Jump to content

Bookjunky

Honorary Members
  • Posts

    82
  • Joined

  • Last visited

Everything posted by Bookjunky

  1. This morning I had no extra tabs full of garbage. It was really very nice to see a clean screen. Thanks a ton for your patience and assistance.
  2. So far no more tabs popping open, I will report back tomorrow and let you know if things stay fixed. Right now it looks good and I am grateful for your assistance. You have no idea how annoying it got getting interrupted in the middle of a fight in a raid when I forgot to close chrome to prevent tabs popping open. This morning I had 22 stray garbage tabs that had opened overnight and I am expecting not to see any stray trash tomorrow the way it is going now.
  3. after I ran this the computer froze and I had to restart took a long time to be able to post this after it ran. mrt.log
  4. Got the first scan finished with the repair, it found nothing, neither did mbam.
  5. Gave up on the FRST here is what JRT came out with ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.0 (11.29.2014:1)OS: Windows 8.1 x64Ran by Pat on Thu 03/12/2015 at 11:12:20.09~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [Folder] C:\Users\Pat\AppData\Roaming\mozilla\firefox\profiles\upvm70ad.default\extensions\staged ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 03/12/2015 at 11:24:03.11End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  6. I tried again and I am not normally this stupid but I am really not getting a fixllist any where. I know I have done this before and done it successfully but that file is just not there.
  7. Is the fixlist.txt part of one of the other files? I have ran the darn thing 4 times now and there is just no file by that name.
  8. I may be too tired to be doing this but i cannot find a fixlisttxt file.
  9. I ran it a second time and FRST is not generating a fixlist.
  10. FRST did not generate a fix list for some reason even though it was checked running it again.
  11. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Pat at 2015-03-13 06:59:46 Running from C:\Users\Pat\Downloads\Installers Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ActiveState ActivePython 2.7.6.9 (32-bit) (HKLM-x32\...\{B6FB74C1-B37C-44BC-A1C7-38B8DB3FC996}) (Version: 2.7.9 - ActiveState Software Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Amazon Cloud Drive (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon) Amazon Cloud Player (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC) Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.239 - Amazon) AMD Catalyst Install Manager (HKLM\...\{A731A859-7426-DEB6-80A3-E6A2508DC85A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AmrAddonInstall (Version: 1.2.8.0 - Microsoft) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Mr. Robot (HKLM-x32\...\{86e39a0a-85dd-4d6f-b1cd-46d8208bd2e9}) (Version: 1.3.17.0 - Ask Mr. Robot) Ask Mr. Robot (Version: 1.3.17.0 - Ask Mr. Robot) Hidden Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1929380210.4759644.48.2147344384 - Audible, Inc.) Bandizip (HKLM\...\Bandizip) (Version: 5.05 - Bandisoft.com) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 17.28.0.1191 - Bitdefender) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) calibre 64bit (HKLM\...\{31ED17F1-B223-404B-9415-C31404A24CE9}) (Version: 2.16.0 - Kovid Goyal) CometBird 11.0 (x86 en-US) (HKLM-x32\...\CometBird 11.0 (x86 en-US)) (Version: 11.0 - CometNetwork) Curse Client (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dashlane (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Dashlane) (Version: 3.2.4.78888 - Dashlane SAS) Dropbox (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.) Easy Computer Sync (HKLM-x32\...\Easy Computer Sync) (Version: 2.0 - Bravura Software LLC) eReader (HKLM-x32\...\{ED8BB1CA-535A-408D-85C9-ED1986D2B85E}) (Version: - ) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote v. 5.4.1 (HKLM-x32\...\{A5F7DF42-F67D-11E3-B7EB-00163E98E7D6}) (Version: 5.4.1.3962 - Evernote Corp.) EverQuest (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\soe-EverQuest) (Version: 1.0.3.183 - Sony Online Entertainment) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.) Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.) Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com) ISO2Disc 1.05 (HKLM-x32\...\ISO2Disc_is1) (Version: - Top Password Software, Inc.) iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation) Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation) Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla) MTP Porting Kit (HKLM-x32\...\{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp) Nero MediaHome Free (HKLM-x32\...\{6CC8CA12-AD2B-4C07-B2C4-B32CDBF5F29D}) (Version: 15.0.01800 - Nero AG) NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA Miracast Virtual Audio 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OverDrive Media Console (HKLM-x32\...\{7326DA0C-C09B-491C-81FF-6DA12B2256BB}) (Version: 3.3.0 - OverDrive, Inc.) Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.) Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden Pharaoh (HKLM-x32\...\Pharaoh) (Version: - ) Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.) REDRAGON GAMING MOUSE version 1.1 (HKLM-x32\...\{6513799F-D2B9-4BEA-A76E-52249156A2B5}_is1) (Version: 1.1 - redragonzone) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.) VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WD Quick View (HKLM-x32\...\{63911503-7EA4-4685-B2FD-D391EF622FB9}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{34C6812E-E231-4B13-9DAC-21E06ECA864A}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.) Windows 8 Portable Device Enabling Kit for MTP - Tools, Version 8 (HKLM-x32\...\{F04FB07B-0C96-48F8-95BB-FF8CAD522D2F}) (Version: 1 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinZip (HKLM-x32\...\WinZip) (Version: 10.0 (6667) - WinZip Computing LP) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\Pat\AppData\Local\Bandizip\bdzshl64.dll (Bandisoft.com) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{ddef1ef4-9e08-4b76-9267-1b800cddf116}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Pat\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2014-04-18 02:01 - 00000867 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 d3oxij66pru1i3.cloudfront.net ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1BAB1A57-D423-4298-BA5F-DC1E1414CF39} - System32\Tasks\{0785AB04-54A7-4A38-968D-0AAB97F58706} => pcalua.exe -a "C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe" Task: {1FB941D5-8B93-4909-B45A-288FE1E66AA0} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3951261367-891674079-5071855-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {24416CEE-170F-4AD8-B01E-0D3FE696811E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11] (Google Inc.) Task: {3636007D-429D-48E0-8307-02C59202DA47} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {476185A3-1D79-44F9-AF08-B01C434A3B30} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-12] (Microsoft Corporation) Task: {4A9FBEB4-87D2-4DE6-ADE8-3713696E50C2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation) Task: {6A846E28-89DB-4CDA-8A1F-69B6A6063A78} - System32\Tasks\{68DE6CEC-BF3A-4188-AA4E-17A44EADF5A3} => pcalua.exe -a C:\Users\Pat\AppData\Local\Microsoft\Windows\Burn\Burn\Windows_Password_Key_Standard_trial.exe Task: {6E1721AC-8545-4A30-B0D2-8CDC4E7B1FCD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation) Task: {6F8185EA-BF45-4911-93AB-A316409DC4DF} - System32\Tasks\{9735F59D-DE47-4442-9B63-59C7ACDDEBA3} => pcalua.exe -a D:\ZToolBar.exe -d D:\ Task: {754F475B-25E7-4FB2-99C1-D73DC17C2F7B} - System32\Tasks\{E8C47BE1-F0CC-4BEA-A206-CFC603AF8716} => pcalua.exe -a C:\PROGRA~2\WSE_AS~1\\uninstall.exe Task: {7C98B129-8DAC-49AF-BAE9-D8181993C69F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BOOKJUNKYSDREAM-Pat BookjunkysDream => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation) Task: {93214BBB-7CFD-400A-81FA-9DCC2405DADC} - System32\Tasks\Bitdefender Autoscan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2014-08-13] (Bitdefender) Task: {9459F4CF-AC3F-4012-976E-F5D4BEB6602D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11] (Google Inc.) Task: {BAD60DBD-9393-435E-9006-C39724215A52} - System32\Tasks\{06C77BE4-ACA9-45AA-BF99-760806114F29} => pcalua.exe -a D:\udfrinst.exe -d D:\ -c autorun Task: {FB688180-3908-4255-9837-732F4363A14C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-10-13 10:45 - 2014-10-13 10:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll 2014-08-13 04:45 - 2014-08-13 04:45 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui 2014-06-24 14:33 - 2014-08-13 04:44 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui 2015-02-06 15:33 - 2015-02-06 15:33 - 00784712 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttpbr.mdl 2015-02-06 15:33 - 2015-02-06 15:33 - 00573544 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttpdsp.mdl 2015-02-06 15:33 - 2015-02-06 15:33 - 02657264 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttpph.mdl 2015-02-06 15:33 - 2015-02-06 15:33 - 01331648 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttprbl.mdl 2014-02-26 21:47 - 2015-02-05 15:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-08-06 12:24 - 2012-08-06 12:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-04-11 16:50 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-02-25 15:21 - 2014-12-23 15:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-02-03 18:55 - 2014-02-03 18:55 - 00792576 _____ () C:\Program Files\AskMrRobot\AmrTray.exe 2014-05-13 21:56 - 2013-11-18 17:54 - 03234304 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe 2015-02-20 16:06 - 2015-02-17 21:34 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll 2015-02-20 16:06 - 2015-02-17 21:34 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll 2015-02-20 16:06 - 2015-02-17 21:34 - 10864456 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll 2014-06-04 12:56 - 2015-02-17 07:49 - 00232632 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\DashlanePlugin.exe 2014-06-04 12:56 - 2015-02-17 07:49 - 00227000 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\Dashlane.exe 2015-02-20 16:06 - 2015-02-17 21:34 - 26771784 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-08-13 04:45 - 2014-10-13 10:44 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll 2015-03-04 18:08 - 2015-03-04 18:08 - 00750080 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-12 20:51 - 2015-03-12 20:51 - 00043008 _____ () c:\users\pat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc4ycqx.dll 2015-03-04 18:08 - 2015-03-04 18:08 - 00047616 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 18:08 - 2015-03-04 18:08 - 00865280 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 18:07 - 2015-03-04 18:07 - 00200704 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2014-05-13 21:56 - 2011-01-27 00:53 - 00028160 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\uiHook.dll 2014-06-17 18:10 - 2014-06-17 18:10 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2014-06-17 18:10 - 2014-06-17 18:10 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2014-04-14 07:47 - 2015-03-12 20:52 - 00046080 _____ () C:\Users\Pat\AppData\Local\Apps\2.0\8MA1RZ94.J9C\93NMYMD8.N6N\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll 2014-12-13 00:04 - 2014-12-13 00:04 - 00541696 _____ () C:\Users\Pat\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll 2015-03-12 20:50 - 2015-03-12 20:50 - 00098816 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32api.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00110080 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\pywintypes27.dll 2015-03-12 20:50 - 2015-03-12 20:50 - 00364544 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\pythoncom27.dll 2015-03-12 20:50 - 2015-03-12 20:50 - 00045568 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\_socket.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 01160704 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\_ssl.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00320512 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32com.shell.shell.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00713216 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\_hashlib.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 01175040 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._core_.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00805888 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._gdi_.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00811008 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._windows_.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 01062400 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._controls_.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00735232 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._misc_.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00557056 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\pysqlite2._sqlite.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00128512 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\_elementtree.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00127488 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\pyexpat.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00087552 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\_ctypes.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00119808 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32file.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00108544 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32security.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00007168 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\hashobjs_ext.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00167936 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32gui.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00018432 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32event.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00038912 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32inet.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00011264 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32crypt.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00070656 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._html2.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00027136 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\_multiprocessing.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00035840 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32process.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00686080 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\unicodedata.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00122368 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._wizard.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00024064 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32pipe.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00025600 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32pdh.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00525640 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\windows._lib_cacheinvalidation.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00010240 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\select.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00017408 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32profile.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00022528 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32ts.pyd 2015-03-12 20:50 - 2015-03-12 20:50 - 00078336 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._animate.pyd 2014-11-16 01:28 - 2014-11-16 01:28 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 05730488 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 00442040 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 30961336 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 00418488 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 00307384 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 12115640 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 00266936 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 02047672 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 00183992 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 06726840 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.2.4.78888.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Pat\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Pat\Desktop\ImgBurn.exe:BDU AlternateDataStreams: C:\Users\Pat\Desktop\JRT.exe:BDU AlternateDataStreams: C:\Users\Pat\Desktop\RogueKillerX64.exe:BDU AlternateDataStreams: C:\Users\Pat\Downloads\Windows8-Setup.exe:BDU ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3951261367-891674079-5071855-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pat\Pictures\2014-04-11\Punkin\IMG_0219.JPG DNS Servers: 192.168.1.254 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "WinZip Quick Pick.lnk" HKLM\...\StartupApproved\Run32: => "WD Quick View" HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\StartupApproved\Run: => "Amazon Cloud Player" ==================== Accounts: ============================= Administrator (S-1-5-21-3951261367-891674079-5071855-500 - Administrator - Disabled) Guest (S-1-5-21-3951261367-891674079-5071855-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3951261367-891674079-5071855-1003 - Limited - Enabled) Pat (S-1-5-21-3951261367-891674079-5071855-1001 - Administrator - Enabled) => C:\Users\Pat ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/12/2015 08:49:15 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored. Error: (03/12/2015 08:49:15 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored. Error: (03/12/2015 08:44:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x7cc Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Faulting package full name: Fuel.Service.exe4 Faulting package-relative application ID: Fuel.Service.exe5 Error: (03/12/2015 11:34:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x7f4 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Faulting package full name: Fuel.Service.exe4 Faulting package-relative application ID: Fuel.Service.exe5 System errors: ============= Error: (03/12/2015 11:57:56 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (03/12/2015 08:56:23 PM) (Source: volsnap) (EventID: 14) (User: ) Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (03/12/2015 08:47:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Bitdefender Virus Shield service hung on starting. Error: (03/12/2015 08:45:23 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\UdfReadr.SYS Error: (03/12/2015 08:44:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/12/2015 02:57:50 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (03/12/2015 11:34:48 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\UdfReadr.SYS Error: (03/12/2015 11:34:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/12/2015 11:31:34 AM) (Source: DCOM) (EventID: 10010) (User: BOOKJUNKYSDREAM) Description: {9AA46009-3CE0-458A-A354-715610A075E6} Error: (03/12/2015 11:31:04 AM) (Source: DCOM) (EventID: 10010) (User: BOOKJUNKYSDREAM) Description: {9AA46009-3CE0-458A-A354-715610A075E6} Microsoft Office Sessions: ========================= Error: (03/12/2015 08:49:15 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement Error: (03/12/2015 08:49:15 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement Error: (03/12/2015 08:44:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c17cc01d05cda2c2e084cC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll219d6f48-c91a-11e4-832a-74d4359309c7 Error: (03/12/2015 11:34:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c17f401d05cd4e3e5f0f8C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll3d359e75-c8cd-11e4-8329-74d4359309c7 CodeIntegrity Errors: =================================== Date: 2015-03-04 00:55:44.518 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements. Date: 2015-03-04 00:55:44.516 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements. Date: 2015-03-03 19:42:58.658 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements. Date: 2015-03-03 19:42:58.547 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements. Date: 2015-03-03 18:08:38.534 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements. Date: 2014-06-24 11:27:38.555 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-06-24 11:27:38.452 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-06-24 11:27:38.265 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-06-24 09:09:45.615 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-06-24 09:09:45.510 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD FX-4130 Quad-Core Processor Percentage of memory in use: 37% Total physical RAM: 8173.53 MB Available physical RAM: 5145.49 MB Total Pagefile: 9453.53 MB Available Pagefile: 5079.37 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.17 GB) (Free:517.76 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5F28E748) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  12. FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015Ran by Pat (administrator) on BOOKJUNKYSDREAM on 13-03-2015 06:58:40Running from C:\Users\Pat\Downloads\InstallersLoaded Profiles: Pat (Available profiles: Pat)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\CometBird\cometbird.exe" -requestPending -osint -url "%1")Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe() C:\Program Files\AskMrRobot\AmrTray.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe(Amazon Digital Services, LLC.) C:\Users\Pat\AppData\Local\Apps\2.0\8MA1RZ94.J9C\93NMYMD8.N6N\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe(Dropbox, Inc.) C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe() C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe(Sun Microsystems, Inc.) C:\Users\Pat\AppData\Local\Apps\2.0\8MA1RZ94.J9C\93NMYMD8.N6N\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\cmd.exe() C:\Users\Pat\AppData\Roaming\Dashlane\DashlanePlugin.exe() C:\Users\Pat\AppData\Roaming\Dashlane\Dashlane.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1757520 2014-12-09] (Bitdefender)HKLM\...\Run: [Ask Mr. Robot] => C:\Program Files\AskMrRobot\AmrTray.exe [792576 2014-02-03] ()HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)HKLM-x32\...\Run: [PerditiongmmouseRun] => C:\Program Files (x86)\REDRAGON GAMING MOUSE\pdmon.exe [3234304 2013-11-18] ()HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [Dashlane] => C:\Users\Pat\AppData\Roaming\Dashlane\Dashlane.exe [227000 2015-02-17] ()HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-09] (Bitdefender)HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1HKU\S-1-5-21-3951261367-891674079-5071855-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation)HKU\S-1-5-18\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-09] (Bitdefender)HKU\S-1-5-18\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)HKU\S-1-5-18\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnkShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing LP)Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnkShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnkShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [s-1-5-21-3951261367-891674079-5071855-1001] => Internet Explorer proxy is enabled.HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3951261367-891674079-5071855-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-3951261367-891674079-5071855-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2014-08-13] (Bitdefender)BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-02] (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-08-21] (Oracle Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll [2014-08-13] (Bitdefender)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll [2014-08-21] (Oracle Corporation)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-06-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)Toolbar: HKLM-x32 - No Name - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - No FileHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-29] (Microsoft Corporation)Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.netTcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF ProfilePath: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.defaultFF SelectedSearchEngine: GoogleFF Homepage: hxxp://hsrd.yahoo.com/_ylt=Ap7baCq5xIi8aj53VbU6G9GbvZx4/RV=1/RE=1418774642/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cHM6Ly93d3cueWFob28uY29tLw--/RS=%5EADAV42NLp4bTaYYKLtMRe25WUJN8D8-FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-21] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-21] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-21] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-21] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-11] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-11-07] (Nero AG)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)FF Extension: Evernote Web Clipper - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-08-21]FF Extension: YouTube Video and Audio Downloader - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-02-26]FF Extension: Facebook Ads Block - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\jid1-CGxMej0nDJTjwQ@jetpack.xpi [2015-02-26]FF Extension: Clearly - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\readable@evernote.com.xpi [2014-08-21]FF Extension: Auto-Sort Bookmarks - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\sortbookmarks@bouanto.xpi [2015-02-26]FF Extension: The Addon Bar (restored) - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2015-02-26]FF Extension: Download Status Bar - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2015-02-26]FF Extension: Adblock Plus - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-26]FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdmanFF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-06-24]FF Extension: Dashlane - C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2015-02-19] Chrome: =======CHR HomePage: Default -> hxxp://www.yahoo.com/?r644=1325500449CHR StartupUrls: Default -> "hxxp://www.yahoo.com/?r644=1329216927", "https://www.facebook.com/","hxxp://www.google.com/", "hxxp://websearch.amaizingsearches.info/?pid=377&r=2014/04/15&hid=12534082340414630104&lg=EN&cc=US&unqvl=51", "hxxp://www.default-search.net?sid=476&aid=100&itype=n&ver=12349&tm=334&src=hmp", "hxxp://www.default-search.net?sid=476&aid=100&itype=a&ver=12521&tm=334&src=hmp", "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_43_ch&cd=2XzuyEtN2Y1L1QzuyByE0DyEtAyDzytAtDzy0CyB0D0BzytCtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0F0F0E0CtDtB0FtGtAtCtC0CtGyByDyDtAtGtC0FyEyBtGyC0AtAyByBzzyEyEyBtC0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0EzyyByEyB0EtG0CtCyD0FtGyEyEyBzztG0ByE0A0EtGtDtCyCtA0EzyyBzzyBtC0B0E2Q&cr=1245928839&ir=" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Pat\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (PDF to Word Converter) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aflgemggaffjfjmjchhckncplcfioiid [2014-05-13]CHR Extension: (Google Docs) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-11]CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2014-05-13]CHR Extension: (Google Drive) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-11]CHR Extension: (ABP ( Adblock Plus )) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\begnflkjkcebjioagifeaongciheiogj [2015-02-10]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]CHR Extension: (Adguard AdBlocker) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-02-10]CHR Extension: (YouTube) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-11]CHR Extension: (World of Warcraft Map) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnneemhnjgncpnfdcofcpobbaaifjclc [2015-02-26]CHR Extension: (Adblock Plus) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-01]CHR Extension: (Silverlight for Chrome) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgnklfhofbcfndknbonklnijndoeknal [2015-02-01]CHR Extension: (Adblock for Youtube™) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-02-26]CHR Extension: (Google Search) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-11]CHR Extension: (Kingdoms Of Camelot) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkadejngfdiifodimfhejphllfecigmm [2014-04-11]CHR Extension: (Easy Clock) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplbpgapoedppajbikieafefmcceaagn [2014-05-20]CHR Extension: (Autocomplete = on) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh [2014-04-11]CHR Extension: (Google Calendar) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-04-11]CHR Extension: (Pandora) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-05-13]CHR Extension: (Dashlane) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2015-02-12]CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2015-02-26]CHR Extension: (AdBlock) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-15]CHR Extension: (QuickTime for Chrome) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\glkdifongmamddfegpjkmghbmoikkjai [2015-02-01]CHR Extension: (Google Calendar (by Google)) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-05-13]CHR Extension: (VoiceNote II - Speech to text) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2014-05-13]CHR Extension: (CloudConvert) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2014-05-13]CHR Extension: (Read the Bible) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbiofnodpilbapfbjilbkgbaokknihg [2014-05-13]CHR Extension: (Dropbox) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-02-26]CHR Extension: (Clearly) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2014-05-18]CHR Extension: (Google Tasks Offline (Unofficial)) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekhpicinnaamcmadbipjejafgkjdokh [2014-05-13]CHR Extension: (iBreviary) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldklipcfhnmkcanfbhkabmbpdhoahcfg [2014-04-11]CHR Extension: (the Mobile Catholic) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcefjbgoeionpamjaemafhnogabjof [2014-05-13]CHR Extension: (iCloud Dashboard) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgojgddhfhekopdpkocobommepgdeffb [2015-02-12]CHR Extension: (Google Play Books) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-05-13]CHR Extension: (OneDrive) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-02-26]CHR Extension: (Google Wallet) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-11]CHR Extension: (WordToPdf - A Word to Pdf Converter) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\oegaegenphlmcphgannobdndkoimkocj [2014-05-13]CHR Extension: (Offline Solitaire) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojldfpglenpceffckkjhajofdbpkfgmn [2014-05-13]CHR Extension: (Picasa) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-05-13]CHR Extension: (Recovery Password) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpdleddmnabebaibkllglcmldpbobpm [2014-05-13]CHR Extension: (Outlook.com) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-04-12]CHR Extension: (Evernote Web Clipper) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-05-13]CHR Extension: (Gmail) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-11]CHR HKU\S-1-5-21-3951261367-891674079-5071855-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-12-09] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-14] (Microsoft Corporation)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1538672 2014-12-09] (Bitdefender)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-12-09] (BitDefender)R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [263032 2014-12-09] (BitDefender)R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-03-07] ()R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-13] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-12-09] (BitDefender S.R.L.)S1 UdfReadr; C:\Windows\SysWow64\Drivers\UdfReadr.sys [206368 2000-06-15] (Adaptec)R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [233160 2013-01-02] (VIA Technologies, Inc.)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)U4 iSafeNetFilter; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-12 11:45 - 2015-03-12 11:45 - 00003576 _____ () C:\Windows\System32\Tasks\Bitdefender Autoscan2015-03-12 11:24 - 2015-03-12 11:24 - 00000762 _____ () C:\Users\Pat\Desktop\JRT.txt2015-03-12 09:24 - 2015-03-12 09:55 - 00000000 ____D () C:\Users\Pat\Downloads\Betty Jo2015-03-12 01:58 - 2015-03-12 01:58 - 00185253 _____ () C:\Users\Public\Desktop\bdsyslog.zip2015-03-11 01:33 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys2015-03-11 01:33 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys2015-03-11 01:33 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys2015-03-11 01:33 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll2015-03-11 01:33 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll2015-03-11 01:33 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe2015-03-11 01:33 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe2015-03-11 01:32 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-03-11 01:32 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-03-11 01:32 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-03-11 01:32 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2015-03-11 01:32 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2015-03-11 01:32 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll2015-03-11 01:32 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll2015-03-11 01:32 - 2015-02-06 19:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml2015-03-11 01:32 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll2015-03-11 01:32 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll2015-03-11 01:32 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys2015-03-11 01:32 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll2015-03-11 01:32 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll2015-03-11 01:32 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll2015-03-11 01:32 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll2015-03-11 01:32 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll2015-03-11 01:32 - 2015-01-29 23:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys2015-03-11 01:32 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll2015-03-11 01:32 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll2015-03-11 01:32 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll2015-03-11 01:32 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll2015-03-11 01:32 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll2015-03-11 01:32 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll2015-03-11 01:32 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll2015-03-11 01:32 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll2015-03-11 01:32 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll2015-03-11 01:32 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll2015-03-11 01:32 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll2015-03-11 01:32 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll2015-03-11 01:32 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll2015-03-11 01:32 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll2015-03-11 01:32 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll2015-03-11 01:32 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2015-03-11 01:32 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll2015-03-11 01:32 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll2015-03-11 01:32 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2015-03-11 01:32 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2015-03-11 01:32 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll2015-03-11 01:32 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll2015-03-11 01:32 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2015-03-11 01:32 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-03-11 01:32 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-03-11 01:32 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-03-11 01:32 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll2015-03-11 01:32 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll2015-03-11 01:32 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll2015-03-11 01:32 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2015-03-11 01:32 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll2015-03-11 01:32 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll2015-03-11 01:31 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-03-11 01:31 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-03-11 01:31 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-03-11 01:31 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2015-03-11 01:31 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-03-11 01:31 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-03-11 01:31 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-03-11 01:31 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-03-11 01:31 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-03-11 01:31 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-03-11 01:31 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-03-11 01:31 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-03-11 01:31 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-03-11 01:31 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-03-11 01:31 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2015-03-11 01:31 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-03-11 01:31 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-03-11 01:31 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-03-11 01:31 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2015-03-11 01:31 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-03-11 01:31 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-03-11 01:31 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-03-11 01:31 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-03-11 01:31 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-03-11 01:31 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-03-11 01:31 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-03-11 01:31 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2015-03-11 01:31 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll2015-03-11 01:31 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-03-11 01:31 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-03-11 01:31 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-03-11 01:31 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-03-11 01:31 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-03-11 01:31 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-03-11 01:31 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-03-11 01:31 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-03-11 01:31 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-03-11 01:31 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2015-03-11 01:31 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2015-03-11 01:31 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll2015-03-11 01:31 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll2015-03-11 01:31 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2015-03-11 01:31 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2015-03-11 01:31 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll2015-03-11 01:31 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2015-03-11 01:31 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe2015-03-11 01:31 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe2015-03-11 01:31 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll2015-03-11 01:31 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll2015-03-11 01:31 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe2015-03-10 05:20 - 2015-03-10 05:20 - 00182019 _____ () C:\Users\Pat\Desktop\bdsyslog.zip2015-03-07 21:51 - 2015-03-07 21:51 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2015-03-07 06:09 - 2015-03-07 06:09 - 00000000 ____D () C:\Windows\Fish Screensave2015-03-05 05:30 - 2015-03-05 05:30 - 00000000 ____D () C:\Program Files (x86)\Anvisoft2015-03-04 03:43 - 2015-03-12 11:34 - 00000000 ____D () C:\AdwCleaner2015-03-03 18:47 - 2015-03-03 18:47 - 00003108 _____ () C:\Windows\System32\Tasks\{0785AB04-54A7-4A38-968D-0AAB97F58706}2015-03-03 07:40 - 2015-03-04 03:52 - 00000000 ____D () C:\Windows\system32\log2015-03-02 23:46 - 2015-03-03 07:51 - 00000000 ___HD () C:\$WINDOWS.~BT2015-03-02 23:04 - 2015-03-02 23:47 - 00001908 _____ () C:\Windows\diagwrn.xml2015-03-02 23:04 - 2015-03-02 23:47 - 00001908 _____ () C:\Windows\diagerr.xml2015-03-02 22:51 - 2015-03-02 22:53 - 2894594048 _____ () C:\Users\Pat\Desktop\Windows.iso2015-03-02 22:51 - 2015-03-02 22:51 - 00001425 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Install Windows.lnk2015-03-02 22:04 - 2015-03-02 22:04 - 00000000 __RHD () C:\ESD2015-03-02 22:02 - 2015-03-02 22:03 - 05487040 _____ (Microsoft Corporation) C:\Users\Pat\Downloads\Windows8-Setup.exe2015-03-02 21:55 - 2015-03-04 03:57 - 00000000 ____D () C:\Users\Pat\AppData\Local\LogMeIn Rescue Applet2015-03-02 20:42 - 2015-03-02 21:24 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\ImgBurn2015-03-02 20:39 - 2015-03-02 20:39 - 02747392 _____ (LIGHTNING UK!) C:\Users\Pat\Desktop\ImgBurn.exe2015-03-02 20:28 - 2015-03-02 20:35 - 377118720 _____ () C:\Users\Pat\Desktop\EasyRE Professional for Windows 8.iso2015-03-02 20:08 - 2015-03-02 20:08 - 00003192 _____ () C:\Windows\System32\Tasks\{68DE6CEC-BF3A-4188-AA4E-17A44EADF5A3}2015-02-26 03:51 - 2015-02-26 03:51 - 00000000 ____D () C:\ProgramData\bdch2015-02-25 06:49 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls2015-02-25 06:49 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\system32\locale.nls2015-02-20 13:48 - 2015-02-20 13:51 - 80271640 _____ () C:\Users\Pat\Desktop\DB-Norris_ Chuck - Abraham_ Ken Against all odds_ my story DB60819.zip2015-02-20 13:43 - 2015-02-20 14:08 - 1288145457 _____ () C:\Users\Pat\Desktop\DB-Jones_ Alexander The Jerusalem Bible DB57847.zip2015-02-20 10:15 - 2015-03-07 21:49 - 00000520 _____ () C:\Windows\system32\.crusader2015-02-20 10:00 - 2015-02-20 10:15 - 00000000 ____D () C:\ProgramData\HitmanPro2015-02-19 17:04 - 2015-02-19 17:04 - 00001765 _____ () C:\Users\Public\Desktop\iTunes.lnk2015-02-19 17:04 - 2015-02-19 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-02-19 17:03 - 2015-02-19 17:04 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A72015-02-19 17:03 - 2015-02-19 17:04 - 00000000 ____D () C:\Program Files\iTunes2015-02-19 17:03 - 2015-02-19 17:03 - 00000000 ____D () C:\Program Files\iPod2015-02-19 17:03 - 2015-02-19 17:03 - 00000000 ____D () C:\Program Files (x86)\iTunes2015-02-15 14:27 - 2015-03-02 20:03 - 00000000 ____D () C:\Program Files (x86)\Top Password2015-02-15 14:27 - 2015-02-15 14:27 - 00001043 _____ () C:\Users\Pat\Desktop\ISO2Disc.lnk2015-02-15 14:27 - 2015-02-15 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO2Disc2015-02-15 14:21 - 2015-02-15 14:21 - 00001029 _____ () C:\Users\Public\Desktop\ISO to USB.lnk2015-02-15 14:21 - 2015-02-15 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB2015-02-15 14:21 - 2015-02-15 14:21 - 00000000 ____D () C:\Program Files (x86)\ISO to USB2015-02-13 15:08 - 2015-02-13 15:08 - 00000927 _____ () C:\Users\Pat\Documents - Shortcut.lnk2015-02-13 14:44 - 2015-02-13 14:44 - 00003432 ____N () C:\bootsqm.dat2015-02-13 14:44 - 2015-02-13 14:44 - 00000000 __SHD () C:\found.0002015-02-13 13:41 - 2015-02-13 13:41 - 00000000 _____ () C:\Windows\system32\atiicdxx.dat2015-02-13 13:41 - 2015-02-13 13:41 - 00000000 _____ () C:\Windows\ativpsrm.bin2015-02-11 15:59 - 2015-02-11 15:59 - 00002145 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk2015-02-11 15:59 - 2015-02-05 13:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe2015-02-11 15:56 - 2015-02-05 17:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2015-02-11 15:56 - 2015-02-05 17:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2015-02-11 15:56 - 2015-02-05 17:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2015-02-11 15:56 - 2015-02-05 17:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2015-02-11 15:56 - 2015-02-05 17:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2015-02-11 15:56 - 2015-02-05 17:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2015-02-11 15:56 - 2015-02-05 17:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2015-02-11 15:56 - 2015-02-05 17:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2015-02-11 15:56 - 2015-02-05 17:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2015-02-11 15:56 - 2015-02-05 17:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2015-02-11 15:56 - 2015-02-05 17:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2015-02-11 15:56 - 2015-02-05 17:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2015-02-11 15:56 - 2015-02-05 17:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2015-02-11 15:56 - 2015-02-05 17:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll2015-02-11 15:56 - 2015-02-05 17:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00833680 _____ () C:\Windows\system32\nvmcumd.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2015-02-11 00:40 - 2015-01-15 18:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys2015-02-11 00:40 - 2015-01-15 18:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-02-11 00:40 - 2015-01-14 00:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll2015-02-11 00:40 - 2015-01-13 23:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2015-02-11 00:40 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll2015-02-11 00:40 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll2015-02-11 00:39 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-02-11 00:39 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-02-11 00:39 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-02-11 00:39 - 2015-01-11 21:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-02-11 00:38 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll2015-02-11 00:38 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2015-02-11 00:38 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-13 06:58 - 2014-11-25 18:21 - 00000000 ____D () C:\FRST2015-03-13 06:58 - 2014-04-14 21:41 - 00000000 ____D () C:\Users\Pat\Downloads\Installers2015-03-13 06:45 - 2014-08-28 05:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-03-13 06:41 - 2014-04-11 16:18 - 00000000 ____D () C:\Users\Pat\AppData\Local\Deployment2015-03-13 06:36 - 2014-04-11 20:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-03-13 06:14 - 2014-02-26 21:41 - 02000190 _____ () C:\Windows\WindowsUpdate.log2015-03-13 06:05 - 2014-04-11 16:18 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-03-13 06:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru2015-03-13 05:13 - 2014-04-11 15:16 - 00003590 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3951261367-891674079-5071855-10012015-03-13 05:07 - 2014-12-02 19:55 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-03-13 04:50 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM2015-03-13 04:44 - 2014-04-11 15:47 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A637678E-0838-402C-B91D-96D3F723569D}2015-03-12 22:05 - 2014-04-11 16:18 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-03-12 21:11 - 2014-04-11 17:03 - 00004992 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for BOOKJUNKYSDREAM-Pat BookjunkysDream2015-03-12 20:54 - 2014-02-26 21:46 - 00956540 _____ () C:\Windows\system32\PerfStringBackup.INI2015-03-12 20:51 - 2014-05-08 09:43 - 00000000 ___RD () C:\Users\Pat\Dropbox2015-03-12 20:51 - 2014-05-08 09:41 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dropbox2015-03-12 20:51 - 2014-04-20 23:07 - 00000000 ___RD () C:\Users\Pat\Google Drive2015-03-12 20:50 - 2014-09-23 23:16 - 00000000 ___RD () C:\Users\Pat\iCloudDrive2015-03-12 20:50 - 2014-04-11 15:11 - 00000000 ___DO () C:\Users\Pat\SkyDrive2015-03-12 20:49 - 2014-04-11 22:53 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat2015-03-12 20:48 - 2013-08-22 10:46 - 00007729 _____ () C:\Windows\setupact.log2015-03-12 20:48 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-03-12 20:47 - 2014-02-26 21:47 - 00000000 ____D () C:\ProgramData\NVIDIA2015-03-12 20:46 - 2013-08-22 10:44 - 00380944 _____ () C:\Windows\system32\FNTCACHE.DAT2015-03-12 20:43 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData2015-03-12 20:43 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-03-12 20:43 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-03-12 20:43 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2015-03-12 20:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore2015-03-12 20:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender2015-03-12 20:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2015-03-12 20:42 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp2015-03-12 11:34 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI2015-03-12 11:15 - 2014-06-28 19:06 - 00000000 ____D () C:\Users\Pat\AppData\Local\CrashDumps2015-03-12 11:10 - 2014-04-11 17:03 - 00000000 ___RD () C:\Users\Pat\OneDrive2015-03-12 11:08 - 2014-05-08 09:43 - 00001068 _____ () C:\Users\Pat\Desktop\Dropbox.lnk2015-03-12 11:08 - 2014-05-08 09:42 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-03-12 10:52 - 2014-02-26 22:01 - 00000000 ____D () C:\Windows\system32\MRT2015-03-12 10:46 - 2014-02-26 22:01 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-03-11 05:27 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness2015-03-11 01:45 - 2014-04-11 15:10 - 00000000 ____D () C:\Users\Pat\AppData\Local\VirtualStore2015-03-10 11:28 - 2014-05-08 17:52 - 00000000 ____D () C:\Users\Pat\Desktop\Ebook library2015-03-10 03:59 - 2014-02-26 21:37 - 01025958 _____ () C:\Windows\PFRO.log2015-03-10 03:58 - 2014-04-11 22:13 - 00000000 ____D () C:\Users\Pat\AppData\Local\Battle.net2015-03-08 04:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\LiveKernelReports2015-03-05 05:36 - 2014-12-08 14:05 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys2015-03-04 17:24 - 2014-11-13 03:15 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-03-04 17:24 - 2014-11-13 03:15 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-03-04 03:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\TAPI2015-03-03 04:38 - 2014-07-08 07:44 - 00000000 ____D () C:\Users\Pat\Desktop\Unused Desktop Icons2015-03-03 00:31 - 2014-04-14 21:38 - 00000000 ____D () C:\Users\Pat\Downloads\Books2015-03-02 23:46 - 2013-08-22 10:46 - 00000000 _____ () C:\Windows\setuperr.log2015-03-02 23:43 - 2014-09-30 08:46 - 00000000 ____D () C:\Users\Pat\Downloads\Documents\Personal2015-03-02 21:53 - 2014-12-08 13:49 - 00000000 __SHD () C:\Users\Pat\AppData\Local\EmieBrowserModeList2015-02-28 07:02 - 2014-04-11 22:15 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft2015-02-26 19:58 - 2014-04-11 22:13 - 00000000 ____D () C:\Program Files (x86)\Battle.net2015-02-26 07:59 - 2014-04-18 07:48 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\TS3Client2015-02-26 07:53 - 2014-04-14 10:22 - 00071168 ___SH () C:\Users\Pat\Downloads\Thumbs.db2015-02-25 15:22 - 2014-04-11 16:50 - 00000000 ____D () C:\Program Files\Microsoft Office 152015-02-25 14:16 - 2014-05-14 07:59 - 00000000 ____D () C:\Users\Pat\AppData\Temp2015-02-24 18:05 - 2014-04-11 22:18 - 00001244 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk2015-02-19 17:21 - 2014-06-04 12:56 - 00001958 _____ () C:\Users\Pat\Desktop\Dashlane.lnk2015-02-19 17:21 - 2014-06-04 12:54 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dashlane2015-02-19 17:09 - 2014-04-11 15:10 - 00000000 ____D () C:\Users\Pat2015-02-19 17:03 - 2014-04-11 17:31 - 00000000 ____D () C:\Program Files\Common Files\Apple2015-02-19 06:41 - 2015-01-12 11:12 - 00000000 ____D () C:\Users\Pat\AppData\Local\Adobe2015-02-16 06:03 - 2014-11-30 01:09 - 00130048 ___SH () C:\Users\Pat\Desktop\Thumbs.db2015-02-14 17:25 - 2014-07-02 17:57 - 00000000 ____D () C:\Users\Pat\AppData\Local\Nero2015-02-14 17:22 - 2014-05-23 08:44 - 00000000 ____D () C:\Users\Pat\AppData\Local\Bandizip2015-02-14 11:09 - 2014-05-22 18:01 - 00000000 ____D () C:\Users\Pat\Downloads\Documents\CFP2015-02-14 03:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache2015-02-12 09:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared2015-02-11 15:59 - 2014-02-26 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation ==================== Files in the root of some directories ======= 2014-05-14 07:54 - 2014-05-14 07:54 - 0582957 _____ () C:\ProgramData\1400067679.bdinstall.bin2014-06-02 21:31 - 2014-06-02 21:31 - 0856200 _____ () C:\ProgramData\1401757402.bdinstall.bin2014-06-24 07:11 - 2014-06-24 07:11 - 0244214 _____ () C:\ProgramData\1403608110.bdinstall.bin2014-06-24 14:35 - 2014-06-24 14:35 - 0572174 _____ () C:\ProgramData\1403634396.bdinstall.bin Some content of TEMP:====================C:\Users\Pat\AppData\Local\Temp\BANDIZIP-SETUP.EXEC:\Users\Pat\AppData\Local\Temp\dllnt_dump.dllC:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc4ycqx.dllC:\Users\Pat\AppData\Local\Temp\msvcp120.dllC:\Users\Pat\AppData\Local\Temp\msvcr120.dllC:\Users\Pat\AppData\Local\Temp\nvSCPAPI.dllC:\Users\Pat\AppData\Local\Temp\nvSCPAPI64.dllC:\Users\Pat\AppData\Local\Temp\nvStInst.exeC:\Users\Pat\AppData\Local\Temp\pc-decrapifier.exeC:\Users\Pat\AppData\Local\Temp\Quarantine.exeC:\Users\Pat\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dllC:\Users\Pat\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-13 23:59 ==================== End Of Log ============================
  13. lp.ilividnewtab.com is what most tabs turn into after Adblocker plus gets hold of them but they start as saying youradexchange before they turn into that. I am not sure if that make sense or not I also see a lot of marvel tabs and some game things I am not interested in. I play World of Warcraft and the add ons like curse client I use with that I have used for 8 years without a problem and 95% of those who raid in the game use Mr Robot without a problem.
  14. Will get this done but it will have to be tomorrow.
  15. If there is something in ie, that i don't even use I really want to get rid of it. I did use ie once a few weeks before all the garbage started. I used it for a function on a VA related web site that required it. We just found out I have been eligible for the Korean Defense Medal for years and went to the page to get the appropriate paper work. Is there a setting I should enable in ie to make sure something never gets again?
  16. I never use internet explorer unless a web site requires it, such as certain VA web sites. The majority of tabs that are popping up have youraddexchange in them even if turn into something that looks totally unrelated before they get done. I had 22 open tabs worth of garbage when I came in this morning. I don't even have any favorite sites in internet explorer. By the time I got done closing all the garbage tabs this morning there were 22 of them, attacking a screen shot of them as open in Chrome.
  17. Thanks for responding I have learned to respect opinions expressed here.
  18. I have had great support here with mbam and plan on renewing my subscription when it expires in a few months. I cannot say as much about my antiviral program Bit Defender. So I am looking for recommendations for a replacement for it. After seeing Norton miss a variant of the Beagle virus and wipe out a neighbors explorer back in the early days of XP and having to help him wipe his hard drive from DOS I will never run Norton. Macafee seems pretty bloated and a big resource hog as well. I am looking for a dependable program with quick and efficient customer support like we get here in this forum for our antimalware program.
  19. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2015 01 Ran by Pat at 2015-03-11 01:53:21 Running from C:\Users\Pat\Downloads\Installers Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ActiveState ActivePython 2.7.6.9 (32-bit) (HKLM-x32\...\{B6FB74C1-B37C-44BC-A1C7-38B8DB3FC996}) (Version: 2.7.9 - ActiveState Software Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Amazon Cloud Drive (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon) Amazon Cloud Player (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC) Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.239 - Amazon) AMD Catalyst Install Manager (HKLM\...\{A731A859-7426-DEB6-80A3-E6A2508DC85A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AmrAddonInstall (Version: 1.2.8.0 - Microsoft) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Mr. Robot (HKLM-x32\...\{86e39a0a-85dd-4d6f-b1cd-46d8208bd2e9}) (Version: 1.3.17.0 - Ask Mr. Robot) Ask Mr. Robot (Version: 1.3.17.0 - Ask Mr. Robot) Hidden Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1929380210.4759644.48.2147344384 - Audible, Inc.) Bandizip (HKLM\...\Bandizip) (Version: 5.05 - Bandisoft.com) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 17.28.0.1191 - Bitdefender) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) calibre 64bit (HKLM\...\{31ED17F1-B223-404B-9415-C31404A24CE9}) (Version: 2.16.0 - Kovid Goyal) CometBird 11.0 (x86 en-US) (HKLM-x32\...\CometBird 11.0 (x86 en-US)) (Version: 11.0 - CometNetwork) Curse Client (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dashlane (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Dashlane) (Version: 3.2.4.78888 - Dashlane SAS) Dropbox (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.) Easy Computer Sync (HKLM-x32\...\Easy Computer Sync) (Version: 2.0 - Bravura Software LLC) eReader (HKLM-x32\...\{ED8BB1CA-535A-408D-85C9-ED1986D2B85E}) (Version: - ) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote v. 5.4.1 (HKLM-x32\...\{A5F7DF42-F67D-11E3-B7EB-00163E98E7D6}) (Version: 5.4.1.3962 - Evernote Corp.) EverQuest (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\soe-EverQuest) (Version: 1.0.3.183 - Sony Online Entertainment) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.) Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.) Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com) ISO2Disc 1.05 (HKLM-x32\...\ISO2Disc_is1) (Version: - Top Password Software, Inc.) iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation) Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation) Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla) MTP Porting Kit (HKLM-x32\...\{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp) Nero MediaHome Free (HKLM-x32\...\{6CC8CA12-AD2B-4C07-B2C4-B32CDBF5F29D}) (Version: 15.0.01800 - Nero AG) NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA Miracast Virtual Audio 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OverDrive Media Console (HKLM-x32\...\{7326DA0C-C09B-491C-81FF-6DA12B2256BB}) (Version: 3.3.0 - OverDrive, Inc.) Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.) Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden Pharaoh (HKLM-x32\...\Pharaoh) (Version: - ) Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.) REDRAGON GAMING MOUSE version 1.1 (HKLM-x32\...\{6513799F-D2B9-4BEA-A76E-52249156A2B5}_is1) (Version: 1.1 - redragonzone) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.) VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WD Quick View (HKLM-x32\...\{63911503-7EA4-4685-B2FD-D391EF622FB9}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{34C6812E-E231-4B13-9DAC-21E06ECA864A}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.) Windows 8 Portable Device Enabling Kit for MTP - Tools, Version 8 (HKLM-x32\...\{F04FB07B-0C96-48F8-95BB-FF8CAD522D2F}) (Version: 1 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinZip (HKLM-x32\...\WinZip) (Version: 10.0 (6667) - WinZip Computing LP) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\Pat\AppData\Local\Bandizip\bdzshl64.dll (Bandisoft.com) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{ddef1ef4-9e08-4b76-9267-1b800cddf116}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Pat\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 25-02-2015 14:17:44 Windows Update 07-03-2015 21:49:05 Checkpoint by HitmanPro 10-03-2015 10:43:17 Removed WD SmartWare ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2014-04-18 02:01 - 00000867 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 d3oxij66pru1i3.cloudfront.net ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1BAB1A57-D423-4298-BA5F-DC1E1414CF39} - System32\Tasks\{0785AB04-54A7-4A38-968D-0AAB97F58706} => pcalua.exe -a "C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe" Task: {1FB941D5-8B93-4909-B45A-288FE1E66AA0} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3951261367-891674079-5071855-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {24416CEE-170F-4AD8-B01E-0D3FE696811E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11] (Google Inc.) Task: {26109B96-44CC-492E-AE05-1E72C614D11D} - System32\Tasks\Bitdefender Autoscan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2014-08-13] (Bitdefender) Task: {3636007D-429D-48E0-8307-02C59202DA47} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {4A9FBEB4-87D2-4DE6-ADE8-3713696E50C2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation) Task: {6A846E28-89DB-4CDA-8A1F-69B6A6063A78} - System32\Tasks\{68DE6CEC-BF3A-4188-AA4E-17A44EADF5A3} => pcalua.exe -a C:\Users\Pat\AppData\Local\Microsoft\Windows\Burn\Burn\Windows_Password_Key_Standard_trial.exe Task: {6E1721AC-8545-4A30-B0D2-8CDC4E7B1FCD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation) Task: {6F8185EA-BF45-4911-93AB-A316409DC4DF} - System32\Tasks\{9735F59D-DE47-4442-9B63-59C7ACDDEBA3} => pcalua.exe -a D:\ZToolBar.exe -d D:\ Task: {754F475B-25E7-4FB2-99C1-D73DC17C2F7B} - System32\Tasks\{E8C47BE1-F0CC-4BEA-A206-CFC603AF8716} => pcalua.exe -a C:\PROGRA~2\WSE_AS~1\\uninstall.exe Task: {7C98B129-8DAC-49AF-BAE9-D8181993C69F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BOOKJUNKYSDREAM-Pat BookjunkysDream => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation) Task: {9459F4CF-AC3F-4012-976E-F5D4BEB6602D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11] (Google Inc.) Task: {A55071BE-35EE-44AB-9923-632E368F1790} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation) Task: {BAD60DBD-9393-435E-9006-C39724215A52} - System32\Tasks\{06C77BE4-ACA9-45AA-BF99-760806114F29} => pcalua.exe -a D:\udfrinst.exe -d D:\ -c autorun Task: {FB688180-3908-4255-9837-732F4363A14C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-10-13 10:45 - 2014-10-13 10:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll 2014-08-13 04:45 - 2014-08-13 04:45 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui 2014-06-24 14:33 - 2014-08-13 04:44 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui 2015-02-06 15:33 - 2015-02-06 15:33 - 00784712 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttpbr.mdl 2015-02-06 15:33 - 2015-02-06 15:33 - 00573544 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttpdsp.mdl 2015-02-06 15:33 - 2015-02-06 15:33 - 02657264 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttpph.mdl 2015-02-06 15:33 - 2015-02-06 15:33 - 01331648 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttprbl.mdl 2014-02-26 21:47 - 2015-02-05 15:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-08-06 12:24 - 2012-08-06 12:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-04-11 16:50 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-02-25 15:21 - 2014-12-23 15:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-02-03 18:55 - 2014-02-03 18:55 - 00792576 _____ () C:\Program Files\AskMrRobot\AmrTray.exe 2014-06-04 12:56 - 2015-02-17 07:49 - 00227000 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\Dashlane.exe 2014-05-13 21:56 - 2013-11-18 17:54 - 03234304 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe 2015-02-20 16:06 - 2015-02-17 21:34 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll 2015-02-20 16:06 - 2015-02-17 21:34 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll 2015-02-20 16:06 - 2015-02-17 21:34 - 10864456 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll 2014-06-04 12:56 - 2015-02-17 07:49 - 00232632 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\DashlanePlugin.exe 2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 00307384 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 00418488 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 00442040 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 30961336 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 00266936 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 05730488 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 06726840 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.2.4.78888.dll 2014-08-13 04:45 - 2014-10-13 10:44 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll 2015-02-10 17:00 - 2015-02-10 17:00 - 00750080 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-10 20:22 - 2015-03-10 20:22 - 00043008 _____ () c:\users\pat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyn5tuz.dll 2015-02-10 17:00 - 2015-02-10 17:00 - 00047616 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-02-10 17:00 - 2015-02-10 17:00 - 00865280 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-02-10 17:00 - 2015-02-10 17:00 - 00200704 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2014-05-13 21:56 - 2011-01-27 00:53 - 00028160 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\uiHook.dll 2014-06-17 18:10 - 2014-06-17 18:10 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2014-06-17 18:10 - 2014-06-17 18:10 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2014-04-14 07:47 - 2015-03-10 20:22 - 00046080 _____ () C:\Users\Pat\AppData\Local\Apps\2.0\8MA1RZ94.J9C\93NMYMD8.N6N\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll 2014-12-13 00:04 - 2014-12-13 00:04 - 00541696 _____ () C:\Users\Pat\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll 2015-03-10 20:21 - 2015-03-10 20:21 - 00098816 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32api.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00110080 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\pywintypes27.dll 2015-03-10 20:21 - 2015-03-10 20:21 - 00364544 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\pythoncom27.dll 2015-03-10 20:21 - 2015-03-10 20:21 - 00045568 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\_socket.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 01160704 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\_ssl.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00320512 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32com.shell.shell.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00713216 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\_hashlib.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 01175040 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._core_.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00805888 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._gdi_.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00811008 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._windows_.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 01062400 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._controls_.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00735232 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._misc_.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00557056 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\pysqlite2._sqlite.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00128512 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\_elementtree.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00127488 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\pyexpat.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00087552 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\_ctypes.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00119808 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32file.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00108544 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32security.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00007168 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\hashobjs_ext.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00167936 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32gui.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00018432 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32event.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00038912 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32inet.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00011264 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32crypt.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00070656 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._html2.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00027136 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\_multiprocessing.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00035840 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32process.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00686080 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\unicodedata.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00122368 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._wizard.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00024064 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32pipe.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00025600 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32pdh.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00525640 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\windows._lib_cacheinvalidation.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00010240 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\select.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00017408 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32profile.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00022528 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32ts.pyd 2015-03-10 20:21 - 2015-03-10 20:21 - 00078336 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._animate.pyd 2014-11-16 01:28 - 2014-11-16 01:28 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 12115640 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 02047672 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.2.4.78888.dll 2015-02-17 07:48 - 2015-02-17 07:48 - 00183992 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.2.4.78888.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Pat\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Pat\Desktop\ImgBurn.exe:BDU AlternateDataStreams: C:\Users\Pat\Desktop\JRT.exe:BDU AlternateDataStreams: C:\Users\Pat\Desktop\RogueKillerX64.exe:BDU AlternateDataStreams: C:\Users\Pat\Downloads\Windows8-Setup.exe:BDU ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3951261367-891674079-5071855-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pat\Pictures\2014-04-11\Punkin\IMG_0219.JPG DNS Servers: 192.168.1.254 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "WinZip Quick Pick.lnk" HKLM\...\StartupApproved\Run32: => "WD Quick View" HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\StartupApproved\Run: => "Amazon Cloud Player" ==================== Accounts: ============================= Administrator (S-1-5-21-3951261367-891674079-5071855-500 - Administrator - Disabled) Guest (S-1-5-21-3951261367-891674079-5071855-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3951261367-891674079-5071855-1003 - Limited - Enabled) Pat (S-1-5-21-3951261367-891674079-5071855-1001 - Administrator - Enabled) => C:\Users\Pat ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/11/2015 01:51:56 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (03/10/2015 08:18:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x518 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Faulting package full name: Fuel.Service.exe4 Faulting package-relative application ID: Fuel.Service.exe5 Error: (03/10/2015 10:38:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ec Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f Exception code: 0xc0000135 Fault offset: 0x0009e0b2 Faulting process id: 0x1088 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (03/10/2015 10:33:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x7ac Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Faulting package full name: Fuel.Service.exe4 Faulting package-relative application ID: Fuel.Service.exe5 Error: (03/10/2015 10:28:07 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (03/10/2015 04:00:49 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (03/10/2015 04:00:48 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (03/10/2015 03:58:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x604 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Faulting package full name: Fuel.Service.exe4 Faulting package-relative application ID: Fuel.Service.exe5 Error: (03/07/2015 09:57:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1180 Start Time: 01d0594295d0f310 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 8af0c86e-c536-11e4-8325-74d4359309c7 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (03/07/2015 09:52:08 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 System errors: ============= Error: (03/10/2015 08:20:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Bitdefender Virus Shield service hung on starting. Error: (03/10/2015 08:19:10 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\UdfReadr.SYS Error: (03/10/2015 08:18:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Superfetch service terminated with the following error: %%1062 Error: (03/10/2015 08:18:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/10/2015 11:26:36 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR12. Error: (03/10/2015 11:26:36 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR12. Error: (03/10/2015 11:26:36 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR12. Error: (03/10/2015 11:26:36 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR12. Error: (03/10/2015 11:16:27 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR8. Error: (03/10/2015 11:16:27 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR8. Microsoft Office Sessions: ========================= Error: (03/11/2015 01:51:56 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Pat\Downloads\Installers\esetsmartinstaller_enu.exe Error: (03/10/2015 08:18:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c151801d05b3f6617ac00C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll26c6fc38-c784-11e4-8327-74d4359309c7 Error: (03/10/2015 10:38:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.1.711542b53ecntdll.dll6.3.9600.1763054b0d74fc00001350009e0b2108801d05b3fe60ba0e3C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SYSTEM32\ntdll.dll26d5e9b3-c733-11e4-8327-74d4359309c7 Error: (03/10/2015 10:33:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c17ac01d05b084a37227eC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll5ca694ac-c732-11e4-8326-74d4359309c7 Error: (03/10/2015 10:28:07 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Pat\Downloads\Installers\esetsmartinstaller_enu.exe Error: (03/10/2015 04:00:49 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (03/10/2015 04:00:48 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (03/10/2015 03:58:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c160401d05942741f73b6C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll44618217-c6fb-11e4-8325-74d4359309c7 Error: (03/07/2015 09:57:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20689118001d0594295d0f3104294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe8af0c86e-c536-11e4-8325-74d4359309c7microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (03/07/2015 09:52:08 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 CodeIntegrity Errors: =================================== Date: 2015-03-04 00:55:44.518 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements. Date: 2015-03-04 00:55:44.516 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements. Date: 2015-03-03 19:42:58.658 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements. Date: 2015-03-03 19:42:58.547 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements. Date: 2015-03-03 18:08:38.534 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements. Date: 2014-06-24 11:27:38.555 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-06-24 11:27:38.452 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-06-24 11:27:38.265 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-06-24 09:09:45.615 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-06-24 09:09:45.510 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD FX-4130 Quad-Core Processor Percentage of memory in use: 35% Total physical RAM: 8173.53 MB Available physical RAM: 5311.55 MB Total Pagefile: 9453.53 MB Available Pagefile: 5334.19 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.17 GB) (Free:513.55 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5F28E748) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  20. If you see my pcnlocker program it is something that was purchased to help a friend get back into his computer after he tried to enter the wrong password in windows 8.1 too many times microsoft locked him out. It was never intended for anything illegal. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01Ran by Pat (administrator) on BOOKJUNKYSDREAM on 11-03-2015 01:52:16Running from C:\Users\Pat\Downloads\InstallersLoaded Profiles: Pat (Available profiles: Pat)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\CometBird\cometbird.exe" -requestPending -osint -url "%1")Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe() C:\Program Files\AskMrRobot\AmrTray.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe() C:\Users\Pat\AppData\Roaming\Dashlane\Dashlane.exe(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe(Amazon Digital Services, LLC.) C:\Users\Pat\AppData\Local\Apps\2.0\8MA1RZ94.J9C\93NMYMD8.N6N\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe(Dropbox, Inc.) C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe() C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe(Sun Microsystems, Inc.) C:\Users\Pat\AppData\Local\Apps\2.0\8MA1RZ94.J9C\93NMYMD8.N6N\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\cmd.exe() C:\Users\Pat\AppData\Roaming\Dashlane\DashlanePlugin.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Farbar) C:\Users\Pat\Downloads\Installers\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1757520 2014-12-09] (Bitdefender)HKLM\...\Run: [Ask Mr. Robot] => C:\Program Files\AskMrRobot\AmrTray.exe [792576 2014-02-03] ()HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)HKLM-x32\...\Run: [PerditiongmmouseRun] => C:\Program Files (x86)\REDRAGON GAMING MOUSE\pdmon.exe [3234304 2013-11-18] ()HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [Dashlane] => C:\Users\Pat\AppData\Roaming\Dashlane\Dashlane.exe [227000 2015-02-17] ()HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-09] (Bitdefender)HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1HKU\S-1-5-21-3951261367-891674079-5071855-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation)HKU\S-1-5-18\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-09] (Bitdefender)HKU\S-1-5-18\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)HKU\S-1-5-18\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnkShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing LP)Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnkShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnkShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyEnable: [s-1-5-21-3951261367-891674079-5071855-1001] => Internet Explorer proxy is enabled.HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3951261367-891674079-5071855-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-3951261367-891674079-5071855-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2014-08-13] (Bitdefender)BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-02] (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-08-21] (Oracle Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll [2014-08-13] (Bitdefender)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll [2014-08-21] (Oracle Corporation)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-06-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)Toolbar: HKLM-x32 - No Name - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - No FileHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-29] (Microsoft Corporation)Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.netTcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF ProfilePath: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.defaultFF SelectedSearchEngine: GoogleFF Homepage: hxxp://hsrd.yahoo.com/_ylt=Ap7baCq5xIi8aj53VbU6G9GbvZx4/RV=1/RE=1418774642/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cHM6Ly93d3cueWFob28uY29tLw--/RS=%5EADAV42NLp4bTaYYKLtMRe25WUJN8D8-FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-21] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-21] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-21] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-21] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-11] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-11-07] (Nero AG)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)FF Extension: Evernote Web Clipper - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-08-21]FF Extension: YouTube Video and Audio Downloader - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-02-26]FF Extension: Facebook Ads Block - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\jid1-CGxMej0nDJTjwQ@jetpack.xpi [2015-02-26]FF Extension: Clearly - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\readable@evernote.com.xpi [2014-08-21]FF Extension: Auto-Sort Bookmarks - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\sortbookmarks@bouanto.xpi [2015-02-26]FF Extension: The Addon Bar (restored) - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2015-02-26]FF Extension: Download Status Bar - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2015-02-26]FF Extension: Adblock Plus - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-26]FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdmanFF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-06-24]FF Extension: Dashlane - C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2015-02-19] Chrome: =======CHR HomePage: Default -> hxxp://www.yahoo.com/?r644=1325500449CHR StartupUrls: Default -> "hxxp://www.yahoo.com/?r644=1329216927", "https://www.facebook.com/","hxxp://www.google.com/", "hxxp://websearch.amaizingsearches.info/?pid=377&r=2014/04/15&hid=12534082340414630104&lg=EN&cc=US&unqvl=51", "hxxp://www.default-search.net?sid=476&aid=100&itype=n&ver=12349&tm=334&src=hmp", "hxxp://www.default-search.net?sid=476&aid=100&itype=a&ver=12521&tm=334&src=hmp", "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_43_ch&cd=2XzuyEtN2Y1L1QzuyByE0DyEtAyDzytAtDzy0CyB0D0BzytCtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0F0F0E0CtDtB0FtGtAtCtC0CtGyByDyDtAtGtC0FyEyBtGyC0AtAyByBzzyEyEyBtC0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0EzyyByEyB0EtG0CtCyD0FtGyEyEyBzztG0ByE0A0EtGtDtCyCtA0EzyyBzzyBtC0B0E2Q&cr=1245928839&ir=" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Pat\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (PDF to Word Converter) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aflgemggaffjfjmjchhckncplcfioiid [2014-05-13]CHR Extension: (Google Docs) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-11]CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2014-05-13]CHR Extension: (Google Drive) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-11]CHR Extension: (ABP ( Adblock Plus )) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\begnflkjkcebjioagifeaongciheiogj [2015-02-10]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]CHR Extension: (Adguard AdBlocker) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-02-10]CHR Extension: (YouTube) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-11]CHR Extension: (World of Warcraft Map) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnneemhnjgncpnfdcofcpobbaaifjclc [2015-02-26]CHR Extension: (Adblock Plus) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-01]CHR Extension: (Silverlight for Chrome) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgnklfhofbcfndknbonklnijndoeknal [2015-02-01]CHR Extension: (Adblock for Youtube™) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-02-26]CHR Extension: (Google Search) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-11]CHR Extension: (Kingdoms Of Camelot) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkadejngfdiifodimfhejphllfecigmm [2014-04-11]CHR Extension: (Easy Clock) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplbpgapoedppajbikieafefmcceaagn [2014-05-20]CHR Extension: (Autocomplete = on) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh [2014-04-11]CHR Extension: (Google Calendar) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-04-11]CHR Extension: (Pandora) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-05-13]CHR Extension: (Dashlane) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2015-02-12]CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2015-02-26]CHR Extension: (AdBlock) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-15]CHR Extension: (QuickTime for Chrome) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\glkdifongmamddfegpjkmghbmoikkjai [2015-02-01]CHR Extension: (Google Calendar (by Google)) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-05-13]CHR Extension: (VoiceNote II - Speech to text) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2014-05-13]CHR Extension: (CloudConvert) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2014-05-13]CHR Extension: (Read the Bible) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbiofnodpilbapfbjilbkgbaokknihg [2014-05-13]CHR Extension: (Dropbox) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-02-26]CHR Extension: (Clearly) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2014-05-18]CHR Extension: (Google Tasks Offline (Unofficial)) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekhpicinnaamcmadbipjejafgkjdokh [2014-05-13]CHR Extension: (iBreviary) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldklipcfhnmkcanfbhkabmbpdhoahcfg [2014-04-11]CHR Extension: (the Mobile Catholic) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcefjbgoeionpamjaemafhnogabjof [2014-05-13]CHR Extension: (iCloud Dashboard) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgojgddhfhekopdpkocobommepgdeffb [2015-02-12]CHR Extension: (Google Play Books) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-05-13]CHR Extension: (OneDrive) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-02-26]CHR Extension: (Google Wallet) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-11]CHR Extension: (WordToPdf - A Word to Pdf Converter) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\oegaegenphlmcphgannobdndkoimkocj [2014-05-13]CHR Extension: (Offline Solitaire) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojldfpglenpceffckkjhajofdbpkfgmn [2014-05-13]CHR Extension: (Picasa) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-05-13]CHR Extension: (Recovery Password) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpdleddmnabebaibkllglcmldpbobpm [2014-05-13]CHR Extension: (Outlook.com) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-04-12]CHR Extension: (Evernote Web Clipper) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-05-13]CHR Extension: (Gmail) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-11]CHR HKU\S-1-5-21-3951261367-891674079-5071855-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-12-09] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-14] (Microsoft Corporation)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1538672 2014-12-09] (Bitdefender)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-12-09] (BitDefender)R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [263032 2014-12-09] (BitDefender)R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-03-07] ()R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-11] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-12-09] (BitDefender S.R.L.)S1 UdfReadr; C:\Windows\SysWow64\Drivers\UdfReadr.sys [206368 2000-06-15] (Adaptec)R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [233160 2013-01-02] (VIA Technologies, Inc.)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)U4 iSafeNetFilter; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-11 01:44 - 2015-03-11 01:44 - 00002997 _____ () C:\Users\Pat\Desktop\HiJackThis.lnk2015-03-11 01:44 - 2015-03-11 01:44 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis2015-03-11 01:44 - 2015-03-11 01:44 - 00000000 ____D () C:\Program Files (x86)\Trend Micro2015-03-10 05:20 - 2015-03-10 05:20 - 00182019 _____ () C:\Users\Pat\Desktop\bdsyslog.zip2015-03-07 21:51 - 2015-03-07 21:51 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2015-03-07 06:09 - 2015-03-07 06:09 - 00000000 ____D () C:\Windows\Fish Screensave2015-03-05 05:30 - 2015-03-05 05:30 - 00000000 ____D () C:\Program Files (x86)\Anvisoft2015-03-04 03:43 - 2015-03-04 03:53 - 00000000 ____D () C:\AdwCleaner2015-03-03 18:47 - 2015-03-03 18:47 - 00003108 _____ () C:\Windows\System32\Tasks\{0785AB04-54A7-4A38-968D-0AAB97F58706}2015-03-03 07:40 - 2015-03-04 03:52 - 00000000 ____D () C:\Windows\system32\log2015-03-02 23:46 - 2015-03-03 07:51 - 00000000 ___HD () C:\$WINDOWS.~BT2015-03-02 23:04 - 2015-03-02 23:47 - 00001908 _____ () C:\Windows\diagwrn.xml2015-03-02 23:04 - 2015-03-02 23:47 - 00001908 _____ () C:\Windows\diagerr.xml2015-03-02 22:51 - 2015-03-02 22:53 - 2894594048 _____ () C:\Users\Pat\Desktop\Windows.iso2015-03-02 22:51 - 2015-03-02 22:51 - 00001425 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Install Windows.lnk2015-03-02 22:04 - 2015-03-02 22:04 - 00000000 __RHD () C:\ESD2015-03-02 22:02 - 2015-03-02 22:03 - 05487040 _____ (Microsoft Corporation) C:\Users\Pat\Downloads\Windows8-Setup.exe2015-03-02 21:55 - 2015-03-04 03:57 - 00000000 ____D () C:\Users\Pat\AppData\Local\LogMeIn Rescue Applet2015-03-02 20:42 - 2015-03-02 21:24 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\ImgBurn2015-03-02 20:39 - 2015-03-02 20:39 - 02747392 _____ (LIGHTNING UK!) C:\Users\Pat\Desktop\ImgBurn.exe2015-03-02 20:28 - 2015-03-02 20:35 - 377118720 _____ () C:\Users\Pat\Desktop\EasyRE Professional for Windows 8.iso2015-03-02 20:08 - 2015-03-02 20:08 - 00003192 _____ () C:\Windows\System32\Tasks\{68DE6CEC-BF3A-4188-AA4E-17A44EADF5A3}2015-02-26 03:51 - 2015-02-26 03:51 - 00000000 ____D () C:\ProgramData\bdch2015-02-25 06:49 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls2015-02-25 06:49 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\system32\locale.nls2015-02-20 13:48 - 2015-02-20 13:51 - 80271640 _____ () C:\Users\Pat\Desktop\DB-Norris_ Chuck - Abraham_ Ken Against all odds_ my story DB60819.zip2015-02-20 13:43 - 2015-02-20 14:08 - 1288145457 _____ () C:\Users\Pat\Desktop\DB-Jones_ Alexander The Jerusalem Bible DB57847.zip2015-02-20 10:15 - 2015-03-07 21:49 - 00000520 _____ () C:\Windows\system32\.crusader2015-02-20 10:00 - 2015-02-20 10:15 - 00000000 ____D () C:\ProgramData\HitmanPro2015-02-19 17:04 - 2015-02-19 17:04 - 00001765 _____ () C:\Users\Public\Desktop\iTunes.lnk2015-02-19 17:04 - 2015-02-19 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-02-19 17:03 - 2015-02-19 17:04 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A72015-02-19 17:03 - 2015-02-19 17:04 - 00000000 ____D () C:\Program Files\iTunes2015-02-19 17:03 - 2015-02-19 17:03 - 00000000 ____D () C:\Program Files\iPod2015-02-19 17:03 - 2015-02-19 17:03 - 00000000 ____D () C:\Program Files (x86)\iTunes2015-02-15 14:27 - 2015-03-02 20:03 - 00000000 ____D () C:\Program Files (x86)\Top Password2015-02-15 14:27 - 2015-02-15 14:27 - 00001043 _____ () C:\Users\Pat\Desktop\ISO2Disc.lnk2015-02-15 14:27 - 2015-02-15 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO2Disc2015-02-15 14:21 - 2015-02-15 14:21 - 00001029 _____ () C:\Users\Public\Desktop\ISO to USB.lnk2015-02-15 14:21 - 2015-02-15 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB2015-02-15 14:21 - 2015-02-15 14:21 - 00000000 ____D () C:\Program Files (x86)\ISO to USB2015-02-13 15:08 - 2015-02-13 15:08 - 00000927 _____ () C:\Users\Pat\Documents - Shortcut.lnk2015-02-13 15:01 - 2015-01-23 00:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-02-13 15:01 - 2015-01-22 23:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-02-13 14:44 - 2015-02-13 14:44 - 00003432 ____N () C:\bootsqm.dat2015-02-13 14:44 - 2015-02-13 14:44 - 00000000 __SHD () C:\found.0002015-02-13 13:41 - 2015-02-13 13:41 - 00000000 _____ () C:\Windows\system32\atiicdxx.dat2015-02-13 13:41 - 2015-02-13 13:41 - 00000000 _____ () C:\Windows\ativpsrm.bin2015-02-11 15:59 - 2015-02-11 15:59 - 00002145 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk2015-02-11 15:59 - 2015-02-05 13:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe2015-02-11 15:56 - 2015-02-05 17:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2015-02-11 15:56 - 2015-02-05 17:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2015-02-11 15:56 - 2015-02-05 17:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2015-02-11 15:56 - 2015-02-05 17:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2015-02-11 15:56 - 2015-02-05 17:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2015-02-11 15:56 - 2015-02-05 17:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2015-02-11 15:56 - 2015-02-05 17:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2015-02-11 15:56 - 2015-02-05 17:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2015-02-11 15:56 - 2015-02-05 17:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2015-02-11 15:56 - 2015-02-05 17:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2015-02-11 15:56 - 2015-02-05 17:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2015-02-11 15:56 - 2015-02-05 17:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2015-02-11 15:56 - 2015-02-05 17:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2015-02-11 15:56 - 2015-02-05 17:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll2015-02-11 15:56 - 2015-02-05 17:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00833680 _____ () C:\Windows\system32\nvmcumd.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2015-02-11 15:56 - 2015-02-05 17:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2015-02-11 00:40 - 2015-01-15 18:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys2015-02-11 00:40 - 2015-01-15 18:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-02-11 00:40 - 2015-01-14 00:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll2015-02-11 00:40 - 2015-01-13 23:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2015-02-11 00:40 - 2015-01-11 23:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-02-11 00:40 - 2015-01-11 22:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-02-11 00:40 - 2015-01-10 03:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-02-11 00:40 - 2015-01-10 02:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-02-11 00:40 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll2015-02-11 00:40 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll2015-02-11 00:39 - 2015-01-11 22:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-02-11 00:39 - 2015-01-11 22:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-02-11 00:39 - 2015-01-11 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-02-11 00:39 - 2015-01-11 22:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-02-11 00:39 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-02-11 00:39 - 2015-01-11 22:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-02-11 00:39 - 2015-01-11 22:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-02-11 00:39 - 2015-01-11 22:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-02-11 00:39 - 2015-01-11 22:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-02-11 00:39 - 2015-01-11 21:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2015-02-11 00:39 - 2015-01-11 21:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-02-11 00:39 - 2015-01-11 21:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-02-11 00:39 - 2015-01-11 21:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-02-11 00:39 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-02-11 00:39 - 2015-01-11 21:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-02-11 00:39 - 2015-01-11 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-02-11 00:39 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-02-11 00:39 - 2015-01-11 21:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-02-11 00:39 - 2015-01-11 21:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2015-02-11 00:39 - 2015-01-11 21:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2015-02-11 00:39 - 2015-01-11 21:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll2015-02-11 00:39 - 2015-01-11 21:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-02-11 00:39 - 2015-01-11 21:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-02-11 00:39 - 2015-01-11 21:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-02-11 00:39 - 2015-01-11 21:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-02-11 00:39 - 2015-01-11 21:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-02-11 00:39 - 2015-01-11 21:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-02-11 00:39 - 2015-01-11 21:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-02-11 00:39 - 2015-01-11 21:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-02-11 00:39 - 2015-01-11 21:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-02-11 00:39 - 2015-01-11 20:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-02-11 00:39 - 2015-01-11 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-02-11 00:38 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll2015-02-11 00:38 - 2015-01-13 18:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2015-02-11 00:38 - 2015-01-13 18:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2015-02-11 00:38 - 2015-01-10 05:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-02-11 00:38 - 2015-01-10 05:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-02-11 00:38 - 2015-01-10 04:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-02-11 00:38 - 2015-01-10 04:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-02-11 00:38 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2015-02-11 00:38 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2015-02-11 00:38 - 2014-12-08 19:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-11 01:52 - 2014-11-25 18:21 - 00000000 ____D () C:\FRST2015-03-11 01:52 - 2014-04-14 21:41 - 00000000 ____D () C:\Users\Pat\Downloads\Installers2015-03-11 01:50 - 2014-04-11 15:16 - 00003590 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3951261367-891674079-5071855-10012015-03-11 01:47 - 2014-08-28 05:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-03-11 01:45 - 2014-04-11 15:10 - 00000000 ____D () C:\Users\Pat\AppData\Local\VirtualStore2015-03-11 01:43 - 2014-02-26 21:41 - 01281699 _____ () C:\Windows\WindowsUpdate.log2015-03-11 01:36 - 2014-04-11 20:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-03-11 01:31 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp2015-03-11 01:23 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM2015-03-11 01:22 - 2014-04-11 16:18 - 00000000 ____D () C:\Users\Pat\AppData\Local\Deployment2015-03-11 01:22 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru2015-03-10 23:05 - 2014-04-11 16:18 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-03-10 22:05 - 2014-04-11 16:18 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-03-10 21:12 - 2014-04-11 15:47 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A637678E-0838-402C-B91D-96D3F723569D}2015-03-10 20:42 - 2014-04-11 17:03 - 00004992 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for BOOKJUNKYSDREAM-Pat BookjunkysDream2015-03-10 20:27 - 2014-02-26 21:46 - 00956540 _____ () C:\Windows\system32\PerfStringBackup.INI2015-03-10 20:22 - 2014-09-23 23:16 - 00000000 ___RD () C:\Users\Pat\iCloudDrive2015-03-10 20:22 - 2014-05-08 09:43 - 00000000 ___RD () C:\Users\Pat\Dropbox2015-03-10 20:22 - 2014-05-08 09:41 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dropbox2015-03-10 20:22 - 2014-04-20 23:07 - 00000000 ___RD () C:\Users\Pat\Google Drive2015-03-10 20:21 - 2014-04-11 15:11 - 00000000 ___DO () C:\Users\Pat\SkyDrive2015-03-10 20:20 - 2014-04-11 22:53 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat2015-03-10 20:20 - 2014-02-26 21:47 - 00000000 ____D () C:\ProgramData\NVIDIA2015-03-10 20:20 - 2013-08-22 10:46 - 00006685 _____ () C:\Windows\setupact.log2015-03-10 20:20 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-03-10 11:28 - 2014-05-08 17:52 - 00000000 ____D () C:\Users\Pat\Desktop\Ebook library2015-03-10 11:04 - 2014-06-24 14:33 - 00003576 _____ () C:\Windows\System32\Tasks\Bitdefender Autoscan2015-03-10 10:38 - 2014-06-28 19:06 - 00000000 ____D () C:\Users\Pat\AppData\Local\CrashDumps2015-03-10 10:33 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI2015-03-10 03:59 - 2014-02-26 21:37 - 01025958 _____ () C:\Windows\PFRO.log2015-03-10 03:58 - 2014-04-11 22:13 - 00000000 ____D () C:\Users\Pat\AppData\Local\Battle.net2015-03-09 16:24 - 2014-04-11 17:03 - 00000000 ___RD () C:\Users\Pat\OneDrive2015-03-09 10:14 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness2015-03-08 04:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\LiveKernelReports2015-03-05 05:36 - 2014-12-08 14:05 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys2015-03-04 03:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\TAPI2015-03-03 04:38 - 2014-07-08 07:44 - 00000000 ____D () C:\Users\Pat\Desktop\Unused Desktop Icons2015-03-03 00:31 - 2014-04-14 21:38 - 00000000 ____D () C:\Users\Pat\Downloads\Books2015-03-02 23:46 - 2013-08-22 10:46 - 00000000 _____ () C:\Windows\setuperr.log2015-03-02 23:43 - 2014-09-30 08:46 - 00000000 ____D () C:\Users\Pat\Downloads\Documents\Personal2015-03-02 21:53 - 2014-12-08 13:49 - 00000000 __SHD () C:\Users\Pat\AppData\Local\EmieBrowserModeList2015-02-28 07:02 - 2014-04-11 22:15 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft2015-02-26 19:58 - 2014-04-11 22:13 - 00000000 ____D () C:\Program Files (x86)\Battle.net2015-02-26 07:59 - 2014-04-18 07:48 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\TS3Client2015-02-26 07:53 - 2014-04-14 10:22 - 00071168 ___SH () C:\Users\Pat\Downloads\Thumbs.db2015-02-25 15:22 - 2014-04-11 16:50 - 00000000 ____D () C:\Program Files\Microsoft Office 152015-02-25 14:16 - 2014-05-14 07:59 - 00000000 ____D () C:\Users\Pat\AppData\Temp2015-02-24 18:05 - 2014-04-11 22:18 - 00001244 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk2015-02-20 16:06 - 2014-12-02 19:55 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-02-19 17:21 - 2014-06-04 12:56 - 00001958 _____ () C:\Users\Pat\Desktop\Dashlane.lnk2015-02-19 17:21 - 2014-06-04 12:54 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dashlane2015-02-19 17:09 - 2014-04-11 15:10 - 00000000 ____D () C:\Users\Pat2015-02-19 17:03 - 2014-04-11 17:31 - 00000000 ____D () C:\Program Files\Common Files\Apple2015-02-19 06:41 - 2015-01-12 11:12 - 00000000 ____D () C:\Users\Pat\AppData\Local\Adobe2015-02-16 06:03 - 2014-11-30 01:09 - 00130048 ___SH () C:\Users\Pat\Desktop\Thumbs.db2015-02-14 17:25 - 2014-07-02 17:57 - 00000000 ____D () C:\Users\Pat\AppData\Local\Nero2015-02-14 17:22 - 2014-05-23 08:44 - 00000000 ____D () C:\Users\Pat\AppData\Local\Bandizip2015-02-14 11:09 - 2014-05-22 18:01 - 00000000 ____D () C:\Users\Pat\Downloads\Documents\CFP2015-02-14 03:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache2015-02-14 00:03 - 2014-05-08 09:43 - 00001068 _____ () C:\Users\Pat\Desktop\Dropbox.lnk2015-02-14 00:03 - 2014-05-08 09:42 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-02-13 13:43 - 2013-08-22 10:44 - 00380944 _____ () C:\Windows\system32\FNTCACHE.DAT2015-02-12 09:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared2015-02-11 15:59 - 2014-02-26 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation2015-02-11 01:33 - 2014-02-26 22:01 - 00000000 ____D () C:\Windows\system32\MRT2015-02-11 01:26 - 2014-02-26 22:01 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-05-14 07:54 - 2014-05-14 07:54 - 0582957 _____ () C:\ProgramData\1400067679.bdinstall.bin2014-06-02 21:31 - 2014-06-02 21:31 - 0856200 _____ () C:\ProgramData\1401757402.bdinstall.bin2014-06-24 07:11 - 2014-06-24 07:11 - 0244214 _____ () C:\ProgramData\1403608110.bdinstall.bin2014-06-24 14:35 - 2014-06-24 14:35 - 0572174 _____ () C:\ProgramData\1403634396.bdinstall.bin Some content of TEMP:====================C:\Users\Pat\AppData\Local\Temp\BANDIZIP-SETUP.EXEC:\Users\Pat\AppData\Local\Temp\dllnt_dump.dllC:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyn5tuz.dllC:\Users\Pat\AppData\Local\Temp\msvcp120.dllC:\Users\Pat\AppData\Local\Temp\msvcr120.dllC:\Users\Pat\AppData\Local\Temp\nvSCPAPI.dllC:\Users\Pat\AppData\Local\Temp\nvSCPAPI64.dllC:\Users\Pat\AppData\Local\Temp\nvStInst.exeC:\Users\Pat\AppData\Local\Temp\pc-decrapifier.exeC:\Users\Pat\AppData\Local\Temp\Quarantine.exeC:\Users\Pat\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dllC:\Users\Pat\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-13 23:59 ==================== End Of Log ============================
  21. No matter what I do I cannot get rid of your add exchange. There is nothing in my add/remove program remotely related to it - I haven't even added any new programs lately. I run Bitdefender and Mbam on a daily basis and they are not doing much about it. I have run every single thing I could think of to try to get rid of it, JRT, Roguekiller, adw.... and am still plagued. If I don't close chrome at night when I come in the next morning there are 12 - 14 tabs this garbage ware has opened that had been blocked by either add blocker plus or mbam. I chose Bitdefender as my antiviral last year because of the ratings it had for windows 8 but I am not seeing the advantage. So I am also looking for recomendations for a different antiviral when my subscription expires in a few months. You guys have been a big help in the past when weird things invaded my computer.
  22. C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkjakklhjnieapmclhdnniblcogmeim\1.0\g9sp.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\maifjgjolpeiojnbahdilhakdplfhhei\5.14\xfgF.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\bkkjakklhjnieapmclhdnniblcogmeim\1.0\g9sp.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\173\p6RHGa_kiw.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fdldghnmkdfeeeniiapdeanjahaophih\2.1\PZ3ChG.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ijgbafnahfkilmcgabaadpcebmdhjace\2.1\YmN.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\maifjgjolpeiojnbahdilhakdplfhhei\5.14\xfgF.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkjakklhjnieapmclhdnniblcogmeim\1.0\g9sp.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\maifjgjolpeiojnbahdilhakdplfhhei\5.14\xfgF.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\bkkjakklhjnieapmclhdnniblcogmeim\1.0\g9sp.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\173\p6RHGa_kiw.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\fdldghnmkdfeeeniiapdeanjahaophih\2.1\PZ3ChG.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ijgbafnahfkilmcgabaadpcebmdhjace\2.1\YmN.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\maifjgjolpeiojnbahdilhakdplfhhei\5.14\xfgF.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkjakklhjnieapmclhdnniblcogmeim\1.0\g9sp.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\maifjgjolpeiojnbahdilhakdplfhhei\5.14\xfgF.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\bkkjakklhjnieapmclhdnniblcogmeim\1.0\g9sp.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\173\p6RHGa_kiw.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\fdldghnmkdfeeeniiapdeanjahaophih\2.1\PZ3ChG.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ijgbafnahfkilmcgabaadpcebmdhjace\2.1\YmN.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\maifjgjolpeiojnbahdilhakdplfhhei\5.14\xfgF.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkjakklhjnieapmclhdnniblcogmeim\1.0\g9sp.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\torch\User Data\Default\Extensions\bkkjakklhjnieapmclhdnniblcogmeim\1.0\g9sp.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\torch\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\173\p6RHGa_kiw.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\torch\User Data\Default\Extensions\fdldghnmkdfeeeniiapdeanjahaophih\2.1\PZ3ChG.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\torch\User Data\Default\Extensions\ijgbafnahfkilmcgabaadpcebmdhjace\2.1\YmN.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\torch\User Data\Default\Extensions\maifjgjolpeiojnbahdilhakdplfhhei\5.14\xfgF.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\uzkg-oau@nysbzkgov.com\content\bg.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\wvfhdlq@iyar-iyue.org\content\bg.js.vir JS/Kryptik.ATB trojan C:\FRST\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\uueooa@yyye-.org\content\bg.js JS/Kryptik.ATB trojan C:\FRST\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\xrlzlfafk@aaiivi.com\content\bg.js JS/Kryptik.ATB trojan C:\Users\Pat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkkjakklhjnieapmclhdnniblcogmeim\1.0\g9sp.js JS/Kryptik.ATB trojan C:\Users\Pat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\173\p6RHGa_kiw.js JS/Kryptik.ATB trojan C:\Users\Pat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fdldghnmkdfeeeniiapdeanjahaophih\2.1\PZ3ChG.js JS/Kryptik.ATB trojan C:\Users\Pat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbafnahfkilmcgabaadpcebmdhjace\2.1\YmN.js JS/Kryptik.ATB trojan C:\Users\Pat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\maifjgjolpeiojnbahdilhakdplfhhei\5.14\xfgF.js JS/Kryptik.ATB trojan C:\Users\Pat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkkjakklhjnieapmclhdnniblcogmeim\1.0\g9sp.js JS/Kryptik.ATB trojan C:\Users\Pat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\173\p6RHGa_kiw.js JS/Kryptik.ATB trojan C:\Users\Pat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fdldghnmkdfeeeniiapdeanjahaophih\2.1\PZ3ChG.js JS/Kryptik.ATB trojan C:\Users\Pat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbafnahfkilmcgabaadpcebmdhjace\2.1\YmN.js JS/Kryptik.ATB trojan C:\Users\Pat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\maifjgjolpeiojnbahdilhakdplfhhei\5.14\xfgF.js JS/Kryptik.ATB trojan
  23. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 02 Ran by Pat at 2014-12-08 12:42:21 Run:1 Running from C:\Users\Pat\Downloads\Installers Loaded Profile: Pat (Available profiles: Pat) Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\MountPoints2: {17ca2051-c488-11e3-828b-74d4359309c7} - "E:\LaunchU3.exe" -a CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-3951261367-891674079-5071855-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Extension: Internet Download Manager Squared - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\idmsq@idmsq.com [2014-05-08] FF Extension: SNT - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\uueooa@yyye-.org [2014-04-15] FF Extension: SNT - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\xrlzlfafk@aaiivi.com [2014-04-15] FF Extension: No Name - ffpwdman@bitdefender.com [Not Found] FF Extension: No Name - {442718d9-475e-452a-b3e1-fb1ee16b8e9f} [Not Found] S3 gdrv; \??\C:\Windows\gdrv.sys [X] 2014-11-23 03:42 - 2014-11-23 03:42 - 00000000 __SHD () C:\Users\Pat\AppData\Local\EmieBrowserModeList 2014-11-22 19:45 - 2014-11-22 19:45 - 00000000 _____ () C:\autoexec.bat 2014-11-22 19:43 - 2014-11-22 19:43 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Pat\Downloads\SpyHunter-Installer.exe C:\Users\Pat\AppData\Local\Temp\BANDIZIP-SETUP.EXE C:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2erzf3.dll C:\Users\Pat\AppData\Local\Temp\jre-8u20-windows-au.exe C:\Users\Pat\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Pat\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Pat\AppData\Local\Temp\nvSCPAPISvr.exe C:\Users\Pat\AppData\Local\Temp\nvStInst.exe C:\Users\Pat\AppData\Local\Temp\Quarantine.exe C:\Users\Pat\AppData\Local\Temp\setup.exe C:\Users\Pat\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll C:\Users\Pat\AppData\Local\Temp\sqlite3.dll AlternateDataStreams: C:\Users\Pat\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Pat\Desktop\AdwCleaner (1).exe:BDU AlternateDataStreams: C:\Users\Pat\Desktop\AdwCleaner.exe:BDU AlternateDataStreams: C:\Users\Pat\Desktop\BDSysLog_i.exe:BDU AlternateDataStreams: C:\Users\Pat\Desktop\FRST64.exe:BDU AlternateDataStreams: C:\Users\Pat\Downloads\8D33.tmp:BDU AlternateDataStreams: C:\Users\Pat\Downloads\ChromeSetup.exe:BDU AlternateDataStreams: C:\Users\Pat\Downloads\mbam_premium.exe:BDU AlternateDataStreams: C:\Users\Pat\Downloads\SpyHunter-Installer.exe:BDU AlternateDataStreams: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550 AlternateDataStreams: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656 AlternateDataStreams: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981 AlternateDataStreams: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587 CMD: ipconfig /flushdns CMD: netsh winsock reset all EmptyTemp: end ***************** "HKU\S-1-5-21-3951261367-891674079-5071855-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17ca2051-c488-11e3-828b-74d4359309c7}" => Key deleted successfully. "HKCR\CLSID\{17ca2051-c488-11e3-828b-74d4359309c7}" => Key not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKU\S-1-5-21-3951261367-891674079-5071855-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\idmsq@idmsq.com => Moved successfully. C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\uueooa@yyye-.org => Moved successfully. C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\xrlzlfafk@aaiivi.com => Moved successfully. FF Extension: No Name - ffpwdman@bitdefender.com [Not Found] not found. FF Extension: No Name - {442718d9-475e-452a-b3e1-fb1ee16b8e9f} [Not Found] not found. gdrv => Service deleted successfully. C:\Users\Pat\AppData\Local\EmieBrowserModeList => Moved successfully. C:\autoexec.bat => Moved successfully. C:\Users\Pat\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\Users\Pat\AppData\Local\Temp\BANDIZIP-SETUP.EXE => Moved successfully. "C:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2erzf3.dll" => File/Directory not found. C:\Users\Pat\AppData\Local\Temp\jre-8u20-windows-au.exe => Moved successfully. C:\Users\Pat\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully. C:\Users\Pat\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully. C:\Users\Pat\AppData\Local\Temp\nvSCPAPISvr.exe => Moved successfully. C:\Users\Pat\AppData\Local\Temp\nvStInst.exe => Moved successfully. C:\Users\Pat\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Pat\AppData\Local\Temp\setup.exe => Moved successfully. C:\Users\Pat\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully. C:\Users\Pat\AppData\Local\Temp\sqlite3.dll => Moved successfully. C:\Users\Pat\SkyDrive => ":ms-properties" ADS removed successfully. "C:\Users\Pat\Desktop\AdwCleaner (1).exe" => ":BDU" ADS not found. C:\Users\Pat\Desktop\AdwCleaner.exe => ":BDU" ADS removed successfully. C:\Users\Pat\Desktop\BDSysLog_i.exe => ":BDU" ADS removed successfully. "C:\Users\Pat\Desktop\FRST64.exe" => ":BDU" ADS not found. C:\Users\Pat\Downloads\8D33.tmp => ":BDU" ADS removed successfully. C:\Users\Pat\Downloads\ChromeSetup.exe => ":BDU" ADS removed successfully. C:\Users\Pat\Downloads\mbam_premium.exe => ":BDU" ADS removed successfully. "C:\Users\Pat\Downloads\SpyHunter-Installer.exe" => ":BDU" ADS not found. C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website => ":TASKICON_0news-1751121550" ADS removed successfully. C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website => ":TASKICON_1messages-431041656" ADS removed successfully. C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website => ":TASKICON_2events-250898981" ADS removed successfully. C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website => ":TASKICON_3friends-215113587" ADS removed successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= EmptyTemp: => Removed 8.1 GB temporary data. The system needed a reboot. ==== End of Fixlog ====
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.