Clonkex

Whoops, didn't actually attach the RKill log. Here it is. Rkill.txt

The RKill log is attached in case you need it, though it only killed two programs I normally use. Malwarebytes can't get rid of the malware. It always detects two files that are a symptom of the malware, but removing them does nothing and they are recreated as soon as Chrome is re-opened. Here's the log, however, as requested (with the two symptom files detected): Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/09/2015 Scan Time: 9:15:43 PM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.09.08.02 Rootkit Database: v2015.08.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: David Scan Type: Threat Scan Result: Completed Objects Scanned: 411728 Time Elapsed: 7 min, 24 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 PUP.Optional.UTop, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage, , [58a8d7293fc1a858a24a6b4df50f48b8], PUP.Optional.UTop, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage-journal, , [936ddc2411ef05fb9854f5c3e024cd33], Physical Sectors: 0 (No malicious items detected) (end)

New FRST log (below) and Addition.txt (attached). Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-09-2015 01Ran by David (administrator) on HAROLD (07-09-2015 17:18:26)Running from C:\Users\David\DesktopLoaded Profiles: David (Available Profiles: David)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe(RaMMicHaeL) C:\Users\David\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe() C:\Program Files (x86)\ClipX\clipx.exe(Codeusa Software) C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe(Pipemetrics SA) C:\Program Files\Bvckup 2\bvckup2.exe(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe(Jeroen Pelgrims) C:\Users\David\AppData\Local\Apps\2.0\4G2TEA0W.YEX\HJK8QHO4.E2X\soun..tion_0000000000000000_0002.0004_f839aedc2aa2d7a7\SoundSwitch.exe(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [samsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805888 2014-08-19] (Acronis)HKLM-x32\...\Run: [Corsair Headset Software] => C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe [3167544 2014-02-12] (Corsair Components, Inc.)HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)HKLM-x32\...\Run: [ClipX] => C:\Program Files (x86)\ClipX\clipx.exe [68608 2005-12-01] ()HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\David\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [382976 2015-04-08] (RaMMicHaeL)HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6886752 2015-01-07] (Binary Fortress Software)HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-31] (Spotify Ltd)ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] ()ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] ()ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] ()ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl)ShellIconOverlayIdentifiers: [iconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl)ShellIconOverlayIdentifiers: [iconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl)ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl)ShellIconOverlayIdentifiers-x32: [iconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl)ShellIconOverlayIdentifiers-x32: [iconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl)Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Borderless Gaming.lnk [2015-08-01]ShortcutTarget: Borderless Gaming.lnk -> C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe (Codeusa Software)Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bvckup2.lnk [2015-07-12]ShortcutTarget: Bvckup2.lnk -> C:\Program Files\Bvckup 2\bvckup2.exe (Pipemetrics SA)Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk [2015-03-09]ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundSwitch.appref-ms [2015-03-09] ()Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2015-03-09]ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2013-05-11] (National Instruments Corporation)Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.43.1Tcpip\..\Interfaces\{7B1CEF77-DDB6-42E8-B017-8F1562B1DF55}: [DhcpNameServer] 192.168.42.129Tcpip\..\Interfaces\{B597B79E-1A3E-4CB1-8674-E3D4E441BBA8}: [NameServer] 8.8.8.8,8.8.4.4Tcpip\..\Interfaces\{BBFF37E3-B1E9-4A3F-800F-8FDAE3F72FEE}: [DhcpNameServer] 192.168.43.1Tcpip\..\Interfaces\{D01A297D-18D1-4416-80F5-7F3DAF817825}: [DhcpNameServer] 192.168.43.1 Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-715575704-4020683070-549173419-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-715575704-4020683070-549173419-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-16] (Oracle Corporation)BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-11-11] (LastPass)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-16] (Oracle Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-16] (Oracle Corporation)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-11-11] (LastPass)BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-09-13] (FreeDownloadManager.ORG)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-16] (Oracle Corporation)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-11-11] (LastPass)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-11-11] (LastPass) FireFox:========FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.defaultFF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB)FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-16] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-16] (Oracle Corporation)FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-11] (LastPass)FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-06-09] (Adobe Systems)FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB)FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-16] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-16] (Oracle Corporation)FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-11] (LastPass)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-09] (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-09] (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-06-09] (Adobe Systems)FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)FF Plugin HKU\S-1-5-21-715575704-4020683070-549173419-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-22] (Unity Technologies ApS)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll [2013-05-29] (National Instruments)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll [2013-06-20] (National Instruments)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)FF Extension: LastPass - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\support@lastpass.com [2014-11-11]FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-07-03]FF Extension: Omnibar - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\omnibar@ajitk.com.xpi [2015-07-03]FF Extension: FXChrome - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2015-07-03]FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-03] Chrome: =======CHR HomePage: Default -> hxxp://google.com/CHR StartupUrls: Default -> "hxxp://google.com/"CHR DefaultSearchKeyword: Default -> lpCHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-07]CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07]CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-07]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-07]CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-07]CHR Extension: (Adblock Plus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-07]CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-07]CHR Extension: (Backtick) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiejhinmmfgincamkeeobmpffhdljim [2015-03-07]CHR Extension: (Session Buddy) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-03-07]CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-07]CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]CHR Extension: (LastPass: Free Password Manager) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-07]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07]CHR Extension: (Better YouTube Watch History) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleajdkalfbohpinoaekajagdefaeckd [2015-03-09]CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]CHR Extension: (Google Tone) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnckehldicaciogcbchegobnafnjkcne [2015-05-28]CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-07]CHR Extension: (RSS Feed Reader) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2015-03-07]CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated)S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1060352 2015-06-19] ()S4 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software)S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-07-14] (EasyAntiCheat Ltd)S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.)S4 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2014-04-04] (Reprise Software Inc.) [File not signed]R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)S4 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)S4 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation)S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation)S4 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)S4 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)S4 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation)S4 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-02] (Electronic Arts)S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-06-02] ()R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-06-03] ()S4 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.)S4 SVLAdminServiceX64; C:\Program Files (x86)\Software Verification\SVL Service x64\svlService_x64.exe [21792 2014-06-03] ()S4 SVLAdminServiceX86; C:\Program Files (x86)\Software Verification\SVL Service x86\svlService.exe [24928 2014-05-23] ()S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-27] (Wacom Technology, Corp.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Migrate OS to SSD\program\BioNTDrv.SYS [19024 2011-03-01] (Paragon Software GmbH)R3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [109912 2014-02-03] (Corsair Components, Inc.)R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech Inc.)S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2012-07-26] (http://libusb-win32.sourceforge.net) S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2014-07-08] (http://libusb-win32.sourceforge.net) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [12288 2009-08-23] () [File not signed]S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-06-10] ()R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation )R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.)R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.)R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-10] (Acronis International GmbH)R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2015-02-10] (Acronis International GmbH)R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-01] ()R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider)S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-09-09] (Oracle Corporation)R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-02-10] (Acronis International GmbH)R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 moufiltr; system32\DRIVERS\moufiltr.sys [X]S3 vhidmini; system32\DRIVERS\walvhid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-07 17:18 - 2015-09-07 17:18 - 00000000 ____D C:\Users\David\Desktop\FRST-OlderVersion2015-09-06 12:37 - 2015-09-06 12:37 - 00108022 _____ C:\Users\David\Desktop\Addition.txt2015-09-06 12:36 - 2015-09-07 17:18 - 00035776 _____ C:\Users\David\Desktop\FRST.txt2015-09-06 12:11 - 2015-09-07 17:18 - 02190336 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe2015-09-03 10:56 - 2015-09-03 10:57 - 12455424 _____ (Frontier Developments ) C:\Users\David\Desktop\EliteDangerous-Client-Installer.exe2015-08-31 17:22 - 2015-08-31 17:47 - 255525815 _____ (Fleet Operations Development Team ) C:\Users\David\Desktop\FOSetup327.exe2015-08-31 17:22 - 2015-08-31 17:28 - 54894709 _____ ( ) C:\Users\David\Desktop\FleetOpsMultimedia3.exe2015-08-31 17:16 - 2015-08-31 17:17 - 00895868 _____ C:\Users\David\Desktop\3danalyzer-v236.zip2015-08-30 11:51 - 2015-08-30 11:51 - 00154956 _____ C:\Users\David\Desktop\d l4d2.aup2015-08-30 11:51 - 2015-08-30 11:51 - 00000000 ____D C:\Users\David\Desktop\d l4d2_data2015-08-29 16:55 - 2015-08-29 16:55 - 00001679 _____ C:\Users\David\Desktop\left4gore.exe - Shortcut.lnk2015-08-29 16:55 - 2015-08-29 16:55 - 00001099 _____ C:\Users\David\Desktop\left4dead2.exe - Shortcut.lnk2015-08-29 15:21 - 2015-08-29 15:21 - 00000785 _____ C:\Users\David\Desktop\Star Citizen Launcher.lnk2015-08-29 15:21 - 2015-08-29 15:21 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher2015-08-29 15:21 - 2015-08-29 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher2015-08-23 18:14 - 2015-08-23 18:48 - 00000000 ____D C:\Users\David\Desktop\DSTwo2015-08-22 13:26 - 2015-08-31 21:22 - 00000000 ____D C:\Users\David\AppData\Local\Spotify2015-08-22 13:26 - 2015-08-22 13:26 - 00001793 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2015-08-22 13:22 - 2015-08-31 21:22 - 00000000 ____D C:\Users\David\AppData\Roaming\Spotify2015-08-22 11:47 - 2015-08-22 11:47 - 00077373 _____ C:\Users\David\Desktop\d_rocketleague_3.aup2015-08-22 11:47 - 2015-08-22 11:47 - 00000000 ____D C:\Users\David\Desktop\d_rocketleague_3_data2015-08-15 11:33 - 2015-08-15 11:33 - 00078360 _____ C:\Users\David\Desktop\d_minecraft_pp_1.aup2015-08-15 11:33 - 2015-08-15 11:33 - 00000000 ____D C:\Users\David\Desktop\d_minecraft_pp_1_data ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-07 17:18 - 2015-03-11 11:11 - 00000000 ____D C:\FRST2015-09-07 16:54 - 2014-02-28 11:35 - 01180865 _____ C:\Windows\WindowsUpdate.log2015-09-07 16:21 - 2015-03-07 14:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-09-07 16:21 - 2015-03-07 14:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-09-07 03:23 - 2015-07-12 21:28 - 00000000 ____D C:\Users\David\AppData\Local\Bvckup22015-09-06 20:30 - 2014-11-20 16:21 - 00000000 ____D C:\Program Files (x86)\Steam2015-09-06 13:00 - 2015-03-12 08:37 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit2015-09-06 12:06 - 2009-07-14 14:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-09-06 12:06 - 2009-07-14 14:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-09-06 12:05 - 2009-07-14 15:13 - 00801230 _____ C:\Windows\system32\PerfStringBackup.INI2015-09-06 12:02 - 2014-06-23 14:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-09-06 11:59 - 2015-03-13 13:04 - 00017430 _____ C:\Windows\setupact.log2015-09-06 11:59 - 2015-01-10 12:41 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner2015-09-06 11:59 - 2015-01-09 22:44 - 00000000 ____D C:\Program Files (x86)\SpeedFan2015-09-06 11:59 - 2014-10-04 10:02 - 00000000 ____D C:\ProgramData\VMware2015-09-06 11:59 - 2014-06-23 16:53 - 00000000 ____D C:\ProgramData\NVIDIA2015-09-06 11:59 - 2014-03-01 08:43 - 01192302 _____ C:\Windows\PFRO.log2015-09-06 11:59 - 2013-09-26 16:39 - 00000000 ____D C:\Users\David\AppData\Local\Deployment2015-09-06 11:59 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-09-06 00:37 - 2013-10-01 12:36 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner2015-09-05 12:43 - 2014-02-28 23:06 - 00000000 ____D C:\ProgramData\Unity2015-09-04 14:42 - 2009-07-14 15:32 - 00000000 ____D C:\Windows\Performance2015-09-04 09:18 - 2014-02-13 12:45 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2015-08-30 21:38 - 2014-11-22 12:00 - 00000000 ____D C:\Users\David\Desktop\Stiff to Sort2015-08-30 12:05 - 2014-08-07 16:56 - 00000000 ____D C:\Users\David\AppData\Roaming\Audacity2015-08-30 11:57 - 2014-03-03 11:07 - 00000000 ____D C:\Users\David\AppData\Roaming\HandBrake2015-08-30 11:53 - 2013-10-06 10:26 - 00000000 ____D C:\Users\David\AppData\Roaming\Mumble2015-08-29 16:16 - 2015-03-07 14:45 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-08-29 16:16 - 2015-03-07 14:45 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-08-26 09:26 - 2009-07-14 15:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT2015-08-24 14:41 - 2013-12-25 23:19 - 00000000 ____D C:\Users\David\AppData\Roaming\.minecraft2015-08-24 11:34 - 2015-05-24 16:31 - 00000080 _____ C:\Users\David\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦2015-08-24 07:15 - 2015-03-12 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit2015-08-24 07:15 - 2015-03-12 08:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit2015-08-23 15:07 - 2015-04-12 09:56 - 00000000 ____D C:\Program Files (x86)\Rockstar Games2015-08-23 15:07 - 2015-04-12 09:55 - 00000000 ____D C:\Program Files\Rockstar Games2015-08-22 14:06 - 2013-10-26 23:09 - 00000000 ____D C:\Users\David\AppData\Roaming\Unity2015-08-22 13:21 - 2013-10-05 10:17 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc2015-08-22 09:48 - 2015-06-28 11:35 - 00000328 _____ C:\Users\David\Desktop\costs.txt2015-08-16 16:42 - 2015-03-16 12:26 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps2015-08-09 13:42 - 2013-11-09 13:20 - 00007631 _____ C:\Users\David\AppData\Local\Resmon.ResmonCfg ==================== Files in the root of some directories ======= 2014-11-11 19:55 - 2014-11-11 19:55 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe2015-05-23 00:40 - 2015-05-23 00:43 - 0000132 _____ () C:\Users\David\AppData\Roaming\Adobe PNG Format CS6 Prefs2013-12-31 22:52 - 2013-12-31 23:02 - 0065617 _____ () C:\Users\David\AppData\Roaming\Camdata.ini2013-12-31 22:52 - 2013-12-31 23:02 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamLayout.ini2013-12-31 22:52 - 2013-12-31 23:02 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamShapes.ini2013-12-31 22:52 - 2013-12-31 23:02 - 0004548 _____ () C:\Users\David\AppData\Roaming\CamStudio.cfg2015-01-17 13:22 - 2015-01-18 12:18 - 0000699 _____ () C:\Users\David\AppData\Roaming\DriveCalculator Preferences2014-12-28 09:08 - 2014-12-28 21:57 - 0003982 _____ () C:\Users\David\AppData\Roaming\LTspiceIV.ini2014-02-07 08:30 - 2014-05-14 17:22 - 0000813 _____ () C:\Users\David\AppData\Roaming\MPQEditor.ini2013-12-31 22:51 - 2013-12-31 22:52 - 0000096 _____ () C:\Users\David\AppData\Roaming\version2.xml2014-04-05 14:22 - 2014-04-18 17:18 - 0003584 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-08-14 16:28 - 2014-08-14 16:28 - 1065984 _____ () C:\Users\David\AppData\Local\file__0.localstorage2013-10-24 10:05 - 2013-10-24 10:05 - 0000093 _____ () C:\Users\David\AppData\Local\fusioncache.dat2013-10-25 13:19 - 2013-10-25 13:19 - 0000000 ___SH () C:\Users\David\AppData\Local\LumaEmu2015-07-26 14:16 - 2015-07-26 14:16 - 0006667 _____ () C:\Users\David\AppData\Local\recently-used.xbel2013-11-09 13:20 - 2015-08-09 13:42 - 0007631 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg2015-02-22 19:52 - 2015-02-22 19:52 - 0000080 _____ () C:\Users\David\AppData\Local\X-Plane Installer.prf2015-02-22 19:27 - 2015-02-22 19:27 - 0000036 _____ () C:\Users\David\AppData\Local\x-plane_install_10.txt2014-08-31 11:26 - 2014-08-31 11:26 - 0000044 _____ () C:\ProgramData\.SimImages2015-04-09 12:49 - 2015-04-09 12:49 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some files in TEMP:====================C:\Users\David\AppData\Local\Temp\bzfclean.exeC:\Users\David\AppData\Local\Temp\installerdll783592140.dllC:\Users\David\AppData\Local\Temp\jre-8u60-windows-au.exeC:\Users\David\AppData\Local\Temp\sfamcc00001.dllC:\Users\David\AppData\Local\Temp\sfareca00001.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-01 00:31 ==================== End of FRST.txt ============================Addition.txt

Hi, A while back I was getting CloudScout pop-ups and ads in Chrome (no other browser). I did everything I could to remove them, even posting on BleepingComputer, but I just gave up in the end because they were intermittent and eventually disappeared entirely on their own. Now I have the same pop-ups and ads but this time they're marked "Ads by DNSUnlocker". My brother's computer gets the ads at exactly the same time as I do, every time. We're on the same network. Sometimes using Chrome's reset settings feature removes the ads for a few days, but sometimes it does nothing. I've run a fully updated Malwarebytes several times and it has found nothing. Your DNSUnlocker Removal Guide, as with every single other guide on the internet, is completely pointless and just annoying. I have never once seen any virus actually show up as an installed program. That just never happens, which is why I get annoyed at all of those copy-cat, nonsense guides that say to look for the virus in Programs and Features or Task Manager. Our internet setup is a bit unusual because of where we live. We have satellite internet, but it's too delayed (600ms to 2s of ping) for online gaming, so my brother and I have our own separate internet connection using a Samsung Galaxy S3 with a patch lead going to an external antenna. We enable the portable hotspot on the phone and connect that way. It's possible the phone is infected, but I don't know how to find out on Android. Maybe it could be the router - I guess I can test that by not bridging my network at all today (and therefore relying on the separate wifi network from the phone) and seeing if the ads appear. Whatever happens, I can't reinstall Windows. Not until I go to Windows 10, anyway. I have hundreds of programs installed and set up and it would take weeks to get it all back up and running again. Reinstalling Windows is always a nightmare. The following are the FRST logs. In the logs there are a few programs that I know seem suspicious; SoundSwitch, XboxStat, ClipX, Win7 Taskbar Tweaker, DisplayFusion and the shell extension that allows me to remove the shortcut arrows on some symbolic links are all genuine programs - but I can't vouch that they are virus-free. I used to use Acronis TrueImage 2014, but I will admit I illegally pirated it. I no longer use it and it's now removed, but it still has traces on the computer so it's possible it was the cause of the virus because it was pirated. I paid (quite a lot!) for a much better (and not illegal) backup solution (Bvckup 2). At the time of making the logs my network connection was bridged in such a way as to allow me to connect to the 3G internet but still access our home network and 20TB NAS for file sharing. Well, great. The ads have all disappeared. That's annoying. I wish they'd just be consistent. Oh well, here's the FRST logs anyway (hmm, was told the post was too long to post, so Addition.txt is now attached): Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015 Ran by David (administrator) on HAROLD (06-09-2015 12:36:56) Running from C:\Users\David\Desktop Loaded Profiles: David (Available Profiles: David) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (RaMMicHaeL) C:\Users\David\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe () C:\Program Files (x86)\ClipX\clipx.exe (Codeusa Software) C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe (Pipemetrics SA) C:\Program Files\Bvckup 2\bvckup2.exe (Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe (Jeroen Pelgrims) C:\Users\David\AppData\Local\Apps\2.0\4G2TEA0W.YEX\HJK8QHO4.E2X\soun..tion_0000000000000000_0002.0004_f839aedc2aa2d7a7\SoundSwitch.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel® Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [samsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805888 2014-08-19] (Acronis) HKLM-x32\...\Run: [Corsair Headset Software] => C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe [3167544 2014-02-12] (Corsair Components, Inc.) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation) HKLM-x32\...\Run: [ClipX] => C:\Program Files (x86)\ClipX\clipx.exe [68608 2005-12-01] () HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\David\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [382976 2015-04-08] (RaMMicHaeL) HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6886752 2015-01-07] (Binary Fortress Software) HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-31] (Spotify Ltd) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] () ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers: [iconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers: [iconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [iconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [iconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Borderless Gaming.lnk [2015-08-01] ShortcutTarget: Borderless Gaming.lnk -> C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe (Codeusa Software) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bvckup2.lnk [2015-07-12] ShortcutTarget: Bvckup2.lnk -> C:\Program Files\Bvckup 2\bvckup2.exe (Pipemetrics SA) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk [2015-03-09] ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundSwitch.appref-ms [2015-03-09] () Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2015-03-09] ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2013-05-11] (National Instruments Corporation) Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.11 Tcpip\..\Interfaces\{4F3C7CA5-7803-41F3-86CC-3327492FE7E6}: [DhcpNameServer] 192.168.0.11 Tcpip\..\Interfaces\{7B1CEF77-DDB6-42E8-B017-8F1562B1DF55}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{B597B79E-1A3E-4CB1-8674-E3D4E441BBA8}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{BBFF37E3-B1E9-4A3F-800F-8FDAE3F72FEE}: [DhcpNameServer] 192.168.43.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-715575704-4020683070-549173419-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-715575704-4020683070-549173419-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-16] (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-11-11] (LastPass) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-16] (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-16] (Oracle Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-11-11] (LastPass) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-09-13] (FreeDownloadManager.ORG) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-16] (Oracle Corporation) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-11-11] (LastPass) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-11-11] (LastPass) FireFox: ======== FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB) FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-16] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-11] (LastPass) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-06-09] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.) FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-16] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-16] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-11] (LastPass) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-09] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-09] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-06-09] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin HKU\S-1-5-21-715575704-4020683070-549173419-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-22] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll [2013-05-29] (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll [2013-06-20] (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Extension: LastPass - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\support@lastpass.com [2014-11-11] FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-07-03] FF Extension: Omnibar - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\omnibar@ajitk.com.xpi [2015-07-03] FF Extension: FXChrome - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2015-07-03] FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-03] Chrome: ======= CHR HomePage: Default -> hxxp://google.com/ CHR StartupUrls: Default -> "hxxp://google.com/" CHR DefaultSearchKeyword: Default -> lp CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-07] CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07] CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-07] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-07] CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-07] CHR Extension: (Adblock Plus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-07] CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-07] CHR Extension: (Backtick) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiejhinmmfgincamkeeobmpffhdljim [2015-03-07] CHR Extension: (Session Buddy) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-03-07] CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-07] CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04] CHR Extension: (LastPass: Free Password Manager) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-07] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07] CHR Extension: (Better YouTube Watch History) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleajdkalfbohpinoaekajagdefaeckd [2015-03-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07] CHR Extension: (Google Tone) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnckehldicaciogcbchegobnafnjkcne [2015-05-28] CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-07] CHR Extension: (RSS Feed Reader) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2015-03-07] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1060352 2015-06-19] () S4 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed] R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-07-14] (EasyAntiCheat Ltd) S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.) S4 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2014-04-04] (Reprise Software Inc.) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation) S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed] S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation) S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation) S4 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] () S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.) S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation) S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation) S4 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation) S4 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation) S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation) S4 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation) S4 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation) S4 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-02] (Electronic Arts) S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-06-02] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-06-03] () S4 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed] R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.) S4 SVLAdminServiceX64; C:\Program Files (x86)\Software Verification\SVL Service x64\svlService_x64.exe [21792 2014-06-03] () S4 SVLAdminServiceX86; C:\Program Files (x86)\Software Verification\SVL Service x86\svlService.exe [24928 2014-05-23] () S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-27] (Wacom Technology, Corp.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Migrate OS to SSD\program\BioNTDrv.SYS [19024 2011-03-01] (Paragon Software GmbH) R3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [109912 2014-02-03] (Corsair Components, Inc.) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] () R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech Inc.) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2012-07-26] (http://libusb-win32.sourceforge.net) S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2014-07-08] (http://libusb-win32.sourceforge.net) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation) S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [12288 2009-08-23] () [File not signed] S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-06-10] () R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation ) R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-10] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2015-02-10] (Acronis International GmbH) R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-01] () R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-09-09] (Oracle Corporation) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-02-10] (Acronis International GmbH) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 moufiltr; system32\DRIVERS\moufiltr.sys [X] S3 vhidmini; system32\DRIVERS\walvhid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-06 12:36 - 2015-09-06 12:37 - 00035976 _____ C:\Users\David\Desktop\FRST.txt 2015-09-06 12:11 - 2015-09-06 12:12 - 02188800 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe 2015-09-03 10:56 - 2015-09-03 10:57 - 12455424 _____ (Frontier Developments ) C:\Users\David\Desktop\EliteDangerous-Client-Installer.exe 2015-08-31 17:22 - 2015-08-31 17:47 - 255525815 _____ (Fleet Operations Development Team ) C:\Users\David\Desktop\FOSetup327.exe 2015-08-31 17:22 - 2015-08-31 17:28 - 54894709 _____ ( ) C:\Users\David\Desktop\FleetOpsMultimedia3.exe 2015-08-31 17:16 - 2015-08-31 17:17 - 00895868 _____ C:\Users\David\Desktop\3danalyzer-v236.zip 2015-08-30 11:51 - 2015-08-30 11:51 - 00154956 _____ C:\Users\David\Desktop\d l4d2.aup 2015-08-30 11:51 - 2015-08-30 11:51 - 00000000 ____D C:\Users\David\Desktop\d l4d2_data 2015-08-29 16:55 - 2015-08-29 16:55 - 00001679 _____ C:\Users\David\Desktop\left4gore.exe - Shortcut.lnk 2015-08-29 16:55 - 2015-08-29 16:55 - 00001099 _____ C:\Users\David\Desktop\left4dead2.exe - Shortcut.lnk 2015-08-29 15:21 - 2015-08-29 15:21 - 00000785 _____ C:\Users\David\Desktop\Star Citizen Launcher.lnk 2015-08-29 15:21 - 2015-08-29 15:21 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher 2015-08-29 15:21 - 2015-08-29 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher 2015-08-23 18:14 - 2015-08-23 18:48 - 00000000 ____D C:\Users\David\Desktop\DSTwo 2015-08-22 13:26 - 2015-08-31 21:22 - 00000000 ____D C:\Users\David\AppData\Local\Spotify 2015-08-22 13:26 - 2015-08-22 13:26 - 00001793 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-08-22 13:22 - 2015-08-31 21:22 - 00000000 ____D C:\Users\David\AppData\Roaming\Spotify 2015-08-22 11:47 - 2015-08-22 11:47 - 00077373 _____ C:\Users\David\Desktop\d_rocketleague_3.aup 2015-08-22 11:47 - 2015-08-22 11:47 - 00000000 ____D C:\Users\David\Desktop\d_rocketleague_3_data 2015-08-15 11:33 - 2015-08-15 11:33 - 00078360 _____ C:\Users\David\Desktop\d_minecraft_pp_1.aup 2015-08-15 11:33 - 2015-08-15 11:33 - 00000000 ____D C:\Users\David\Desktop\d_minecraft_pp_1_data 2015-08-07 22:38 - 2015-08-07 22:38 - 00000000 ____D C:\Users\David\Documents\PCSX2 2015-08-07 22:38 - 2015-08-07 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2 2015-08-07 21:59 - 2015-08-07 21:59 - 00866384 _____ C:\Users\David\Desktop\OpenPS2Loader 0.9.2.zip 2015-08-07 21:55 - 2015-08-07 21:55 - 00100490 _____ C:\Users\David\Desktop\ESRDiscPatcher.zip 2015-08-07 21:55 - 2015-08-07 21:55 - 00028642 _____ C:\Users\David\Desktop\ESR.zip 2015-08-07 14:55 - 2015-08-07 14:55 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PS2 Save Builder 0.8 2015-08-07 14:54 - 2015-08-07 14:54 - 00000000 ____D C:\Program Files (x86)\PS2 Save Builder 0.8 2015-08-07 14:37 - 2015-08-07 14:38 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyMC 2015-08-07 14:36 - 2015-08-07 14:36 - 00000000 ____D C:\Program Files (x86)\MyMC 2015-08-07 14:24 - 2015-08-07 14:24 - 04710029 _____ C:\Users\David\Desktop\mymc-alpha-2.6.zip 2015-08-07 13:57 - 2015-08-07 13:58 - 05116874 _____ C:\Users\David\Desktop\[140629]FMCB-0194-bin.7z 2015-08-07 13:54 - 2015-08-07 14:12 - 00000000 ____D C:\Users\David\Desktop\PS2 Saves ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-06 12:36 - 2015-03-11 11:11 - 00000000 ____D C:\FRST 2015-09-06 12:35 - 2014-02-28 11:35 - 01150434 _____ C:\Windows\WindowsUpdate.log 2015-09-06 12:21 - 2015-03-07 14:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-06 12:06 - 2009-07-14 14:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-06 12:06 - 2009-07-14 14:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-06 12:05 - 2009-07-14 15:13 - 00801230 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-06 12:02 - 2014-06-23 14:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-06 11:59 - 2015-07-12 21:28 - 00000000 ____D C:\Users\David\AppData\Local\Bvckup2 2015-09-06 11:59 - 2015-03-13 13:04 - 00017430 _____ C:\Windows\setupact.log 2015-09-06 11:59 - 2015-03-07 14:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-06 11:59 - 2015-01-10 12:41 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner 2015-09-06 11:59 - 2015-01-09 22:44 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2015-09-06 11:59 - 2014-10-04 10:02 - 00000000 ____D C:\ProgramData\VMware 2015-09-06 11:59 - 2014-06-23 16:53 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-06 11:59 - 2014-03-01 08:43 - 01192302 _____ C:\Windows\PFRO.log 2015-09-06 11:59 - 2013-09-26 16:39 - 00000000 ____D C:\Users\David\AppData\Local\Deployment 2015-09-06 11:59 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-06 00:37 - 2013-10-01 12:36 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner 2015-09-05 23:15 - 2014-11-20 16:21 - 00000000 ____D C:\Program Files (x86)\Steam 2015-09-05 12:43 - 2014-02-28 23:06 - 00000000 ____D C:\ProgramData\Unity 2015-09-04 16:47 - 2015-03-12 08:37 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-09-04 14:42 - 2015-06-21 21:03 - 00000000 ____D C:\Users\David\Desktop\Keygen-CRD 2015-09-04 14:42 - 2009-07-14 15:32 - 00000000 ____D C:\Windows\Performance 2015-09-04 09:18 - 2014-02-13 12:45 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-08-30 21:38 - 2014-11-22 12:00 - 00000000 ____D C:\Users\David\Desktop\Stiff to Sort 2015-08-30 12:05 - 2014-08-07 16:56 - 00000000 ____D C:\Users\David\AppData\Roaming\Audacity 2015-08-30 11:57 - 2014-03-03 11:07 - 00000000 ____D C:\Users\David\AppData\Roaming\HandBrake 2015-08-30 11:53 - 2013-10-06 10:26 - 00000000 ____D C:\Users\David\AppData\Roaming\Mumble 2015-08-29 16:16 - 2015-03-07 14:45 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-29 16:16 - 2015-03-07 14:45 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-26 09:26 - 2009-07-14 15:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-24 14:41 - 2013-12-25 23:19 - 00000000 ____D C:\Users\David\AppData\Roaming\.minecraft 2015-08-24 11:34 - 2015-05-24 16:31 - 00000080 _____ C:\Users\David\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 2015-08-24 07:15 - 2015-03-12 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-08-24 07:15 - 2015-03-12 08:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2015-08-23 15:07 - 2015-04-12 09:56 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2015-08-23 15:07 - 2015-04-12 09:55 - 00000000 ____D C:\Program Files\Rockstar Games 2015-08-22 14:06 - 2013-10-26 23:09 - 00000000 ____D C:\Users\David\AppData\Roaming\Unity 2015-08-22 13:21 - 2013-10-05 10:17 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc 2015-08-22 09:48 - 2015-06-28 11:35 - 00000328 _____ C:\Users\David\Desktop\costs.txt 2015-08-16 16:42 - 2015-03-16 12:26 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps 2015-08-09 13:42 - 2013-11-09 13:20 - 00007631 _____ C:\Users\David\AppData\Local\Resmon.ResmonCfg 2015-08-07 22:38 - 2014-03-11 09:16 - 00000000 ____D C:\Windows\SysWOW64\directx ==================== Files in the root of some directories ======= 2014-11-11 19:55 - 2014-11-11 19:55 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-05-23 00:40 - 2015-05-23 00:43 - 0000132 _____ () C:\Users\David\AppData\Roaming\Adobe PNG Format CS6 Prefs 2013-12-31 22:52 - 2013-12-31 23:02 - 0065617 _____ () C:\Users\David\AppData\Roaming\Camdata.ini 2013-12-31 22:52 - 2013-12-31 23:02 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamLayout.ini 2013-12-31 22:52 - 2013-12-31 23:02 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamShapes.ini 2013-12-31 22:52 - 2013-12-31 23:02 - 0004548 _____ () C:\Users\David\AppData\Roaming\CamStudio.cfg 2015-01-17 13:22 - 2015-01-18 12:18 - 0000699 _____ () C:\Users\David\AppData\Roaming\DriveCalculator Preferences 2014-12-28 09:08 - 2014-12-28 21:57 - 0003982 _____ () C:\Users\David\AppData\Roaming\LTspiceIV.ini 2014-02-07 08:30 - 2014-05-14 17:22 - 0000813 _____ () C:\Users\David\AppData\Roaming\MPQEditor.ini 2013-12-31 22:51 - 2013-12-31 22:52 - 0000096 _____ () C:\Users\David\AppData\Roaming\version2.xml 2014-04-05 14:22 - 2014-04-18 17:18 - 0003584 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-14 16:28 - 2014-08-14 16:28 - 1065984 _____ () C:\Users\David\AppData\Local\file__0.localstorage 2013-10-24 10:05 - 2013-10-24 10:05 - 0000093 _____ () C:\Users\David\AppData\Local\fusioncache.dat 2013-10-25 13:19 - 2013-10-25 13:19 - 0000000 ___SH () C:\Users\David\AppData\Local\LumaEmu 2015-07-26 14:16 - 2015-07-26 14:16 - 0006667 _____ () C:\Users\David\AppData\Local\recently-used.xbel 2013-11-09 13:20 - 2015-08-09 13:42 - 0007631 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg 2015-02-22 19:52 - 2015-02-22 19:52 - 0000080 _____ () C:\Users\David\AppData\Local\X-Plane Installer.prf 2015-02-22 19:27 - 2015-02-22 19:27 - 0000036 _____ () C:\Users\David\AppData\Local\x-plane_install_10.txt 2014-08-31 11:26 - 2014-08-31 11:26 - 0000044 _____ () C:\ProgramData\.SimImages 2015-04-09 12:49 - 2015-04-09 12:49 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some files in TEMP: ==================== C:\Users\David\AppData\Local\Temp\bzfclean.exe C:\Users\David\AppData\Local\Temp\installerdll783592140.dll C:\Users\David\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\David\AppData\Local\Temp\sfamcc00001.dll C:\Users\David\AppData\Local\Temp\sfareca00001.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-01 00:31 ==================== End of FRST.txt ============================ Addition.txt