03 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part10.rar
2016-07-23 11:57 - 2016-07-23 12:01 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part11.rar
2016-07-23 11:56 - 2016-07-23 12:02 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part09.rar
2016-07-23 11:22 - 2016-07-23 11:34 - 37344125 _____ C:\Users\User\Downloads\Carly Parker Puma Swede - 4 Tits 2 Clits Your Dick - BigBoobsPOV.zip
2016-07-23 11:05 - 2016-07-23 11:12 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part05.rar
2016-07-23 11:05 - 2016-07-23 11:11 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part08.rar
2016-07-23 11:05 - 2016-07-23 11:11 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part06.rar
2016-07-23 11:05 - 2016-07-23 11:10 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part07.rar
2016-07-23 10:56 - 2016-07-23 11:03 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part04.rar
2016-07-23 10:56 - 2016-07-23 11:02 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part01.rar
2016-07-23 10:56 - 2016-07-23 11:01 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part02.rar
2016-07-23 10:56 - 2016-07-23 11:00 - 524288000 _____ C:\Users\User\Downloads\David Tian - Limitless 2.0.part03.rar
2016-07-23 10:31 - 2016-07-23 12:15 - 190522445 _____ C:\Users\User\Downloads\Ca.Xu.Pow.So.Sk.part2.rar
2016-07-23 02:57 - 2016-07-23 07:42 - 524288000 _____ C:\Users\User\Downloads\Ca.Xu.Pow.So.Sk.part1.rar
2016-07-23 02:56 - 2016-07-23 02:59 - 524288000 _____ C:\Users\User\Downloads\Ha.Th.Fa.Ap.part2.rar
2016-07-23 02:56 - 2016-07-23 02:59 - 524288000 _____ C:\Users\User\Downloads\Ha.Th.Fa.Ap.part1.rar
2016-07-23 02:56 - 2016-07-23 02:56 - 47943241 _____ C:\Users\User\Downloads\Ha.Th.Fa.Ap.part3.rar
2016-07-23 02:40 - 2016-07-23 02:46 - 524288000 _____ C:\Users\User\Downloads\DD_Conversation Guide For Men.part6.rar
2016-07-23 02:40 - 2016-07-23 02:46 - 524288000 _____ C:\Users\User\Downloads\DD_Conversation Guide For Men.part5.rar
2016-07-23 02:40 - 2016-07-23 02:45 - 466788151 _____ C:\Users\User\Downloads\DD_Conversation Guide For Men.part7.rar
2016-07-23 02:35 - 2016-07-23 02:42 - 524288000 _____ C:\Users\User\Downloads\DD_Conversation Guide For Men.part3.rar
2016-07-23 02:35 - 2016-07-23 02:42 - 524288000 _____ C:\Users\User\Downloads\DD_Conversation Guide For Men.part2.rar
2016-07-23 02:35 - 2016-07-23 02:40 - 524288000 _____ C:\Users\User\Downloads\DD_Conversation Guide For Men.part4.rar
2016-07-23 02:34 - 2016-07-23 02:40 - 524288000 _____ C:\Users\User\Downloads\DD_Conversation Guide For Men.part1.rar
2016-07-23 02:05 - 2016-07-23 02:33 - 00000000 ____D C:\Users\User\Downloads\Tyler - H0tsit At H0me
2016-07-23 02:04 - 2016-07-23 02:05 - 320512174 _____ C:\Users\User\Downloads\Conversational Power 2014.part5.rar
2016-07-23 01:53 - 2016-07-23 02:00 - 524288000 _____ C:\Users\User\Downloads\Conversational Power 2014.part2.rar
2016-07-23 01:53 - 2016-07-23 01:59 - 524288000 _____ C:\Users\User\Downloads\Conversational Power 2014.part4.rar
2016-07-23 01:53 - 2016-07-23 01:59 - 524288000 _____ C:\Users\User\Downloads\Conversational Power 2014.part1.rar
2016-07-23 01:53 - 2016-07-23 01:58 - 524288000 _____ C:\Users\User\Downloads\Conversational Power 2014.part3.rar
2016-07-23 01:48 - 2016-07-23 01:55 - 524288000 _____ C:\Users\User\Downloads\My-Hi.Gu.An.St.part1.rar
2016-07-23 01:48 - 2016-07-23 01:53 - 504583669 _____ C:\Users\User\Downloads\My-Hi.Gu.An.St.part3.rar
2016-07-23 01:48 - 2016-07-23 01:51 - 524288000 _____ C:\Users\User\Downloads\My-Hi.Gu.An.St.part2.rar
2016-07-23 01:44 - 2016-07-23 01:44 - 45655297 _____ C:\Users\User\Downloads\Tinsanity - The Ultimate Tinder Seduction System-G_P.rar
2016-07-22 21:40 - 2016-07-22 21:49 - 524288000 _____ C:\Users\User\Downloads\Nick Savoy Love Systems - Relationship Management-G [email protected]
2016-07-22 21:40 - 2016-07-22 21:48 - 524288000 _____ C:\Users\User\Downloads\Nick Savoy Love Systems - Relationship Management-G [email protected]
2016-07-22 21:40 - 2016-07-22 21:47 - 524288000 _____ C:\Users\User\Downloads\Nick Savoy Love Systems - Relationship Management-G [email protected]
2016-07-22 21:40 - 2016-07-22 21:42 - 374541510 _____ C:\Users\User\Downloads\Nick Savoy Love Systems - Relationship Management-G [email protected]
2016-07-22 00:28 - 2016-07-23 01:57 - 524288000 _____ C:\Users\User\Downloads\Tyler - H0tsit At H0me.part19.rar
2016-07-21 23:54 - 2016-06-15 13:39 - 00000000 ____D C:\Users\User\Downloads\Spectre (2015) 480p 2ch BRRip AAC x264 - [GeekRG]
2016-07-21 12:32 - 2015-07-22 15:10 - 00000000 ____D C:\Users\User\Downloads\Shift
2016-07-21 12:31 - 2016-07-23 01:51 - 00000000 ____D C:\Users\User\Downloads\P Tr-D Ga-e
2016-07-21 06:03 - 2016-07-21 06:08 - 191007573 _____ C:\Users\User\Downloads\Angela Duckworth - Grit The Power of Passion and Perseverance.rar
2016-07-21 04:36 - 2016-07-21 04:36 - 00000000 ____D C:\WINDOWS\EOONotify
2016-07-20 21:49 - 2016-07-17 03:10 - 00000000 ____D C:\Users\User\Downloads\3GAD - Full
2016-07-20 21:03 - 2015-05-25 07:20 - 00000000 ____D C:\Users\User\Downloads\3GAD
2016-07-20 21:02 - 2016-07-20 21:02 - 00000000 ____D C:\Users\User\Downloads\hy0kj.Jeff.Allen..Execute.The.Program..The.ShyAwkward.Girl
2016-07-20 21:01 - 2015-05-16 13:16 - 00000000 ____D C:\Users\User\Downloads\Foundations-
2016-07-20 17:54 - 2015-04-17 10:10 - 00000000 ____D C:\Users\User\Downloads\Execute The Program - RSD Jeffy
2016-07-20 17:49 - 2016-07-10 07:34 - 00000000 ____D C:\Users\User\Downloads\Da.ga-Ge.Ge.Gi
2016-07-20 06:05 - 2016-07-20 07:16 - 351131417 _____ C:\Users\User\Downloads\215644585ches2565.mp4
2016-07-20 06:04 - 2016-07-20 09:56 - 709943031 _____ C:\Users\User\Downloads\578Eeciahaa.mp4
2016-07-20 06:04 - 2016-07-20 06:23 - 55678750 _____ C:\Users\User\Downloads\Kianna_Dior_Kianna's_xmas_[bleep].mp4
2016-07-20 05:57 - 2016-07-20 06:40 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part10.rar
2016-07-20 01:31 - 2016-07-20 02:17 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part09 (1).rar
2016-07-19 20:34 - 2016-07-19 21:22 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part09.rar
2016-07-19 20:32 - 2016-07-20 00:56 - 474464256 _____ C:\Users\User\Downloads\Unconfirmed 941085.crdownload
2016-07-19 13:14 - 2016-07-19 13:58 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part08.rar
2016-07-19 05:41 - 2016-07-19 06:26 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part07.rar
2016-07-18 17:19 - 2016-07-18 18:04 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part06 (1).rar
2016-07-18 05:59 - 2016-07-18 06:43 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part06.rar
2016-07-18 00:43 - 2016-07-18 01:27 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part05.rar
2016-07-17 20:27 - 2016-07-17 21:13 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part04.rar
2016-07-17 12:18 - 2016-07-17 12:18 - 00001115 _____ C:\Users\User\Downloads\Unconfirmed 604055.crdownload
2016-07-17 12:15 - 2016-07-17 13:05 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part03 (1).rar
2016-07-17 12:11 - 2016-07-17 12:11 - 00000000 ____D C:\Users\User\Downloads\jeff.Allen..Execute.The.Program..The.ShyAwkward.Girl
2016-07-17 12:08 - 2016-07-17 12:08 - 00328045 _____ C:\Users\User\Downloads\Mahou Senshi Louie Rune Soldier 2001 E D (2).torrent
2016-07-17 12:08 - 2016-07-17 12:08 - 00328045 _____ C:\Users\User\Downloads\Mahou Senshi Louie Rune Soldier 2001 E D (1).torrent
2016-07-17 12:08 - 2016-07-17 12:08 - 00021883 _____ C:\Users\User\Downloads\Muv Luv Alternative Total Eclipse 2012 Exiled Destiny Dual Audio (1).torrent
2016-07-17 09:05 - 2016-07-17 09:05 - 00328045 _____ C:\Users\User\Downloads\Mahou Senshi Louie Rune Soldier 2001 E D.torrent
2016-07-17 09:05 - 2016-07-17 09:05 - 00023481 _____ C:\Users\User\Downloads\Mamoru kun ni Megami no Shukufuku wo 2006 GrimRipper 10 bit.torrent
2016-07-17 09:05 - 2016-07-17 09:05 - 00021883 _____ C:\Users\User\Downloads\Muv Luv Alternative Total Eclipse 2012 Exiled Destiny Dual Audio.torrent
2016-07-17 09:04 - 2016-07-17 09:04 - 00028374 _____ C:\Users\User\Downloads\Hikari to Mizu no Daphne 2004 Tipota Dual Audio.torrent
2016-07-17 08:58 - 2016-07-17 08:58 - 00198651 _____ C:\Users\User\Downloads\Bleach 2004 HorribleSubs SD 480p HD 720p (2).torrent
2016-07-17 08:44 - 2016-07-17 08:44 - 00198651 _____ C:\Users\User\Downloads\Bleach 2004 HorribleSubs SD 480p HD 720p (1).torrent
2016-07-17 08:39 - 2016-07-17 09:25 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part03.rar
2016-07-17 08:30 - 2016-07-17 08:30 - 00198651 _____ C:\Users\User\Downloads\Bleach 2004 HorribleSubs SD 480p HD 720p.torrent
2016-07-17 02:14 - 2016-07-17 03:00 - 1073741826 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part02.rar
2016-07-16 21:22 - 2016-07-16 22:08 - 1073741860 _____ C:\Users\User\Downloads\kd0xz.R.S.D.E.T.P.J.A.part01.rar
2016-07-16 21:21 - 2016-07-16 21:22 - 00002575 _____ C:\Users\User\Downloads\Unconfirmed 723572.crdownload
2016-07-16 20:14 - 2016-07-20 21:02 - 00000000 ____D C:\Users\User\Downloads\LS Social Circle Mastery
2016-07-15 21:11 - 2016-07-15 21:21 - 124825802 _____ C:\Users\User\Downloads\kianna578978.rar
2016-07-14 13:17 - 2016-07-14 13:45 - 86857402 _____ C:\Users\User\Downloads\Hitomi sco 27.zip
2016-07-14 13:17 - 2016-07-14 13:37 - 63706225 _____ C:\Users\User\Downloads\sr326.rar
2016-07-14 06:08 - 2016-07-14 06:37 - 260660843 _____ C:\Users\User\Downloads\LAFRN.rar
2016-07-14 06:08 - 2016-07-14 06:30 - 68104693 _____ C:\Users\User\Downloads\Hitomi sco 23.zip
2016-07-14 06:08 - 2016-07-14 06:12 - 13446808 _____ C:\Users\User\Downloads\Sha Rizel - The Brunette in Red.zip
2016-07-13 13:01 - 2016-07-13 13:37 - 332648240 _____ C:\Users\User\Downloads\Msrt_BBTGCOT_sd (1).rar
2016-07-13 12:58 - 2016-07-13 13:12 - 26140565 _____ C:\Users\User\Downloads\Hitomi Knee Socks Nude 66 pix.zip
2016-07-13 06:33 - 2016-05-25 09:22 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-07-13 06:33 - 2016-05-25 09:22 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-07-13 06:33 - 2016-05-25 09:12 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-07-13 06:33 - 2016-05-25 09:12 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-07-13 06:05 - 2016-07-13 06:50 - 406171132 _____ C:\Users\User\Downloads\MWECEEvEhM.rar
2016-07-13 06:05 - 2016-07-13 06:13 - 25044504 _____ C:\Users\User\Downloads\Hitomi sco 11.zip
2016-07-12 23:59 - 2016-07-13 00:36 - 112440452 _____ C:\Users\User\Downloads\Hitomi sco 24.zip
2016-07-12 19:50 - 2016-07-12 20:03 - 23306226 _____ C:\Users\User\Downloads\Sha Rizel - Tight is Right.zip
2016-07-12 19:48 - 2016-07-12 20:52 - 753561008 _____ C:\Users\User\Downloads\diamond_fo.rar
2016-07-12 19:47 - 2016-07-12 20:13 - 234980853 _____ C:\Users\User\Downloads\SSBOAT.rar
2016-07-12 19:47 - 2016-07-12 19:49 - 18421588 _____ C:\Users\User\Downloads\Hitomi sco 14.zip
2016-07-12 18:21 - 2016-06-25 16:05 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-07-12 18:21 - 2016-06-25 14:13 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2016-07-12 18:21 - 2016-06-25 12:24 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2016-07-12 18:21 - 2016-06-25 12:15 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-07-12 18:21 - 2016-06-25 12:13 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-07-12 18:21 - 2016-06-25 12:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2016-07-12 18:21 - 2016-06-22 09:48 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-07-12 18:21 - 2016-06-21 14:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2016-07-12 18:21 - 2016-06-21 10:12 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2016-07-12 18:21 - 2016-06-21 09:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-07-12 18:21 - 2016-06-21 09:48 - 01208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-07-12 18:21 - 2016-06-21 09:48 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-07-12 18:21 - 2016-06-21 09:48 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-07-12 18:21 - 2016-06-21 09:48 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-07-12 18:21 - 2016-06-21 09:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-07-12 18:21 - 2016-06-21 09:48 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-07-12 18:21 - 2016-06-11 15:45 - 07445856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-07-12 18:21 - 2016-06-11 14:14 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-07-12 18:21 - 2016-06-11 14:11 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-07-12 18:21 - 2016-06-11 13:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-07-12 18:21 - 2016-06-11 13:22 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-07-12 18:21 - 2016-06-11 13:22 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-07-12 18:21 - 2016-06-11 13:13 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-07-12 18:21 - 2016-06-11 13:12 - 20348928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-07-12 18:21 - 2016-06-11 13:07 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-07-12 18:21 - 2016-06-11 13:00 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-07-12 18:21 - 2016-06-11 12:57 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-07-12 18:21 - 2016-06-11 12:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-07-12 18:21 - 2016-06-11 12:38 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-07-12 18:21 - 2016-06-11 12:33 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-07-12 18:21 - 2016-06-11 12:31 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-07-12 18:21 - 2016-06-11 12:31 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-07-12 18:21 - 2016-06-11 12:30 - 15409664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-07-12 18:21 - 2016-06-11 12:29 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-07-12 18:21 - 2016-06-11 12:15 - 13806080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-07-12 18:21 - 2016-06-11 12:12 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-07-12 18:21 - 2016-06-11 11:59 - 02392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-07-12 18:21 - 2016-06-11 11:56 - 01315840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-07-12 18:21 - 2016-06-11 11:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-07-12 18:21 - 2016-01-30 15:50 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-07-12 18:21 - 2016-01-30 15:00 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2016-07-12 18:21 - 2016-01-30 14:48 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-07-12 18:21 - 2016-01-30 14:18 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-07-12 18:21 - 2016-01-30 13:48 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2016-07-12 18:21 - 2016-01-30 13:41 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-07-12 18:20 - 2016-06-11 13:56 - 25812992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-07-12 18:20 - 2016-06-11 13:42 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-07-12 18:20 - 2016-06-11 13:23 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-07-12 18:20 - 2016-06-11 13:21 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-07-12 18:20 - 2016-06-11 13:20 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-07-12 18:20 - 2016-06-11 13:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-07-12 18:20 - 2016-06-11 13:03 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-07-12 18:20 - 2016-06-11 13:01 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-07-12 18:20 - 2016-06-11 13:00 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-07-12 18:20 - 2016-06-11 12:43 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-07-12 18:20 - 2016-06-11 12:31 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-07-12 18:20 - 2016-06-11 12:26 - 02869248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-07-12 18:20 - 2016-06-11 12:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-07-12 18:20 - 2016-06-10 17:35 - 04167680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-07-12 13:30 - 2016-07-12 23:27 - 1100991838 _____ C:\Users\User\Downloads\570PhoenixMarie.rar
2016-07-12 13:27 - 2016-07-12 14:07 - 364173066 _____ C:\Users\User\Downloads\sh.rar
2016-07-12 13:26 - 2016-07-12 13:29 - 22987857 _____ C:\Users\User\Downloads\Hitomi sco 16.zip
2016-07-12 05:56 - 2016-07-12 09:11 - 601259111 _____ C:\Users\User\Downloads\G7QDzvYyS.rar
2016-07-12 00:52 - 2016-07-12 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-12 00:09 - 2016-07-12 00:12 - 23203708 _____ C:\Users\User\Downloads\Hitomi Pinup 24.zip
2016-07-12 00:04 - 2016-07-12 00:45 - 495855605 _____ C:\Users\User\Downloads\Ava-Addams-And-Her-Big-Tits-Suck-3-Cocks-At-Gloryhole.rar
2016-07-09 21:29 - 2016-07-12 00:28 - 314697077 _____ C:\Users\User\Downloads\LAINTER.rar
2016-07-09 21:18 - 2016-07-12 00:55 - 219666582 _____ C:\Users\User\Downloads\ck9sujdye4fdsjngh6-8.rar
2016-07-09 21:14 - 2016-07-09 21:16 - 324350025 _____ C:\Users\User\Downloads\li040516an.rar
2016-07-09 20:37 - 2016-07-09 20:41 - 39086257 _____ C:\Users\User\Downloads\Hitomi 50s Style 62 pix.zip
2016-07-09 20:33 - 2016-07-09 20:57 - 295384407 _____ C:\Users\User\Downloads\StReS2.rar
2016-07-08 13:40 - 2016-07-08 13:40 - 00016995 _____ C:\Users\User\Downloads\4190721128.Pdf
2016-07-08 13:38 - 2016-07-08 13:38 - 00634649 _____ C:\Users\User\Downloads\4190721128_1.pdf
2016-07-08 06:04 - 2016-07-08 08:08 - 381240535 _____ C:\Users\User\Downloads\1689La_T-P-L-H.rar
2016-07-08 06:03 - 2016-07-08 06:40 - 112421607 _____ C:\Users\User\Downloads\4035z18_T-P-P-D-3213.rar
2016-07-08 01:58 - 2016-07-08 02:02 - 106040919 _____ C:\Users\User\Downloads\2312TeraSpider.rar
2016-07-08 01:57 - 2016-07-08 03:29 - 283068161 _____ C:\Users\User\Downloads\23309_01_big (1).rar
2016-07-08 01:57 - 2016-07-08 02:24 - 283068161 _____ C:\Users\User\Downloads\23309_01_big.rar
2016-07-08 01:56 - 2016-07-08 04:31 - 646789187 _____ C:\Users\User\Downloads\Msrt_BBTGCOT_hd.rar
2016-07-07 05:42 - 2016-07-07 07:21 - 303727250 _____ C:\Users\User\Downloads\4035z55_T-P-P-A-B-F.rar
2016-07-07 05:41 - 2016-07-07 05:43 - 281678302 _____ C:\Users\User\Downloads\te030616pa.rar
2016-07-07 03:01 - 2016-07-07 05:51 - 521211463 _____ C:\Users\User\Downloads\201_040916_333_598 (1).rar
2016-07-07 02:47 - 2016-07-07 04:03 - 321278766 _____ C:\Users\User\Downloads\Pigtails.rar
2016-07-07 02:43 - 2016-07-07 02:54 - 267098306 _____ C:\Users\User\Downloads\3843a_T-P-V-03.rar
2016-07-07 02:25 - 2016-07-07 06:08 - 2693825049 _____ C:\Users\User\Downloads\Puma Swede - Up Her [bleep] #3.rar
2016-07-07 00:18 - 2016-07-07 03:14 - 540508727 _____ C:\Users\User\Downloads\titsktrhrtlsctrs4 (1).rar
2016-07-06 17:29 - 2016-07-06 17:37 - 13816064 _____ C:\Users\User\Downloads\Abbi_Secraa_-_Natural_Boobs_-_Kisses_On_My_Treasures.rar
2016-07-06 17:03 - 2016-07-06 20:59 - 723952020 _____ C:\Users\User\Downloads\5WuRcNnid.rar
2016-07-06 13:00 - 2016-07-06 14:49 - 332648240 _____ C:\Users\User\Downloads\Msrt_BBTGCOT_sd.rar
2016-07-06 12:59 - 2016-07-06 15:55 - 540508727 _____ C:\Users\User\Downloads\titsktrhrtlsctrs4.rar
2016-07-06 06:34 - 2016-07-06 07:17 - 521211463 _____ C:\Users\User\Downloads\201_040916_333_598.rar
2016-07-02 21:43 - 2016-07-02 21:43 - 00000000 ___RD C:\Sandbox
2016-07-02 21:37 - 2016-07-27 17:34 - 00002062 _____ C:\WINDOWS\Sandboxie.ini
2016-07-02 21:37 - 2016-07-22 01:02 - 00001014 _____ C:\Users\User\Desktop\Sandboxed Web Browser.lnk
2016-07-02 21:36 - 2016-07-02 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-07-02 21:36 - 2016-07-02 21:36 - 00000000 ____D C:\Program Files\Sandboxie
2016-07-02 21:32 - 2016-07-02 21:32 - 08969872 _____ (Sandboxie Holdings, LLC) C:\Users\User\Downloads\SandboxieInstall.exe
2016-07-02 21:22 - 2016-07-02 21:22 - 78234541 _____ C:\Users\User\Downloads\Leanne_Crow_-_Sparkle_Hot_Tub_Bikini_2_-_720p.wmv.crdownload
2016-07-02 21:16 - 2016-07-02 21:16 - 00000385 _____ C:\Users\User\AppData\Roaminguser_gensett.xml
2016-07-02 21:16 - 2016-07-02 21:16 - 00000000 ____D C:\Users\User\Documents\My Games
2016-07-02 21:15 - 2016-07-02 21:15 - 823264064 _____ C:\WINDOWS\MEMORY.DMP
2016-07-02 21:15 - 2016-07-02 21:15 - 00294440 _____ C:\WINDOWS\Minidump\070216-6953-01.dmp
2016-07-02 21:15 - 2016-07-02 21:15 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-02 18:02 - 2016-07-02 18:02 - 00002152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2016-07-02 18:02 - 2016-07-02 18:02 - 00002140 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2016-07-02 18:02 - 2016-07-02 18:02 - 00000000 ____D C:\Program Files (x86)\Belarc
2016-07-02 17:57 - 2016-07-02 17:57 - 04401648 _____ C:\Users\User\Downloads\advisorinstaller.exe
2016-07-02 17:44 - 2016-07-02 17:44 - 138645264 _____ (Microsoft Corporation) C:\Users\User\Downloads\msert.exe
2016-07-02 17:39 - 2016-07-02 17:39 - 50716384 _____ (Microsoft Corporation) C:\Users\User\Downloads\Windows-KB890830-x64-V5.37.exe
2016-07-02 15:31 - 2016-07-28 06:00 - 00133454 _____ C:\WINDOWS\ntbtlog.txt
2016-07-02 15:30 - 2016-07-02 15:30 - 00000000 ____D C:\WINDOWS\pss
2016-07-01 01:07 - 2016-07-01 01:07 - 00001134 _____ C:\Users\User\Desktop\ckfiles.txt
2016-07-01 01:05 - 2016-07-01 01:05 - 00468480 _____ () C:\Users\User\Downloads\CKScanner.exe
2016-07-01 01:05 - 2016-07-01 01:05 - 00468480 _____ () C:\Users\User\Desktop\CKScanner.exe
2016-06-29 01:14 - 2016-07-09 20:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-29 01:14 - 2016-06-29 01:14 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-29 01:14 - 2016-06-29 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-29 01:13 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-29 01:13 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-29 01:13 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-29 01:12 - 2016-06-29 01:12 - 00001095 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2016-06-29 01:12 - 2016-06-29 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2016-06-29 01:12 - 2012-05-02 12:17 - 01070152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2016-06-29 01:12 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-28 20:17 - 2016-06-25 12:58 - 00000000 ____D C:\FRST
2016-07-28 20:08 - 2015-04-14 21:44 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2016-07-28 20:06 - 2016-01-11 06:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-28 19:57 - 2016-06-27 02:24 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-07-28 19:51 - 2015-10-03 20:46 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-07-28 19:46 - 2015-07-25 22:10 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001UA.job
2016-07-28 19:30 - 2015-03-29 18:41 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-28 18:46 - 2015-07-25 22:10 - 00000864 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001Core.job
2016-07-28 18:41 - 2015-07-25 22:10 - 00003860 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001UA
2016-07-28 18:41 - 2015-07-25 22:10 - 00003480 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001Core
2016-07-28 18:30 - 2015-03-29 18:41 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-28 18:25 - 2015-03-29 18:41 - 00003890 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 18:25 - 2015-03-29 18:41 - 00003654 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 17:50 - 2015-05-02 10:19 - 00000000 ____D C:\ProgramData\Origin
2016-07-27 23:41 - 2015-10-04 22:59 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-27 22:54 - 2015-07-19 11:54 - 00000000 ____D C:\Users\User\Incomplete
2016-07-27 22:00 - 2014-03-18 06:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-27 22:00 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-07-27 20:51 - 2015-10-03 20:46 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-07-27 20:29 - 2015-07-19 09:48 - 00000000 ____D C:\Users\User\OneDrive
2016-07-27 17:34 - 2016-04-21 01:37 - 00000000 ____D C:\Users\User\.rainlendar2
2016-07-27 17:34 - 2015-07-18 11:59 - 00000000 ___RD C:\Users\User\Google Drive
2016-07-27 17:34 - 2015-04-03 21:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-27 17:27 - 2015-10-03 13:24 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2016-07-27 17:25 - 2015-11-15 17:15 - 00000091 _____ C:\HaxLogs.txt
2016-07-27 17:25 - 2015-03-21 10:31 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-07-27 17:25 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-27 17:24 - 2016-06-25 01:29 - 00005490 _____ C:\bdlog.txt
2016-07-27 17:24 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-07-27 17:19 - 2016-06-18 11:36 - 00000000 ____D C:\ProgramData\BDLogging
2016-07-27 17:13 - 2013-08-22 11:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-07-27 17:13 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-07-26 21:01 - 2015-03-21 18:22 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4198864589-2716103951-1576274748-1001
2016-07-26 20:33 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-26 20:32 - 2015-03-28 14:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-07-26 20:29 - 2015-03-28 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2016-07-26 20:29 - 2015-03-28 19:47 - 00000000 ____D C:\Program Files\Adobe
2016-07-26 20:29 - 2015-03-21 10:49 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-07-26 20:28 - 2015-03-21 10:48 - 00000000 ____D C:\ProgramData\Adobe
2016-07-26 20:27 - 2015-03-28 19:47 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-07-26 20:26 - 2015-03-28 20:28 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-07-26 20:19 - 2015-03-21 10:47 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2016-07-23 20:16 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-07-23 20:14 - 2015-08-23 12:54 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2016-07-23 19:50 - 2015-11-13 23:59 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-23 02:34 - 2015-03-21 18:16 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2016-07-21 04:36 - 2015-04-11 09:32 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-07-21 04:36 - 2015-04-11 09:32 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-07-21 04:36 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-20 19:43 - 2015-07-25 21:31 - 00000000 ____D C:\Users\User\AppData\Local\MEGAsync
2016-07-17 05:08 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-07-16 18:25 - 2013-08-22 10:44 - 05102992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-16 18:24 - 2015-04-16 01:01 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-07-16 18:24 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-07-13 06:39 - 2015-03-21 10:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-13 06:34 - 2015-03-21 10:24 - 144749672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-13 06:33 - 2014-03-18 05:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-13 01:06 - 2016-01-11 06:25 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-07-13 01:06 - 2015-11-13 23:59 - 00003848 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-07-13 01:06 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-07-13 01:06 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-12 19:56 - 2015-07-25 09:58 - 00000000 ____D C:\Users\User\AppData\Roaming\KeePass
2016-07-12 03:30 - 2015-03-21 10:51 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-07-12 00:52 - 2015-10-03 20:46 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-07-08 01:49 - 2015-08-22 09:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Stardock
2016-07-02 20:23 - 2015-03-29 18:49 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2016-07-02 20:22 - 2015-07-18 14:10 - 00000000 ____D C:\Users\User\AppData\Local\Dropbox
2016-07-02 15:47 - 2016-06-27 02:26 - 00520032 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-07-02 15:47 - 2016-06-27 02:26 - 00299816 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2016-07-02 00:29 - 2013-08-22 11:38 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-07-02 00:29 - 2013-08-22 11:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-29 01:14 - 2016-06-25 01:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-29 01:13 - 2016-06-26 17:59 - 00000000 ____D C:\ProgramData\TEMP
2016-06-29 01:12 - 2016-06-26 17:58 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-06-28 21:25 - 2015-03-29 18:42 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-28 21:25 - 2015-03-29 18:42 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2015-10-30 20:47 - 2015-10-30 20:47 - 0000000 _____ () C:\Users\User\AppData\Roaming\Stardockfences_debug_snapshot.dat
2015-03-21 10:30 - 2015-03-21 10:30 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2015-09-06 05:37 - 2015-09-06 05:37 - 0000218 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2015-04-22 21:23 - 2016-03-21 11:59 - 0000010 _____ () C:\Users\User\AppData\Local\sponge.last.runtime.cache
2016-06-27 02:29 - 2016-06-27 02:29 - 0405898 _____ () C:\ProgramData\1467008746.bdinstall.bin
2016-07-27 17:20 - 2016-07-27 17:20 - 0026214 _____ () C:\ProgramData\1469654400.bdinstall.bin
2016-03-02 19:35 - 2016-03-02 19:35 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-04-08 02:06 - 2015-04-08 02:10 - 0000839 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-26 21:01
 
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by User (2016-07-28 20:18:11)
Running from C:\Users\User\Downloads
Windows 8.1 (Update) (X64) (2015-03-21 22:56:10)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4198864589-2716103951-1576274748-500 - Administrator - Disabled)
Guest (S-1-5-21-4198864589-2716103951-1576274748-501 - Limited - Disabled)
User (S-1-5-21-4198864589-2716103951-1576274748-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
4K Stogram 1.9 (HKLM-x32\...\4K Stogram_is1) (Version: 1.9.5.964 - Open Media LLC)
5600 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon Kindle (HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{9043E92C-183C-7633-0237-96CE00F5C909}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AutoHotkey 1.1.22.04 (HKLM\...\AutoHotkey) (Version: 1.1.22.04 - Lexikos)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Belvedere 0.7.1 (HKLM-x32\...\Belvedere) (Version: 0.7.1 - Lifehacker)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.28.1503 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Renegade (HKLM-x32\...\{97B5E8B9-D5E6-49C4-8CDA-7E096BE2601A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Deluge 1.3.11 (HKLM-x32\...\Deluge) (Version:  - )
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Elevated Installer (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
ETDWare X64 11.7.19.9_WHQL (HKLM\...\Elantech) (Version: 11.7.19.9 - ELAN Microelectronic Corp.)
Evernote v. 6.0.6 (HKLM-x32\...\{FC4A0E2E-0CD3-11E6-B80E-005056951CAD}) (Version: 6.0.6.1769 - Evernote Corp.)
Fallout 3 (HKLM-x32\...\Steam App 22300) (Version:  - Bethesda Game Studios)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fences (HKLM-x32\...\Fences) (Version:  - Stardock Corporation)
Fences (Version: 1.0 - Stardock Corporation) Hidden
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Free Video Editor version 1.4.15.913 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.15.913 - DVDVideoSoft Ltd.)
Garmin Express (HKLM-x32\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Greyfox (HKLM-x32\...\Steam App 341310) (Version:  - Lesley Dodd)
hakuneko (HKLM-x32\...\hakuneko_is1) (Version: 1.3.12 - Ronny Wegener <[email protected]>)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java SE Development Kit 7 Update 80 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170800}) (Version: 1.7.0.800 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 1.29 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.29 - Dominik Reichl)
KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl)
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version:  - Gazillion Entertainment)
MediaInfo 0.7.77 (HKLM\...\MediaInfo) (Version: 0.7.77 - MediaArea.net)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4841.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MindMaple Lite 1.71 (HKLM-x32\...\MindMaple_is1) (Version: v1.71 - MindMaple Inc.)
Mp3tag v2.77 (HKLM-x32\...\Mp3tag) (Version: v2.77 - Florian Heidenreich)
Music Manager (HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\...\MusicManager) (Version:  - Google, Inc.)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Opera Stable 38.0.2220.29 (HKLM-x32\...\Opera 38.0.2220.29) (Version: 38.0.2220.29 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
PdaNet+ for Android 4.17 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3.1 r2602 - )
RAW Image Viewer (HKLM-x32\...\{3C867AA0-22EC-4B27-8C60-A354AA37D68C}_is1) (Version:  - IdeaMK)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.71 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7055 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
S Agent (Version: 1.1.54 - Samsung Electronics CO., LTD.) Hidden
Samsung Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Samsung Update (HKLM-x32\...\{A9D16B9C-AA6D-4154-80CA-17099A2C308F}) (Version: 2.2.16 - Samsung Electronics CO., LTD.)
Sandboxie 5.12 (64-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Scrivener (HKLM-x32\...\Scrivener 1900) (Version: 1900 - Literature and Latte)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.4700 - DTS, Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version:  - FireFly Studios)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Timelines: Assault on America (HKLM-x32\...\Steam App 234060) (Version:  - 4Flash Interactive)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Trend Micro DirectPass (Version: 1.9.0.1094 - Trend Micro Inc.) Hidden
Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts)
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic Entertainment)
WD Drive Utilities (HKLM-x32\...\{22662b08-91e0-4540-bb98-c96f32e09417}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{429a42d7-4c55-44d4-b38a-5872a0d70495}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD SmartWare (HKLM\...\{EC54143B-24CC-47D2-AB39-0F5701988BA4}) (Version: 2.1.0.11 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
yabause 0.9.14 (HKLM-x32\...\ (Win64)) (Version: 0.9.14 - Yabause team)
YouTube Free Downloader (HKLM-x32\...\YouTube Free Downloader) (Version: 5.1.1 - YouTubeFreeDownloader)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {075DC3FD-7238-4EE4-B215-7ECF89863935} - System32\Tasks\RtHDVBg_SRSSA => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-09-26] (Realtek Semiconductor)
Task: {0FF80CF3-2AF1-4B45-9E45-A125DF65F19D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {25C85F87-9EF5-418C-87EE-AD7E2C91AE8B} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2015-06-19] (Samsung Electronics CO., LTD.)
Task: {2E294BF5-2603-4A3B-AD0E-93829C48E191} - System32\Tasks\Opera scheduled Autoupdate 1444013975 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-07] (Opera Software)
Task: {3BB22E2C-F9DC-4803-B9AB-5613D231FB55} - System32\Tasks\Microsoft\Windows\Setup\EOONotify => C:\Windows\EOONotify\EOONotify.exe [2016-07-08] (Microsoft Corporation)
Task: {3F513832-55FE-47DA-9702-572DC96DCED1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-07-13] (Microsoft Corporation)
Task: {429CF09C-723F-42FC-A45A-2C09F74DB553} - System32\Tasks\HP AR Program Upload - 75cdb0c8122b498e8722a385a83650eb63077291aa7843a0b8ed9de84109eebd => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {535004F3-16FF-4247-BDC3-309BA51CE063} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-03] (Dropbox, Inc.)
Task: {5475AAF9-451A-4821-9C95-D87FCC6D4393} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {5A44E4C5-B24E-4E4B-BA1A-35A8AC41F88B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {62A4E0C1-96E3-40DA-8CE9-881F10395844} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {790D56F9-0CD5-463D-8348-A558CCA94A3F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-09-30] (Realtek Semiconductor)
Task: {7C07F944-072E-4595-8985-4B977CE939A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: {7C1A1085-8BA3-47A7-BF67-5DFB2037A8F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {8620A148-7B32-4EA0-8039-028D209C7788} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] ()
Task: {A2810CA7-D116-4F08-BEED-EB66BC4531D0} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-04-18] (Bitdefender)
Task: {A3CB9429-D737-4C32-A9AA-F57B33D23E4D} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-08-05] (Samsung Electronics CO., LTD.)
Task: {B6B109B1-951D-4ACD-9DE1-DB14219FB374} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-25] (Google Inc.)
Task: {CE7A0655-6322-49C8-BC86-12191AA6AFC0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {DD468263-DED3-42A2-B08E-EB64699E4A72} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-08-18] (Samsung Electronics CO., LTD.)
Task: {DD71A3BE-213C-4ADD-9F32-C81D5A5CC7F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: {E12B607E-7623-4265-B327-D637D6917828} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-25] (Google Inc.)
Task: {E96F221F-4BD2-4F57-B348-283CAE846979} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-18] (Microsoft Corporation)
Task: {EF9E8AE5-3AF0-4901-8DAF-D544C8D30716} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-03] (Dropbox, Inc.)
Task: {F276E8E4-1873-4B56-A90F-9201E9D709AD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {FF7C8F50-DA6D-47CF-85F2-E2B256A11DC6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-18] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4198864589-2716103951-1576274748-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ad.Block Pro.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jafeimghomcdjobocjhkolakbihggbak
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Adblock Pro.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jjecmbfimjajmfodkcbomajpjfalkncg
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Box for Chrome OS Beta.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dikonaebkejmpbpcnnmfaeopkaenicgf
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlock App (by STANDS).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dcnofaichneijfbkdkghmhjjbepjmble
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Habitual.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bblicfmcdjkhhnafcogoldjiihbnjili
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\LINE.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=menkifleemblimdogmoihpfopnplikde
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sunrise Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mojepfklcankkmikonjlnidiooanmpbb
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TickTick - Todo & Task List.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=eempgbpnkjnacmilmobpbhbfpdjdcpgd
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-06-27 02:26 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-06-27 02:26 - 2016-05-09 11:29 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
2016-06-27 02:26 - 2016-05-09 11:29 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
2016-06-27 02:26 - 2016-05-09 11:29 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
2016-06-27 02:26 - 2016-05-09 11:29 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
2016-04-22 01:07 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-29 21:51 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2016-07-26 20:31 - 2016-05-24 12:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-01 10:13 - 2016-07-20 19:42 - 00592384 _____ () C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll
2014-10-01 22:54 - 2014-10-01 22:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-11-13 07:57 - 2015-11-13 07:57 - 02739240 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2015-10-03 22:16 - 2010-11-10 19:38 - 00380928 _____ () C:\Program Files (x86)\Launchy\Launchy.exe
2015-04-04 21:09 - 2015-01-02 10:19 - 01054520 _____ () C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
2016-03-18 16:10 - 2016-03-18 16:10 - 00037008 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2016-03-18 16:10 - 2016-03-18 16:10 - 01410192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2016-03-18 16:08 - 2016-03-18 16:08 - 00233472 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.DLL
2016-03-18 16:08 - 2016-03-18 16:08 - 00108544 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.DLL
2016-03-18 16:08 - 2016-03-18 16:08 - 00612864 _____ () C:\Program Files\Rainmeter\Plugins\NowPlaying.DLL
2016-03-18 16:08 - 2016-03-18 16:08 - 00123392 _____ () C:\Program Files\Rainmeter\Plugins\WifiStatus.DLL
2016-03-18 16:08 - 2016-03-18 16:08 - 00134656 _____ () C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.DLL
2016-03-18 16:08 - 2016-03-18 16:08 - 00114176 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.DLL
2015-08-05 16:32 - 2015-08-05 16:32 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2015-07-18 14:13 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 01272128 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsAPI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2015-04-03 21:59 - 2016-04-29 16:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-04-03 21:59 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-04-03 21:59 - 2016-07-08 21:06 - 02317904 _____ () C:\Program Files (x86)\Steam\video.dll
2015-04-03 21:59 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-04-03 21:59 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-04-03 21:59 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-04-03 21:59 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-04-03 21:59 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-04-03 21:59 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-04-03 21:59 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-04-03 21:59 - 2016-07-08 21:06 - 00829520 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-12 14:18 - 2016-07-06 18:00 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-07-27 17:34 - 2016-07-27 17:34 - 00098816 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\win32api.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00110080 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\pywintypes27.dll
2016-07-27 17:34 - 2016-07-27 17:34 - 00364544 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\pythoncom27.dll
2016-07-27 17:34 - 2016-07-27 17:34 - 00320512 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\win32com.shell.shell.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00776704 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\_hashlib.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 01176576 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\wx._core_.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00806400 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\wx._gdi_.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00816128 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\wx._windows_.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 01067008 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\wx._controls_.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00733184 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\wx._misc_.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00682496 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\pysqlite2._sqlite.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00088064 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\_ctypes.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00119808 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\win32file.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00108544 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\win32security.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00007168 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\hashobjs_ext.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00017920 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\thumbnails_ext.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00088064 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\usb_ext.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00012288 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\common.time34.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00018432 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\win32event.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00167936 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\win32gui.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00046080 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\_socket.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 01208320 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\_ssl.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00128512 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\_elementtree.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00127488 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\pyexpat.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00038912 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\win32inet.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00036864 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\_psutil_windows.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00525208 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\windows._lib_cacheinvalidation.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00011264 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\win32crypt.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00077312 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\wx._html2.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00027136 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\_multiprocessing.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00020480 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\_yappi.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00035840 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\win32process.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00686080 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\unicodedata.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00078848 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\wx._animate.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00123392 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\wx._wizard.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00024064 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\win32pipe.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00010240 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\select.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00025600 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\win32pdh.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00017408 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\win32profile.pyd
2016-07-27 17:34 - 2016-07-27 17:34 - 00022528 ____R () C:\Users\User\AppData\Local\Temp\_MEI61082\win32ts.pyd
2016-06-28 21:25 - 2016-06-23 11:08 - 01747784 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libglesv2.dll
2016-06-28 21:25 - 2016-06-23 11:07 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libegl.dll
2015-04-03 21:59 - 2016-06-14 15:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-11-17 13:44 - 2015-11-17 13:44 - 00117248 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-11-17 13:45 - 2015-11-17 13:45 - 00234496 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-11-17 13:45 - 2015-11-17 13:45 - 00253440 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-11-17 13:44 - 2015-11-17 13:44 - 00344064 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-12-11 18:40 - 2014-12-11 18:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-08-14 02:31 - 2015-08-14 02:31 - 00252928 _____ () C:\Program Files (x86)\Rainlendar2\libical.dll
2015-08-14 02:31 - 2015-08-14 02:31 - 00051200 _____ () C:\Program Files (x86)\Rainlendar2\libicalss.dll
2014-05-04 06:48 - 2014-05-04 06:48 - 00197632 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2015-11-13 07:57 - 2015-11-13 07:57 - 00068136 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2014-05-04 06:49 - 2014-05-04 06:49 - 00027648 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2015-10-03 22:16 - 2009-12-16 22:13 - 08314880 _____ () C:\Program Files (x86)\Launchy\QtGui4.dll
2015-10-03 22:16 - 2009-12-16 21:56 - 00712704 _____ () C:\Program Files (x86)\Launchy\QtNetwork4.dll
2015-10-03 22:16 - 2009-12-16 21:54 - 02236416 _____ () C:\Program Files (x86)\Launchy\QtCore4.dll
2015-10-03 22:16 - 2009-12-17 00:18 - 00233472 _____ () C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
2015-10-03 22:16 - 2010-11-10 19:39 - 00081920 _____ () C:\Program Files (x86)\Launchy\plugins\calcy.dll
2015-10-03 22:16 - 2010-11-10 19:39 - 00090112 _____ () C:\Program Files (x86)\Launchy\plugins\controly.dll
2015-10-03 22:16 - 2010-11-10 19:38 - 00024064 _____ () C:\Program Files (x86)\Launchy\plugins\gcalc.dll
2015-10-03 22:16 - 2010-11-10 19:38 - 00094208 _____ () C:\Program Files (x86)\Launchy\plugins\runner.dll
2015-10-03 22:16 - 2010-11-10 19:38 - 00057344 _____ () C:\Program Files (x86)\Launchy\plugins\verby.dll
2015-10-03 22:16 - 2010-11-10 19:38 - 00122880 _____ () C:\Program Files (x86)\Launchy\plugins\weby.dll
2016-04-27 18:48 - 2016-04-27 18:48 - 00439480 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2016-04-27 18:48 - 2016-04-27 18:48 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2016-07-20 19:35 - 2016-07-20 19:35 - 00482304 _____ () C:\Users\User\AppData\Local\MEGAsync\libsodium.dll
2016-02-26 06:38 - 2016-02-26 06:38 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2015-10-02 20:51 - 2015-10-02 20:51 - 00090112 _____ () C:\Program Files (x86)\YouTube Free Downloader\lib\SystemUtilities.dll
2015-10-02 20:51 - 2015-10-02 20:51 - 00102400 _____ () C:\Program Files (x86)\YouTube Free Downloader\lib\jacob-1.14.1-x86.dll
2015-10-02 20:51 - 2015-10-02 20:51 - 00278528 _____ () C:\Program Files (x86)\YouTube Free Downloader\lib\Jshdocvw.dll
2015-10-02 20:51 - 2015-10-02 20:51 - 12005376 _____ () C:\Program Files (x86)\YouTube Free Downloader\lib\Jmshtml.dll
2016-07-12 22:49 - 2016-07-06 18:01 - 17602240 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00143296 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 02631616 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00554944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00041920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00039872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2015-04-13 09:58 - 2015-04-13 09:58 - 00086464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2015-04-13 09:56 - 2015-04-13 09:56 - 00070675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 02158528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00114112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00245184 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00089536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00055744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00072128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00593344 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00771520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00131520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00052672 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\librar_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00145856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 01566656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00332736 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2015-04-13 09:58 - 2015-04-13 09:58 - 01264064 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00069568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00048576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00344512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00157632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00754624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00031680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00089024 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00032192 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00040384 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00078272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00044992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00026048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00035264 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00037312 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00025536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 13522368 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 12001728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00242112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00108992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00096704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00091584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00261056 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00304576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 01291200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00052160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00456128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00035776 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 01549248 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00356288 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00140224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00176576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00067520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 01504704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00029632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00034240 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\User\Downloads\Firefox Setup 47.0.1.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2016-07-28 19:25 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4198864589-2716103951-1576274748-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F624A5C5-9562-461B-96F6-C13BE2FF0685}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C03B7998-716B-4BFE-B0F2-D451584EFF4A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B89E211A-565A-4B9A-845F-06206A696E91}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C2295DB8-2711-4FAE-888B-9836699BBB3F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
==================== Restore Points =========================
 
26-07-2016 20:50:04 Removed Digital Coupon Printer
27-07-2016 17:13:36 Restore Point Created by FRST
27-07-2016 17:19:36 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: HP Officejet Pro 8610
Description: HP Officejet Pro 8610
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/28/2016 03:58:27 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (07/27/2016 08:25:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1375
 
Error: (07/27/2016 08:25:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1375
 
Error: (07/27/2016 08:25:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/27/2016 05:48:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SWMAgent.exe, version: 2.2.2.4, time stamp: 0x56045dfb
Faulting module name: SWMAgent.exe, version: 2.2.2.4, time stamp: 0x56045dfb
Exception code: 0xc0000409
Fault offset: 0x001fffac
Faulting process id: 0xbac
Faulting application start time: 0xSWMAgent.exe0
Faulting application path: SWMAgent.exe1
Faulting module path: SWMAgent.exe2
Report Id: SWMAgent.exe3
Faulting package full name: SWMAgent.exe4
Faulting package-relative application ID: SWMAgent.exe5
 
Error: (07/27/2016 05:27:24 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
 
Error: (07/27/2016 05:19:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Adobe SwitchBoard since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (07/27/2016 05:19:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Trend Micro Password Manager Central Control Service since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (07/27/2016 05:19:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 27.7.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1fd0
 
Start Time: 01d1e84bb62d48e7
 
Termination Time: 46
 
Application Path: C:\Users\User\Downloads\FRST64.exe
 
Report Id: c7c2611b-543f-11e6-bea2-1867b022fa4e
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/27/2016 05:13:47 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler4
 
 
System errors:
=============
Error: (07/28/2016 08:18:25 PM) (Source: DCOM) (EventID: 10010) (User: OWNER)
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}
 
Error: (07/28/2016 08:17:52 PM) (Source: DCOM) (EventID: 10010) (User: OWNER)
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}
 
Error: (07/28/2016 08:17:20 PM) (Source: DCOM) (EventID: 10010) (User: OWNER)
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}
 
Error: (07/28/2016 08:15:20 PM) (Source: DCOM) (EventID: 10010) (User: OWNER)
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}
 
Error: (07/28/2016 08:13:20 PM) (Source: DCOM) (EventID: 10010) (User: OWNER)
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}
 
Error: (07/28/2016 08:12:47 PM) (Source: DCOM) (EventID: 10010) (User: OWNER)
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}
 
Error: (07/28/2016 08:10:47 PM) (Source: DCOM) (EventID: 10010) (User: OWNER)
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}
 
Error: (07/28/2016 08:10:15 PM) (Source: DCOM) (EventID: 10010) (User: OWNER)
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}
 
Error: (07/28/2016 08:09:39 PM) (Source: DCOM) (EventID: 10010) (User: OWNER)
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}
 
Error: (07/28/2016 08:08:16 PM) (Source: DCOM) (EventID: 10010) (User: OWNER)
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}
 
 
CodeIntegrity:
===================================
  Date: 2016-06-26 22:10:26.326
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:26.125
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:25.923
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:25.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:25.502
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:25.088
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:24.879
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:24.647
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:03.681
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 22:10:03.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3635QM CPU @ 2.40GHz
Percentage of memory in use: 88%
Total physical RAM: 8078.8 MB
Available physical RAM: 936.08 MB
Total Virtual: 17294.8 MB
Available Virtual: 6267.1 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.25 GB) (Free:23.65 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
***************************SAME FILE YOU HAD SENT ME, was I supposed to press fix again on frs app?
Start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction - Chrome <======= ATTENTION
Tcpip\..\Interfaces\{BD44EB3C-D327-453D-9CFA-F95AD0D73CEE}: [DhcpNameServer] 168.94.0.14 168.94.0.15
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll => No File
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll => No File
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll No File
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll No File
Toolbar: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
CHR Extension: (OneTab) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-26]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
S2 PwmSvc; "C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
S3 SBIOSIO; \??\C:\Users\User\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
2016-07-09 20:58 - 2016-07-12 10:42 - 834007040 _____ C:\Users\User\Downloads\Unconfirmed 26002.crdownload
2016-06-26 22:22 - 2016-06-26 18:37 - 00018432 _____ C:\Users\User\Downloads\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage
2016-06-26 22:22 - 2016-06-26 18:37 - 00018432 _____ C:\Users\User\Desktop\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage
2016-06-26 22:22 - 2016-06-26 18:37 - 00000000 _____ C:\Users\User\Downloads\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal
2016-06-26 22:22 - 2016-06-26 18:37 - 00000000 _____ C:\Users\User\Desktop\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal
2015-07-18 14:14 - 2015-07-18 14:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\User\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\User\AppData\Local\Temp\OfficeSetup.exe
C:\Users\User\AppData\Local\Temp\proxy_vole8658733503972905890.dll
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {CCED6FF9-1B2D-40A7-B4FF-B0D6CB436C06} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\Users\User\Desktop\CKScanner.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\advisorinstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\CKScanner.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\msert.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\SandboxieInstall.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\Windows-KB890830-x64-V5.37.exe:BDU [0]
Hosts:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
 
 

Edited by andydude00, 28 July 2016 - 06:24 PM.

  • 0

#13
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
Folder: c:\FRST\Quarantine
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.  And go to the C;\FRST\Logs folder and attach all files that Start with Fixlog (for example Fixlog_23-02-2016_08-51-21.txt).

 

Also, do you still need the feedly and onetab links restored?
 


  • 0

#14
andydude00

andydude00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by User (2016-08-02 17:13:25) Run:3
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
Folder: c:\FRST\Quarantine
end
*****************
 
 
========================= Folder: c:\FRST\Quarantine ========================
 
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\ProgramData
2015-07-18 14:14 - 2015-07-18 14:14 - 0000000 _____ () c:\FRST\Quarantine\C\ProgramData\DP45977C.lfl.xBAD
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\Users
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions
2015-03-29 18:42 - 2015-11-11 21:42 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0
2015-10-30 21:33 - 2015-10-30 21:33 - 0006707 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png
2015-10-30 21:33 - 2015-10-30 21:33 - 0001004 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar
2015-10-30 21:33 - 2015-10-30 21:33 - 0000278 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg
2015-10-30 21:33 - 2015-10-30 21:33 - 0000319 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca
2015-10-30 21:33 - 2015-10-30 21:33 - 0000265 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs
2015-10-30 21:33 - 2015-10-30 21:33 - 0000259 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da
2015-10-30 21:33 - 2015-10-30 21:33 - 0000243 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de
2015-10-30 21:33 - 2015-10-30 21:33 - 0000256 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el
2015-10-30 21:33 - 2015-10-30 21:33 - 0000329 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB
2015-10-30 21:33 - 2015-10-30 21:33 - 0000249 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US
2015-10-30 21:33 - 2015-10-30 21:33 - 0000249 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es
2015-10-30 21:33 - 2015-10-30 21:33 - 0000259 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419
2015-10-30 21:33 - 2015-10-30 21:33 - 0000259 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et
2015-10-30 21:33 - 2015-10-30 21:33 - 0000251 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu
2015-10-30 21:33 - 2015-10-20 07:50 - 0000243 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi
2015-10-30 21:33 - 2015-10-30 21:33 - 0000257 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil
2015-10-30 21:33 - 2015-10-30 21:33 - 0000260 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr
2015-10-30 21:33 - 2015-10-30 21:33 - 0000252 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he
2015-10-30 21:33 - 2015-10-30 21:33 - 0000278 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi
2015-10-30 21:33 - 2015-10-30 21:33 - 0000345 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr
2015-10-30 21:33 - 2015-10-30 21:33 - 0000263 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu
2015-10-30 21:33 - 2015-10-30 21:33 - 0000264 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id
2015-10-30 21:33 - 2015-10-30 21:33 - 0000261 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it
2015-10-30 21:33 - 2015-10-30 21:33 - 0000258 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja
2015-10-30 21:33 - 2015-10-30 21:33 - 0000293 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko
2015-10-30 21:33 - 2015-10-30 21:33 - 0000281 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt
2015-10-30 21:33 - 2015-10-30 21:33 - 0000285 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv
2015-10-30 21:33 - 2015-10-30 21:33 - 0000258 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms
2015-10-30 21:33 - 2015-10-30 21:33 - 0000254 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl
2015-10-30 21:33 - 2015-10-30 21:33 - 0000242 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no
2015-10-30 21:33 - 2015-10-20 07:50 - 0000218 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl
2015-10-30 21:33 - 2015-10-30 21:33 - 0000257 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR
2015-10-30 21:33 - 2015-10-30 21:33 - 0000246 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT
2015-10-30 21:33 - 2015-10-30 21:33 - 0000264 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro
2015-10-30 21:33 - 2015-10-30 21:33 - 0000281 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru
2015-10-30 21:33 - 2015-10-30 21:33 - 0000338 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk
2015-10-30 21:33 - 2015-10-30 21:33 - 0000274 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl
2015-10-30 21:33 - 2015-10-30 21:33 - 0000268 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr
2015-10-30 21:33 - 2015-10-30 21:33 - 0000287 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv
2015-10-30 21:33 - 2015-10-30 21:33 - 0000253 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th
2015-10-30 21:33 - 2015-10-30 21:33 - 0000356 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr
2015-10-30 21:33 - 2015-10-30 21:33 - 0000270 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk
2015-10-30 21:33 - 2015-10-30 21:33 - 0000353 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi
2015-10-30 21:33 - 2015-10-30 21:33 - 0000279 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN
2015-10-30 21:33 - 2015-10-30 21:33 - 0000273 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW
2015-10-30 21:33 - 2015-10-30 21:33 - 0000267 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata
2015-10-30 21:33 - 2015-10-20 07:50 - 0011221 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json
2015-03-30 23:45 - 2016-06-26 19:09 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
2016-06-06 04:59 - 2016-06-26 19:13 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0
2016-06-06 04:59 - 2016-06-06 08:27 - 0032878 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\ext-onetab-concatenated-sources-background.js
2016-06-06 04:59 - 2016-06-06 08:27 - 0000447 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\ext-onetab-concatenated-sources-contentscript.js
2016-06-06 04:59 - 2016-06-06 08:27 - 0021873 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\ext-onetab-concatenated-sources-import.js
2016-06-06 04:59 - 2016-06-06 08:27 - 0041085 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\ext-onetab-concatenated-sources-onetab.js
2016-06-06 04:59 - 2016-06-06 08:27 - 0015258 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\ext-onetab-concatenated-sources-options.js
2016-06-25 01:31 - 2016-06-06 08:27 - 0001646 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\import-export.html
2016-06-25 01:31 - 2016-06-25 01:31 - 0001539 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\manifest.json
2016-06-25 01:31 - 2016-06-06 08:27 - 0001184 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\onetab.css
2016-06-25 01:31 - 2016-06-06 08:27 - 0001808 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\onetab.html
2016-06-25 01:31 - 2016-06-06 08:27 - 0002398 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\options.html
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ar
2016-06-25 01:31 - 2016-06-06 08:27 - 0001219 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ar\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0019764 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ar\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\cs
2016-06-25 01:31 - 2016-06-06 08:27 - 0000867 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\cs\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0017317 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\cs\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\da
2016-06-25 01:31 - 2016-06-06 08:27 - 0000716 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\da\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0016681 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\da\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\de
2016-06-25 01:31 - 2016-06-06 08:27 - 0000840 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\de\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0017064 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\de\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\en
2016-06-25 01:31 - 2016-06-06 08:27 - 0000807 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\en\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0016219 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\en\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\es
2016-06-25 01:31 - 2016-06-06 08:27 - 0000898 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\es\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0017284 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\es\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\es_419
2016-06-25 01:31 - 2016-06-06 08:27 - 0000814 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\es_419\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0017092 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\es_419\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\fi
2016-06-25 01:31 - 2016-06-06 08:27 - 0000795 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\fi\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0017296 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\fi\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\fr
2016-06-25 01:31 - 2016-06-06 08:27 - 0000948 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\fr\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0017410 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\fr\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\he
2016-06-25 01:31 - 2016-06-06 08:27 - 0001156 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\he\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0018795 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\he\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\hi
2016-06-25 01:31 - 2016-06-06 08:27 - 0002019 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\hi\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0022187 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\hi\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\hu
2016-06-25 01:31 - 2016-06-06 08:27 - 0000844 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\hu\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0017031 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\hu\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\id
2016-06-25 01:31 - 2016-06-06 08:27 - 0000819 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\id\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0016815 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\id\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\it
2016-06-25 01:31 - 2016-06-06 08:27 - 0000839 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\it\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0016970 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\it\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ja
2016-06-25 01:31 - 2016-06-06 08:27 - 0000873 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ja\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0018117 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ja\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ko
2016-06-25 01:31 - 2016-06-06 08:27 - 0000876 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ko\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0017082 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ko\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ms
2016-06-25 01:31 - 2016-06-06 08:27 - 0000870 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ms\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0016825 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ms\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\nb
2016-06-25 01:31 - 2016-06-06 08:27 - 0000657 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\nb\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0016649 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\nb\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\nl
2016-06-25 01:31 - 2016-06-06 08:27 - 0000835 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\nl\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0017152 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\nl\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\pl
2016-06-25 01:31 - 2016-06-06 08:27 - 0000763 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\pl\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0016913 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\pl\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\pt_BR
2016-06-25 01:31 - 2016-06-06 08:27 - 0000872 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\pt_BR\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0016972 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\pt_BR\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\pt_PT
2016-06-25 01:31 - 2016-06-06 08:27 - 0000871 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\pt_PT\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0017254 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\pt_PT\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ro
2016-06-25 01:31 - 2016-06-06 08:27 - 0000848 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ro\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0017159 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ro\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ru
2016-06-25 01:31 - 2016-06-06 08:27 - 0001473 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ru\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0019877 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\ru\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\sk
2016-06-25 01:31 - 2016-06-06 08:27 - 0000911 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\sk\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0017385 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\sk\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\sv
2016-06-25 01:31 - 2016-06-06 08:27 - 0000807 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\sv\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0016738 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\sv\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\th
2016-06-25 01:31 - 2016-06-06 08:27 - 0002005 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\th\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0022068 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\th\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\tr
2016-06-25 01:31 - 2016-06-06 08:27 - 0000865 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\tr\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0017317 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\tr\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\vi
2016-06-25 01:31 - 2016-06-06 08:27 - 0001095 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\vi\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0017761 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\vi\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\zh_CN
2016-06-25 01:31 - 2016-06-06 08:27 - 0000687 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\zh_CN\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0016319 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\zh_CN\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\zh_TW
2016-06-25 01:31 - 2016-06-06 08:27 - 0000669 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\zh_TW\description_from_webstore.txt
2016-06-25 01:31 - 2016-06-25 01:31 - 0016160 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_locales\zh_TW\messages.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_metadata
2016-06-25 01:31 - 2016-06-25 01:31 - 0013078 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_metadata\computed_hashes.json
2016-06-25 01:31 - 2016-06-06 08:27 - 0016561 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\_metadata\verified_contents.json
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\fonts
2016-06-25 01:31 - 2016-06-06 08:27 - 0063564 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\fonts\OpenSans-Bold-webfont.woff
2016-06-25 01:31 - 2016-06-06 08:27 - 0076104 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\fonts\OpenSans-Italic-webfont.woff
2016-06-25 01:31 - 2016-06-06 08:27 - 0062844 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\fonts\OpenSans-Light-webfont.woff
2016-06-25 01:31 - 2016-06-06 08:27 - 0084928 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\fonts\OpenSans-Regular-webfont.woff
2016-06-25 01:31 - 2016-06-06 08:27 - 0064388 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\fonts\OpenSans-Semibold-webfont.woff
2016-06-25 01:31 - 2016-06-25 01:31 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images
2016-06-25 01:31 - 2016-06-06 08:27 - 0002644 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images\checkboxradiosprite.png
2016-06-25 01:31 - 2016-06-06 08:27 - 0001886 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images\cross.png
2016-06-25 01:31 - 2016-06-25 01:31 - 0015636 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images\extension-icon128.png
2016-06-25 01:31 - 2016-06-25 01:31 - 0000754 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images\extension-icon16.png
2016-06-25 01:31 - 2016-06-25 01:31 - 0003674 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images\extension-icon48.png
2016-06-25 01:31 - 2016-06-06 08:27 - 0006555 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images\extension-icon64.png
2016-06-25 01:31 - 2016-06-25 01:31 - 0000971 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images\icon19.png
2016-06-25 01:31 - 2016-06-25 01:31 - 0002566 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images\icon38.png
2016-06-25 01:31 - 2016-06-06 08:27 - 0001628 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images\lock.png
2016-06-25 01:31 - 2016-06-06 08:27 - 0001845 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images\star.png
2016-06-25 01:31 - 2016-06-06 08:27 - 0034978 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images\top-left-logo.png
2016-06-25 01:31 - 2016-06-06 08:27 - 0034969 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images\top-left-logo-rtl.png
2016-06-25 01:31 - 2016-06-06 08:27 - 0003096 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images\twister-closed.png
2016-06-25 01:31 - 2016-06-06 08:27 - 0003147 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images\twister-closed-rtl.png
2016-06-25 01:31 - 2016-06-06 08:27 - 0003174 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.17_0\images\twister-open.png
2015-03-29 18:42 - 2015-11-11 21:42 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0
2015-10-30 21:33 - 2015-10-30 21:33 - 0005892 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\128.png
2015-10-30 21:33 - 2015-10-30 21:33 - 0000577 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\16.png
2015-10-30 21:33 - 2015-10-30 21:33 - 0001350 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\32.png
2015-10-30 21:33 - 2015-10-30 21:33 - 0002099 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\48.png
2015-10-30 21:33 - 2015-10-30 21:33 - 0000817 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\manifest.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\ar
2015-10-30 21:33 - 2015-10-30 21:33 - 0000327 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\ar\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\bg
2015-10-30 21:33 - 2015-10-30 21:33 - 0000359 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\bg\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\ca
2015-10-30 21:33 - 2015-10-30 21:33 - 0000322 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\ca\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\cs
2015-10-30 21:33 - 2015-10-30 21:33 - 0000331 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\cs\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\da
2015-10-30 21:33 - 2015-10-30 21:33 - 0000316 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\da\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\de
2015-10-30 21:33 - 2015-10-30 21:33 - 0000307 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\de\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\el
2015-10-30 21:33 - 2015-10-30 21:33 - 0000377 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\el\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\en
2015-10-30 21:33 - 2015-10-30 21:33 - 0000314 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\en\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\en_GB
2015-10-30 21:33 - 2015-10-30 21:33 - 0000314 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\en_GB\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\en_US
2015-10-30 21:33 - 2015-10-30 21:33 - 0000314 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\en_US\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\es
2015-10-30 21:33 - 2015-10-30 21:33 - 0000328 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\es\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\es_419
2015-10-30 21:33 - 2015-10-30 21:33 - 0000329 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\es_419\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\et
2015-10-30 21:33 - 2015-10-30 21:33 - 0000314 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\et\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\fi
2015-10-30 21:33 - 2015-10-30 21:33 - 0000305 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\fi\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\fil
2015-10-30 21:33 - 2015-10-30 21:33 - 0000337 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\fil\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\fr
2015-10-30 21:33 - 2015-10-30 21:33 - 0000325 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\fr\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\he
2015-10-30 21:33 - 2015-10-30 21:33 - 0000343 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\he\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\hi
2015-10-30 21:33 - 2015-10-30 21:33 - 0000317 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\hi\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\hr
2015-10-30 21:33 - 2015-10-30 21:33 - 0000324 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\hr\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\hu
2015-10-30 21:33 - 2015-10-30 21:33 - 0000324 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\hu\messages.json
2015-10-30 21:33 - 2015-10-30 21:33 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_metadata
2015-10-30 21:33 - 2015-10-26 09:46 - 0006138 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_metadata\verified_contents.json
2015-04-03 22:24 - 2015-04-03 22:24 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
2015-04-03 22:24 - 2015-04-03 22:24 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0
2015-04-03 22:24 - 2014-09-30 21:40 - 0001588 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\background.js
2015-04-03 22:24 - 2015-04-03 22:24 - 0001116 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\manifest.json
2015-04-03 22:24 - 2015-04-03 22:24 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\_metadata
2015-04-03 22:24 - 2015-04-03 22:24 - 0000136 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\_metadata\computed_hashes.json
2015-04-03 22:24 - 2014-09-30 21:40 - 0001885 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\_metadata\verified_contents.json
2015-04-03 22:24 - 2015-04-03 22:24 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\images
2015-04-03 22:24 - 2015-04-03 22:24 - 0000630 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\images\drive-sync16.png
2015-04-03 22:24 - 2015-04-03 22:24 - 0021142 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\images\drive-sync256.png
2015-04-03 22:24 - 2015-04-03 22:24 - 0003697 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\images\drive-sync64.png
2015-03-29 18:42 - 2016-04-21 01:21 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0
2016-04-01 19:57 - 2016-04-01 11:10 - 0193368 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\craw_background.js
2016-04-01 19:57 - 2016-04-01 11:10 - 0223759 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\craw_window.js
2016-04-01 19:57 - 2016-04-01 19:57 - 0001322 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\manifest.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\bg
2016-04-01 19:57 - 2016-04-01 19:57 - 0000886 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\bg\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ca
2016-04-01 19:57 - 2016-04-01 19:57 - 0000705 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ca\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\cs
2016-04-01 19:57 - 2016-04-01 19:57 - 0000663 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\cs\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\da
2016-04-01 19:57 - 2016-04-01 19:57 - 0000642 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\da\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\de
2016-04-01 19:57 - 2016-04-01 19:57 - 0000701 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\de\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\el
2016-04-01 19:57 - 2016-04-01 19:57 - 0000875 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\el\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en
2016-04-01 19:57 - 2016-04-01 19:57 - 0000617 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB
2016-04-01 19:57 - 2016-04-01 19:57 - 0000617 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es
2016-04-01 19:57 - 2016-04-01 19:57 - 0000696 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419
2016-04-01 19:57 - 2016-04-01 19:57 - 0000667 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\et
2016-04-01 19:57 - 2016-04-01 19:57 - 0000609 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\et\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fi
2016-04-01 19:57 - 2016-04-01 19:57 - 0000673 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fi\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil
2016-04-01 19:57 - 2016-04-01 19:57 - 0000692 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fr
2016-04-01 19:57 - 2016-04-01 19:57 - 0000708 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fr\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hi
2016-04-01 19:57 - 2016-04-01 19:57 - 0000941 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hi\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hr
2016-04-01 19:57 - 2016-04-01 19:57 - 0000633 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hr\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hu
2016-04-01 19:57 - 2016-04-01 19:57 - 0000710 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hu\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\id
2016-04-01 19:57 - 2016-04-01 19:57 - 0000617 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\id\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\it
2016-04-01 19:57 - 2016-04-01 19:57 - 0000622 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\it\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ja
2016-04-01 19:57 - 2016-04-01 19:57 - 0000778 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ja\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ko
2016-04-01 19:57 - 2016-04-01 19:57 - 0000669 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ko\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lt
2016-04-01 19:57 - 2016-04-01 19:57 - 0000686 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lt\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lv
2016-04-01 19:57 - 2016-04-01 19:57 - 0000699 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lv\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nb
2016-04-01 19:57 - 2016-04-01 19:57 - 0000644 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nb\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nl
2016-04-01 19:57 - 2016-04-01 19:57 - 0000642 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nl\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pl
2016-04-01 19:57 - 2016-04-01 19:57 - 0000666 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pl\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR
2016-04-01 19:57 - 2016-04-01 19:57 - 0000667 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT
2016-04-01 19:57 - 2016-04-01 19:57 - 0000661 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ro
2016-04-01 19:57 - 2016-04-01 19:57 - 0000668 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ro\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ru
2016-04-01 19:57 - 2016-04-01 19:57 - 0000783 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ru\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sk
2016-04-01 19:57 - 2016-04-01 19:57 - 0000671 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sk\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sl
2016-04-01 19:57 - 2016-04-01 19:57 - 0000642 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sl\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sr
2016-04-01 19:57 - 2016-04-01 19:57 - 0000814 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sr\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sv
2016-04-01 19:57 - 2016-04-01 19:57 - 0000649 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sv\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\th
2016-04-01 19:57 - 2016-04-01 19:57 - 0001099 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\th\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\tr
2016-04-01 19:57 - 2016-04-01 19:57 - 0000650 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\tr\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\uk
2016-04-01 19:57 - 2016-04-01 19:57 - 0000789 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\uk\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\vi
2016-04-01 19:57 - 2016-04-01 19:57 - 0000720 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\vi\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN
2016-04-01 19:57 - 2016-04-01 19:57 - 0000595 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW
2016-04-01 19:57 - 2016-04-01 19:57 - 0000640 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW\messages.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_metadata
2016-04-01 19:57 - 2016-04-01 10:58 - 0011770 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_metadata\verified_contents.json
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\css
2016-04-01 19:57 - 2013-10-07 12:22 - 0001741 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\css\craw_window.css
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\html
2016-04-01 19:57 - 2013-08-07 13:33 - 0000810 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\html\craw_window.html
2016-04-01 19:57 - 2016-04-01 19:57 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images
2016-04-01 19:57 - 2013-08-07 13:33 - 0070364 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\flapper.gif
2016-04-01 19:57 - 2016-04-01 19:57 - 0004361 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\icon_128.png
2016-04-01 19:57 - 2016-04-01 19:57 - 0000556 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\icon_16.png
2016-04-01 19:57 - 2013-08-07 13:33 - 0000160 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button.png
2016-04-01 19:57 - 2013-08-07 13:33 - 0000252 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_close.png
2016-04-01 19:57 - 2013-08-07 13:33 - 0000160 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_hover.png
2016-04-01 19:57 - 2013-08-07 13:33 - 0000166 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_maximize.png
2016-04-01 19:57 - 2013-08-07 13:33 - 0000160 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_pressed.png
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\AppData\Local\Temp
2016-07-21 13:40 - 2016-07-21 13:40 - 0741440 _____ (Oracle Corporation) c:\FRST\Quarantine\C\Users\User\AppData\Local\Temp\jre-8u101-windows-au.exe.xBAD
2015-03-28 14:57 - 2012-11-23 11:51 - 0543832 _____ (Microsoft Corporation) c:\FRST\Quarantine\C\Users\User\AppData\Local\Temp\OfficeSetup.exe.xBAD
2016-06-12 03:01 - 2016-06-12 03:01 - 0040448 _____ () c:\FRST\Quarantine\C\Users\User\AppData\Local\Temp\proxy_vole8658733503972905890.dll.xBAD
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\Desktop
2016-06-26 22:22 - 2016-06-26 18:37 - 0018432 _____ () c:\FRST\Quarantine\C\Users\User\Desktop\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage.xBAD
2016-06-26 22:22 - 2016-06-26 18:37 - 0000000 _____ () c:\FRST\Quarantine\C\Users\User\Desktop\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal.xBAD
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\Users\User\Downloads
2016-06-26 22:22 - 2016-06-26 18:37 - 0018432 _____ () c:\FRST\Quarantine\C\Users\User\Downloads\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage.xBAD
2016-06-26 22:22 - 2016-06-26 18:37 - 0000000 _____ () c:\FRST\Quarantine\C\Users\User\Downloads\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal.xBAD
2016-07-09 20:58 - 2016-07-12 10:42 - 834007040 _____ () c:\FRST\Quarantine\C\Users\User\Downloads\Unconfirmed 26002.crdownload.xBAD
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\WINDOWS
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\WINDOWS\system32
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\WINDOWS\system32\Drivers
2016-07-27 17:13 - 2016-07-27 17:19 - 0000000 ____D () c:\FRST\Quarantine\C\WINDOWS\system32\Drivers\etc
2013-08-22 09:25 - 2016-07-27 17:18 - 0000035 _____ () c:\FRST\Quarantine\C\WINDOWS\system32\Drivers\etc\hosts.xBAD
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\WINDOWS\system32\GroupPolicy
2015-03-21 10:31 - 2016-06-29 01:13 - 0000165 _____ () c:\FRST\Quarantine\C\WINDOWS\system32\GroupPolicy\GPT.ini.xBAD
2015-03-21 10:31 - 2016-06-26 19:13 - 0000000 ____D () c:\FRST\Quarantine\C\WINDOWS\system32\GroupPolicy\Machine
2015-03-21 10:31 - 2016-06-29 01:13 - 0040812 _____ () c:\FRST\Quarantine\C\WINDOWS\system32\GroupPolicy\Machine\Registry.pol
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\WINDOWS\system32\Tasks
2015-03-21 10:30 - 2015-07-18 14:09 - 0003540 _____ () c:\FRST\Quarantine\C\WINDOWS\system32\Tasks\Trend Micro Inspect of Platinum.xBAD
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\WINDOWS\SysWOW64
2016-07-27 17:13 - 2016-07-27 17:13 - 0000000 ____D () c:\FRST\Quarantine\C\WINDOWS\SysWOW64\GroupPolicy
2016-06-29 01:12 - 2016-06-29 01:13 - 0000011 _____ () c:\FRST\Quarantine\C\WINDOWS\SysWOW64\GroupPolicy\GPT.ini.xBAD
 
====== End of Folder: ======
 
 
==== End of Fixlog 17:13:27 ====
 
 
Yes I still need the onetab and feedly links restored, how do i do that? Thank you so much for your help so far!

  • 0

#15
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

This should return the OneTab in Chrome.  Please let me know the results.  And please post the Fixlog I have asked for along with the one that this will make.

 

Download the attached fixlist.txt file and save it to the Desktop.   Attached File  Fixlist.txt   262bytes   217 downloads

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpslenkmnr9.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 


  • 0






Similar Topics


Also tagged with one or more of these keywords: chrome, trojan, virus, popup, spam, x64, windows 8.1, browser virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP