Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by BPV (administrator) on BPV-ASUS-LAPTOP on 02-02-2015 14:19:08 Running from D:\Docs_and_Settings\Public\BriTechGuy\Toolbox\Carry_With_Programs\Farbar_Recovery_Scan_Tool Loaded Profiles: BPV (Available profiles: BPV & JBH) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (Microsoft Corporation) C:\Windows\System32\CISVC.EXE (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (ASUSTeK Computer Inc.) C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Realtek) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe () C:\Windows\runSW.exe (Realtek) C:\Windows\SwUSB.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe (ATK) C:\Program Files\P4G\BatteryLife.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files\Everything\Everything.exe (SoftPerfect Research) C:\Program Files\NetWorx\networx.exe (Flux Software LLC) C:\Users\BPV\AppData\Local\FluxSoftware\Flux\flux.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (ASUS) C:\Windows\AsScrPro.exe (Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Farbar) D:\Docs_and_Settings\Public\BriTechGuy\Toolbox\Carry_With_Programs\Farbar_Recovery_Scan_Tool\FRST_Win64-bit.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [617856 2011-05-17] (ELAN Microelectronic Corp.) HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] () HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6589136 2014-10-01] (SoftPerfect Research) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244096 2009-07-12] (VIA) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS) HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3700817450-263443993-1340972289-1001\...\Run: [f.lux] => C:\Users\BPV\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) ShellIconOverlayIdentifiers: [VsmSoftware 6D Icon Overlay Handler ()] -> {3C11C057-9126-4936-84D5-242D07AE8CBF} => C:\Program Files (x86)\VSMSoftware\6DEmbroidery\Explorer\VsmPreviewThumbnailHandler-x64.dll () ShellIconOverlayIdentifiers: [VsmSoftware 6D Icon Overlay Handler (.4qb)] -> {E2911E4C-AABC-440A-9377-BF98849B1C28} => C:\Program Files (x86)\VSMSoftware\6DEmbroidery\Explorer\VsmPreviewThumbnailHandler-x64.dll () ShellIconOverlayIdentifiers: [VsmSoftware 6D Icon Overlay Handler (.edo)] -> {AC3DFCF4-53CB-415B-B60B-AB3810FF5C8B} => C:\Program Files (x86)\VSMSoftware\6DEmbroidery\Explorer\VsmPreviewThumbnailHandler-x64.dll () ShellIconOverlayIdentifiers: [VsmSoftware 6D Icon Overlay Handler (.krz)] -> {78F54063-BA0F-405E-AEF2-566254F7CB17} => C:\Program Files (x86)\VSMSoftware\6DEmbroidery\Explorer\VsmPreviewThumbnailHandler-x64.dll () ShellIconOverlayIdentifiers-x32: [VsmSoftware 6D Icon Overlay Handler ()] -> {3C11C057-9126-4936-84D5-242D07AE8CBF} => C:\Program Files (x86)\VSMSoftware\6DEmbroidery\Explorer\VsmPreviewThumbnailHandler.dll () ShellIconOverlayIdentifiers-x32: [VsmSoftware 6D Icon Overlay Handler (.4qb)] -> {E2911E4C-AABC-440A-9377-BF98849B1C28} => C:\Program Files (x86)\VSMSoftware\6DEmbroidery\Explorer\VsmPreviewThumbnailHandler.dll () ShellIconOverlayIdentifiers-x32: [VsmSoftware 6D Icon Overlay Handler (.edo)] -> {AC3DFCF4-53CB-415B-B60B-AB3810FF5C8B} => C:\Program Files (x86)\VSMSoftware\6DEmbroidery\Explorer\VsmPreviewThumbnailHandler.dll () ShellIconOverlayIdentifiers-x32: [VsmSoftware 6D Icon Overlay Handler (.krz)] -> {78F54063-BA0F-405E-AEF2-566254F7CB17} => C:\Program Files (x86)\VSMSoftware\6DEmbroidery\Explorer\VsmPreviewThumbnailHandler.dll () BootExecute: autocheck autochk * sdnclean64.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3700817450-263443993-1340972289-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.google.com/ HKU\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Toolbar: HKU\S-1-5-21-3700817450-263443993-1340972289-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Toolbar: HKU\S-1-5-21-3700817450-263443993-1340972289-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab DPF: HKLM-x32 {1AFE081F-EE99-4CB6-9C8F-3487CCE9A5EC} http://www.bentleytechinfo.com/BY00175_BSI_Web/BY00175_ClassicASP/web_assist_v1/bin/ASC_Viewer.ocx DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\xpk2876a.default-1376838705123 FF DefaultSearchEngine: DuckDuckGo FF SelectedSearchEngine: DuckDuckGo FF Homepage: hxxp://gmail.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3700817450-263443993-1340972289-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-3700817450-263443993-1340972289-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\BPV\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-3700817450-263443993-1340972289-1001: @talk.google.com/O1DPlugin -> C:\Users\BPV\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-3700817450-263443993-1340972289-1001: @tools.google.com/Google Update;version=3 -> C:\Users\BPV\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3700817450-263443993-1340972289-1001: @tools.google.com/Google Update;version=9 -> C:\Users\BPV\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\BPV\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\BPV\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\BPV\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\xpk2876a.default-1376838705123\searchplugins\duckduckgo.xml FF Extension: HTTPS-Everywhere - C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\xpk2876a.default-1376838705123\Extensions\https-everywhere@eff.org [2015-01-23] FF Extension: selectivecookiedelete - C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\xpk2876a.default-1376838705123\Extensions\selectivecookiedelete@siju.mathew [2013-09-03] FF Extension: ColorfulTabs - C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\xpk2876a.default-1376838705123\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2015-01-27] FF Extension: Classic Theme Restorer - C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\xpk2876a.default-1376838705123\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-10] FF Extension: Ghostery - C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\xpk2876a.default-1376838705123\Extensions\firefox@ghostery.com.xpi [2013-08-18] FF Extension: Lightbeam - C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\xpk2876a.default-1376838705123\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-08-20] FF Extension: shootthecookies - C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\xpk2876a.default-1376838705123\Extensions\jid1-mQ10SRFkEtY0ig@jetpack.xpi [2014-11-19] FF Extension: Nuvola - C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\xpk2876a.default-1376838705123\Extensions\NuvolaFF@paenglab.ch.xpi [2014-06-30] FF Extension: Adblock Plus - C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\xpk2876a.default-1376838705123\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-18] Chrome: ======= CHR DefaultSearchKeyword: Profile 1 -> duckduckgo.com CHR DefaultSearchURL: Profile 1 -> https://duckduckgo.com/?q={searchTerms} CHR DefaultSuggestURL: Profile 1 -> CHR Profile: C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Drive) - C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-13] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03] CHR Extension: (Google Cast) - C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-02-01] CHR Extension: (Adblock Plus) - C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-31] CHR Extension: (HTTPS Everywhere) - C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-12-06] CHR Extension: (Yonge Street III) - C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ibjdellibnanfinldjmnleebghlkkmhj [2014-01-31] CHR Extension: (SHOOT THE COOKIES by McVitie's) - C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kncmenofbblgepfgjbcbieddnkcooemk [2014-06-20] CHR Extension: (Hangouts) - C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-01-27] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-13] CHR Extension: (Ghostery) - C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-01-31] CHR Extension: (Google Wallet) - C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-08] CHR HKU\S-1-5-21-3700817450-263443993-1340972289-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\BPV\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-13] CHR HKU\S-1-5-21-3700817450-263443993-1340972289-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path Opera: ======= OPR Extension: (Ghostery) - C:\Users\BPV\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2014-05-07] OPR Extension: (DuckDuckGo for Opera) - C:\Users\BPV\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfbekbndggmbdkfhjandenfihkdkndil [2014-05-07] OPR Extension: (HTTPS Everywhere) - C:\Users\BPV\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2014-05-07] OPR Extension: (SingleClick Cleaner) - C:\Users\BPV\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpngheackobblplgchdmjiflbfokmoen [2014-05-07] OPR Extension: (Adblock Plus) - C:\Users\BPV\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-05-07] OPR Extension: (Edit This Cookie) - C:\Users\BPV\AppData\Roaming\Opera Software\Opera Stable\Extensions\ppmhhincfabcahokokgpdcckmjghpian [2014-05-07] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed] R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.) [File not signed] R2 FastBootAgent; C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [306232 2009-07-23] (ASUSTeK Computer Inc.) R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.) R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.) R2 RealtekWlanU; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [48856 2014-05-19] (Realtek) S2 RTLDHCPService; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-04-23] (Realtek) R2 RunSwUSB; C:\Windows\runSW.exe [36864 2014-04-15] () [File not signed] R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Ai2Chroniker; C:\Windows\System32\DRIVERS\Ai2Chroniker.sys [12872 2011-01-26] (Ai Squared ) S3 Ai2Mmpd; C:\Windows\System32\DRIVERS\Ai2Mmpd.sys [11848 2011-01-26] (Ai Squared ) R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] () S3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [692736 2009-10-29] (PixArt Imaging Incorporation) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R1 NetworkX; C:\Windows\system32\ckldrv.sys [27904 2007-05-17] () R1 networx; C:\Windows\System32\drivers\networx.sys [60408 2014-08-01] (NetFilterSDK.com) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.) S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-11] (Realtek Semiconductor Corporation ) [File not signed] R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3591384 2014-10-13] (Realtek Semiconductor Corporation ) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-06] () S3 VsmRWDriver; C:\Windows\System32\DRIVERS\VsmRWDriver.sys [14848 2008-03-27] (VSM Group AB) S3 Andbus; system32\DRIVERS\lgandbus64.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X] S3 AndGps; system32\DRIVERS\lgandgps64.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X] S3 andnetadb; System32\Drivers\lgandnetadb.sys [X] S3 androidusb; System32\Drivers\lgandadb.sys [X] S3 DIRECTIO; \??\c:\BIT_TEMP\DirectIo.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 14:18 - 2015-02-02 14:19 - 00000000 ____D () C:\FRST 2015-02-02 14:12 - 2015-02-02 14:12 - 00001569 _____ () C:\Users\BPV\Desktop\JRT.txt 2015-02-02 13:16 - 2015-02-02 13:16 - 00000020 _____ () C:\Windows\”ô@ 2015-02-02 13:15 - 2015-02-02 13:50 - 00000000 ____D () C:\AdwCleaner 2015-02-02 12:22 - 2015-02-02 14:09 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2015-02-02 12:22 - 2015-02-02 12:22 - 00001009 _____ () C:\Users\JBH\Desktop\SpeedFan.lnk 2015-02-02 12:22 - 2015-02-02 12:22 - 00001009 _____ () C:\Users\BPV\Desktop\SpeedFan.lnk 2015-02-02 12:22 - 2015-02-02 12:22 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo 2015-02-02 12:20 - 2015-02-02 12:20 - 00000000 ____D () C:\Users\BPV\Desktop\New folder 2015-02-02 11:20 - 2015-02-02 11:20 - 00026671 _____ () C:\Users\BPV\Desktop\020215-32370-01.zip 2015-02-02 11:17 - 2015-02-02 11:17 - 586611759 _____ () C:\Windows\MEMORY.DMP 2015-02-02 11:17 - 2015-02-02 11:17 - 00277704 _____ () C:\Windows\Minidump\020215-32370-01.dmp 2015-02-02 11:12 - 2015-02-02 11:12 - 00012727 _____ () C:\Users\BPV\Desktop\System_Process_Snapshot4.TXT 2015-02-02 10:14 - 2015-02-02 10:14 - 00000109 _____ () C:\junk.txt 2015-02-02 00:08 - 2015-02-02 00:08 - 00013117 _____ () C:\Users\BPV\Desktop\System_Process_Snapshot3.TXT 2015-02-02 00:08 - 2015-02-02 00:08 - 00013079 _____ () C:\Users\BPV\Desktop\System_Process_Snapshot2.TXT 2015-02-01 20:01 - 2015-02-01 20:01 - 00002258 _____ () C:\Users\BPV\Desktop\procexp - Shortcut.lnk 2015-02-01 19:16 - 2015-02-02 13:52 - 00000744 _____ () C:\Windows\error.log 2015-02-01 19:16 - 2015-02-02 13:52 - 00000622 _____ () C:\Windows\PFRO.log 2015-02-01 19:16 - 2015-02-02 13:52 - 00000336 _____ () C:\Windows\setupact.log 2015-02-01 19:16 - 2015-02-01 19:16 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-01 18:05 - 2015-02-02 13:52 - 00004280 _____ () C:\Windows\runSW.log 2015-02-01 17:59 - 2015-02-01 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-02-01 17:43 - 2015-02-01 17:43 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-02-01 17:43 - 2015-02-01 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-02-01 17:43 - 2015-02-01 17:43 - 00000000 ____D () C:\Program Files\CCleaner 2015-02-01 16:23 - 2015-02-01 16:24 - 00000000 ____D () C:\MS-Indexing-Data 2015-02-01 15:09 - 2015-02-01 19:47 - 00008732 _____ () C:\VEW.txt 2015-02-01 13:53 - 2015-02-01 13:53 - 00013292 _____ () C:\Users\BPV\Desktop\BPV-ASUS_Baseline.TXT 2015-01-26 21:39 - 2015-01-30 18:29 - 00000000 ____D () C:\Users\BPV\AppData\Local\PDFCreator 2015-01-26 19:27 - 2015-01-26 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2015-01-26 19:26 - 2015-02-01 17:54 - 00000000 ____D () C:\Program Files\PDFCreator 2015-01-26 19:26 - 2015-01-22 16:14 - 00114872 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2015-01-26 16:31 - 2015-01-26 16:31 - 00000000 ____D () C:\Users\Default\AppData\Local\Google 2015-01-26 16:31 - 2015-01-26 16:31 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google 2015-01-22 19:36 - 2015-01-22 19:37 - 00922492 _____ () C:\Users\BPV\Desktop\Emtek_Lever_Set_as_Shipped.jpeg 2015-01-22 09:44 - 2015-01-22 09:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-22 09:44 - 2015-01-22 09:36 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-01-22 09:44 - 2015-01-22 09:36 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-01-20 19:59 - 2015-01-20 19:59 - 00000000 ____D () C:\Users\BPV\AppData\Local\Limbo_Software_Solutions 2015-01-19 22:33 - 2015-01-19 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2015-01-19 22:32 - 2015-01-19 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Kits 2015-01-19 22:17 - 2015-01-19 22:17 - 00000000 ____D () C:\Users\BPV\Downloads\Windows Kits 2015-01-16 23:04 - 2015-01-26 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-14 23:24 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 08:27 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 08:27 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 08:27 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 08:27 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 08:27 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 08:27 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 08:27 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 08:27 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 08:27 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 08:27 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 08:27 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 08:27 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 10:23 - 2015-01-13 17:23 - 00000000 ___RD () C:\Users\BPV\Google Drive 2015-01-13 10:23 - 2015-01-13 10:23 - 00001704 _____ () C:\Users\BPV\Desktop\Google Drive.lnk 2015-01-13 10:18 - 2015-01-26 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-01-12 18:57 - 2015-01-12 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK USB Wireless LAN Utility 2015-01-12 18:57 - 2015-01-12 18:57 - 00000000 ____D () C:\Program Files (x86)\Cisco 2015-01-12 18:56 - 2014-10-13 04:24 - 03591384 ____R (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys 2015-01-12 18:56 - 2012-02-14 19:37 - 00594432 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll 2015-01-12 18:55 - 2015-01-12 18:55 - 00000000 ____D () C:\Program Files (x86)\REALTEK 2015-01-12 18:55 - 2014-04-15 10:36 - 00036864 _____ () C:\Windows\runSW.exe 2015-01-12 18:55 - 2014-03-24 12:37 - 00422400 _____ (Realtek) C:\Windows\SwUSB.exe 2015-01-12 18:55 - 2010-12-01 09:31 - 00451072 _____ () C:\Windows\SysWOW64\ISSRemoveSP.exe 2015-01-12 18:55 - 2009-03-31 14:31 - 00380928 _____ (Realtek) C:\Windows\RtlUI2.exe 2015-01-12 18:55 - 2009-01-05 20:31 - 00000901 _____ () C:\Windows\RtlUI2.exe.manifest 2015-01-12 18:55 - 2008-07-01 12:31 - 00614400 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll 2015-01-12 18:55 - 2007-04-26 14:05 - 00100000 _____ () C:\Windows\SysWOW64\EAPPkt9x.VXD 2015-01-12 18:55 - 2001-09-26 11:03 - 00012981 _____ () C:\Windows\SysWOW64\REALPKT.VXD 2015-01-07 10:14 - 2015-01-07 10:14 - 00000000 ____D () C:\Users\BPV\Downloads\New folder 2015-01-06 11:50 - 2015-01-06 11:48 - 00450892 ____R () C:\Windows\system32\Drivers\etc\hosts.20150106-115048.backup 2015-01-06 11:48 - 2015-01-06 11:45 - 00450892 ____R () C:\Windows\system32\Drivers\etc\hosts.20150106-114827.backup 2015-01-06 11:37 - 2015-01-06 11:37 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-01-06 11:37 - 2015-01-06 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-01-06 11:37 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2015-01-06 11:21 - 2015-02-02 13:58 - 01425610 _____ () C:\Windows\WindowsUpdate.log 2015-01-04 19:17 - 2015-01-04 19:18 - 00000000 ____D () C:\Users\BPV\AppData\Local\Zimbra 2015-01-04 19:14 - 2015-01-04 19:14 - 00000000 ____D () C:\Program Files (x86)\Zimbra ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 14:00 - 2014-08-12 09:35 - 00000000 ____D () C:\Users\BPV\AppData\Roaming\Everything 2015-02-02 14:00 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-02 14:00 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-02 13:52 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-02 13:18 - 2014-03-16 17:07 - 00000000 ____D () C:\Users\BPV\AppData\Local\Windows Live 2015-02-02 13:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-02-02 13:16 - 2012-03-16 21:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2015-02-02 13:08 - 2009-07-14 00:13 - 00797446 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-02 12:52 - 2013-07-23 12:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-02 12:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration 2015-02-02 11:25 - 2014-12-31 10:05 - 00000000 ____D () C:\Users\BPV\Desktop\Temporary_Use_Images 2015-02-02 11:23 - 2011-09-16 15:59 - 00000000 ____D () C:\Users\JBH 2015-02-02 11:17 - 2011-05-15 16:00 - 00000000 ____D () C:\Windows\Minidump 2015-02-02 10:13 - 2014-06-09 13:52 - 00000000 ____D () C:\Users\BPV\AppData\Local\Garmin 2015-02-02 10:13 - 2014-06-09 13:49 - 00000000 ____D () C:\ProgramData\Garmin 2015-02-02 10:13 - 2014-02-14 22:05 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-02 10:13 - 2013-07-03 10:33 - 00000000 ____D () C:\Users\BPV\AppData\Roaming\Garmin 2015-02-02 10:13 - 2013-07-03 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-02-02 10:13 - 2013-07-03 10:33 - 00000000 ____D () C:\Program Files (x86)\Garmin 2015-02-01 19:52 - 2014-12-23 16:50 - 00000000 ____D () C:\Program Files\Speccy 2015-02-01 17:59 - 2011-05-15 16:26 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-31 12:17 - 2010-01-01 23:21 - 00000052 _____ () C:\Windows\Ietis.ini 2015-01-30 10:06 - 2011-09-06 22:36 - 00000000 ____D () C:\Users\BPV\AppData\Local\PasswordSafe 2015-01-27 15:53 - 2014-08-07 11:08 - 00000000 ____D () C:\Users\BPV\AppData\Local\Canon Easy-PhotoPrint EX 2015-01-27 15:38 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2015-01-27 12:04 - 2014-06-03 16:41 - 00003842 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1399511886 2015-01-27 12:04 - 2014-05-07 20:18 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-01-26 20:55 - 2013-05-23 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-25 05:52 - 2013-07-23 12:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-25 05:52 - 2013-07-23 12:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-25 05:52 - 2013-07-23 12:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-23 13:44 - 2011-05-15 14:15 - 00000000 ____D () C:\Users\BPV 2015-01-22 09:45 - 2013-10-20 19:41 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-22 09:36 - 2014-08-04 17:04 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-01-22 09:36 - 2011-09-06 21:36 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-22 09:33 - 2011-05-15 15:12 - 00000000 ____D () C:\ProgramData\TEMP 2015-01-22 09:33 - 2011-05-15 15:12 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2015-01-22 09:31 - 2014-08-07 22:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-14 23:59 - 2012-03-16 21:12 - 00790060 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-14 23:47 - 2013-07-11 20:44 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 23:26 - 2011-05-15 15:33 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-13 10:18 - 2011-05-15 16:26 - 00000000 ____D () C:\Users\BPV\AppData\Local\Google 2015-01-12 18:55 - 2000-03-22 05:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-11 17:22 - 2013-07-23 12:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-06 11:50 - 2009-07-13 21:34 - 00450892 ____R () C:\Windows\system32\Drivers\etc\hosts.20150122-094124.backup 2015-01-06 11:37 - 2014-01-24 14:19 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-01-06 11:37 - 2011-05-15 15:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-01-06 11:10 - 2014-12-06 21:16 - 00000000 ____D () C:\Users\BPV\Desktop\Misc_PDFs 2015-01-06 11:07 - 2009-07-13 21:34 - 00450892 ____R () C:\Windows\system32\Drivers\etc\hosts.20150106-114551.backup 2015-01-06 10:47 - 2014-12-06 20:47 - 00000000 ____D () C:\Users\BPV\Desktop\Misc_Images 2015-01-06 04:36 - 2011-05-15 14:31 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-03 18:15 - 2011-05-16 17:38 - 00000000 ____D () C:\ProgramData\Microsoft Help ==================== Files in the root of some directories ======= 2007-06-12 12:34 - 2007-06-12 12:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico 2008-05-22 11:35 - 2008-05-22 11:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg 2009-04-08 13:31 - 2009-04-08 13:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll 2008-08-12 00:45 - 2008-08-12 00:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll 2011-05-15 16:02 - 2011-05-15 18:23 - 0000360 _____ () C:\Users\BPV\AppData\Roaming\WebThread.log 2012-04-06 18:05 - 2012-04-06 18:05 - 0007168 _____ () C:\Users\BPV\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-09 14:08 - 2014-07-09 14:08 - 0000036 _____ () C:\Users\BPV\AppData\Local\housecall.guid.cache 2014-08-25 10:23 - 2014-08-25 10:23 - 0004096 ____H () C:\Users\BPV\AppData\Local\keyfile3.drm 2012-01-06 15:17 - 2012-01-28 23:39 - 0088378 _____ () C:\Users\BPV\AppData\Local\RAContactHistory.xml 2014-12-07 16:37 - 2014-12-07 16:37 - 0000841 _____ () C:\Users\BPV\AppData\Local\recently-used.xbel 2014-05-19 16:25 - 2014-11-28 23:37 - 0007607 _____ () C:\Users\BPV\AppData\Local\Resmon.ResmonCfg Some content of TEMP: ==================== C:\Users\BPV\AppData\Local\Temp\procexp64.exe C:\Users\BPV\AppData\Local\Temp\Quarantine.exe C:\Users\BPV\AppData\Local\Temp\sfamcc00001.dll C:\Users\BPV\AppData\Local\Temp\sfareca00001.dll C:\Users\BPV\AppData\Local\Temp\sfextra.dll C:\Users\BPV\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 01:04 ==================== End Of Log ============================