Jump to content

Search the Community

Showing results for tags 'Chrome'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hi, A while back I was getting CloudScout pop-ups and ads in Chrome (no other browser). I did everything I could to remove them, even posting on BleepingComputer, but I just gave up in the end because they were intermittent and eventually disappeared entirely on their own. Now I have the same pop-ups and ads but this time they're marked "Ads by DNSUnlocker". My brother's computer gets the ads at exactly the same time as I do, every time. We're on the same network. Sometimes using Chrome's reset settings feature removes the ads for a few days, but sometimes it does nothing. I've run a fully updated Malwarebytes several times and it has found nothing. Your DNSUnlocker Removal Guide, as with every single other guide on the internet, is completely pointless and just annoying. I have never once seen any virus actually show up as an installed program. That just never happens, which is why I get annoyed at all of those copy-cat, nonsense guides that say to look for the virus in Programs and Features or Task Manager. Our internet setup is a bit unusual because of where we live. We have satellite internet, but it's too delayed (600ms to 2s of ping) for online gaming, so my brother and I have our own separate internet connection using a Samsung Galaxy S3 with a patch lead going to an external antenna. We enable the portable hotspot on the phone and connect that way. It's possible the phone is infected, but I don't know how to find out on Android. Maybe it could be the router - I guess I can test that by not bridging my network at all today (and therefore relying on the separate wifi network from the phone) and seeing if the ads appear. Whatever happens, I can't reinstall Windows. Not until I go to Windows 10, anyway. I have hundreds of programs installed and set up and it would take weeks to get it all back up and running again. Reinstalling Windows is always a nightmare. The following are the FRST logs. In the logs there are a few programs that I know seem suspicious; SoundSwitch, XboxStat, ClipX, Win7 Taskbar Tweaker, DisplayFusion and the shell extension that allows me to remove the shortcut arrows on some symbolic links are all genuine programs - but I can't vouch that they are virus-free. I used to use Acronis TrueImage 2014, but I will admit I illegally pirated it. I no longer use it and it's now removed, but it still has traces on the computer so it's possible it was the cause of the virus because it was pirated. I paid (quite a lot!) for a much better (and not illegal) backup solution (Bvckup 2). At the time of making the logs my network connection was bridged in such a way as to allow me to connect to the 3G internet but still access our home network and 20TB NAS for file sharing. Well, great. The ads have all disappeared. That's annoying. I wish they'd just be consistent. Oh well, here's the FRST logs anyway (hmm, was told the post was too long to post, so Addition.txt is now attached): Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015 Ran by David (administrator) on HAROLD (06-09-2015 12:36:56) Running from C:\Users\David\Desktop Loaded Profiles: David (Available Profiles: David) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (RaMMicHaeL) C:\Users\David\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe () C:\Program Files (x86)\ClipX\clipx.exe (Codeusa Software) C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe (Pipemetrics SA) C:\Program Files\Bvckup 2\bvckup2.exe (Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe (Jeroen Pelgrims) C:\Users\David\AppData\Local\Apps\2.0\4G2TEA0W.YEX\HJK8QHO4.E2X\soun..tion_0000000000000000_0002.0004_f839aedc2aa2d7a7\SoundSwitch.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel® Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [samsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805888 2014-08-19] (Acronis) HKLM-x32\...\Run: [Corsair Headset Software] => C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe [3167544 2014-02-12] (Corsair Components, Inc.) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation) HKLM-x32\...\Run: [ClipX] => C:\Program Files (x86)\ClipX\clipx.exe [68608 2005-12-01] () HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\David\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [382976 2015-04-08] (RaMMicHaeL) HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6886752 2015-01-07] (Binary Fortress Software) HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-31] (Spotify Ltd) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] () ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers: [iconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers: [iconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [iconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [iconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Borderless Gaming.lnk [2015-08-01] ShortcutTarget: Borderless Gaming.lnk -> C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe (Codeusa Software) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bvckup2.lnk [2015-07-12] ShortcutTarget: Bvckup2.lnk -> C:\Program Files\Bvckup 2\bvckup2.exe (Pipemetrics SA) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk [2015-03-09] ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundSwitch.appref-ms [2015-03-09] () Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2015-03-09] ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2013-05-11] (National Instruments Corporation) Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.11 Tcpip\..\Interfaces\{4F3C7CA5-7803-41F3-86CC-3327492FE7E6}: [DhcpNameServer] 192.168.0.11 Tcpip\..\Interfaces\{7B1CEF77-DDB6-42E8-B017-8F1562B1DF55}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{B597B79E-1A3E-4CB1-8674-E3D4E441BBA8}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{BBFF37E3-B1E9-4A3F-800F-8FDAE3F72FEE}: [DhcpNameServer] 192.168.43.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-715575704-4020683070-549173419-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-715575704-4020683070-549173419-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-16] (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-11-11] (LastPass) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-16] (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-16] (Oracle Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-11-11] (LastPass) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-09-13] (FreeDownloadManager.ORG) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-16] (Oracle Corporation) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-11-11] (LastPass) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-11-11] (LastPass) FireFox: ======== FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB) FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-16] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-11] (LastPass) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-06-09] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.) FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-16] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-16] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-11] (LastPass) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-09] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-09] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-06-09] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin HKU\S-1-5-21-715575704-4020683070-549173419-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-22] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll [2013-05-29] (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll [2013-06-20] (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Extension: LastPass - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\support@lastpass.com [2014-11-11] FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-07-03] FF Extension: Omnibar - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\omnibar@ajitk.com.xpi [2015-07-03] FF Extension: FXChrome - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2015-07-03] FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-03] Chrome: ======= CHR HomePage: Default -> hxxp://google.com/ CHR StartupUrls: Default -> "hxxp://google.com/" CHR DefaultSearchKeyword: Default -> lp CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-07] CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07] CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-07] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-07] CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-07] CHR Extension: (Adblock Plus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-07] CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-07] CHR Extension: (Backtick) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiejhinmmfgincamkeeobmpffhdljim [2015-03-07] CHR Extension: (Session Buddy) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-03-07] CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-07] CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04] CHR Extension: (LastPass: Free Password Manager) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-07] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07] CHR Extension: (Better YouTube Watch History) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleajdkalfbohpinoaekajagdefaeckd [2015-03-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07] CHR Extension: (Google Tone) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnckehldicaciogcbchegobnafnjkcne [2015-05-28] CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-07] CHR Extension: (RSS Feed Reader) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2015-03-07] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1060352 2015-06-19] () S4 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed] R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-07-14] (EasyAntiCheat Ltd) S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.) S4 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2014-04-04] (Reprise Software Inc.) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation) S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed] S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation) S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation) S4 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] () S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.) S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation) S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation) S4 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation) S4 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation) S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation) S4 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation) S4 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation) S4 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-02] (Electronic Arts) S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-06-02] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-06-03] () S4 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed] R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.) S4 SVLAdminServiceX64; C:\Program Files (x86)\Software Verification\SVL Service x64\svlService_x64.exe [21792 2014-06-03] () S4 SVLAdminServiceX86; C:\Program Files (x86)\Software Verification\SVL Service x86\svlService.exe [24928 2014-05-23] () S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-27] (Wacom Technology, Corp.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Migrate OS to SSD\program\BioNTDrv.SYS [19024 2011-03-01] (Paragon Software GmbH) R3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [109912 2014-02-03] (Corsair Components, Inc.) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] () R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech Inc.) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2012-07-26] (http://libusb-win32.sourceforge.net) S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2014-07-08] (http://libusb-win32.sourceforge.net) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation) S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [12288 2009-08-23] () [File not signed] S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-06-10] () R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation ) R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-10] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2015-02-10] (Acronis International GmbH) R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-01] () R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-09-09] (Oracle Corporation) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-02-10] (Acronis International GmbH) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 moufiltr; system32\DRIVERS\moufiltr.sys [X] S3 vhidmini; system32\DRIVERS\walvhid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-06 12:36 - 2015-09-06 12:37 - 00035976 _____ C:\Users\David\Desktop\FRST.txt 2015-09-06 12:11 - 2015-09-06 12:12 - 02188800 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe 2015-09-03 10:56 - 2015-09-03 10:57 - 12455424 _____ (Frontier Developments ) C:\Users\David\Desktop\EliteDangerous-Client-Installer.exe 2015-08-31 17:22 - 2015-08-31 17:47 - 255525815 _____ (Fleet Operations Development Team ) C:\Users\David\Desktop\FOSetup327.exe 2015-08-31 17:22 - 2015-08-31 17:28 - 54894709 _____ ( ) C:\Users\David\Desktop\FleetOpsMultimedia3.exe 2015-08-31 17:16 - 2015-08-31 17:17 - 00895868 _____ C:\Users\David\Desktop\3danalyzer-v236.zip 2015-08-30 11:51 - 2015-08-30 11:51 - 00154956 _____ C:\Users\David\Desktop\d l4d2.aup 2015-08-30 11:51 - 2015-08-30 11:51 - 00000000 ____D C:\Users\David\Desktop\d l4d2_data 2015-08-29 16:55 - 2015-08-29 16:55 - 00001679 _____ C:\Users\David\Desktop\left4gore.exe - Shortcut.lnk 2015-08-29 16:55 - 2015-08-29 16:55 - 00001099 _____ C:\Users\David\Desktop\left4dead2.exe - Shortcut.lnk 2015-08-29 15:21 - 2015-08-29 15:21 - 00000785 _____ C:\Users\David\Desktop\Star Citizen Launcher.lnk 2015-08-29 15:21 - 2015-08-29 15:21 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher 2015-08-29 15:21 - 2015-08-29 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher 2015-08-23 18:14 - 2015-08-23 18:48 - 00000000 ____D C:\Users\David\Desktop\DSTwo 2015-08-22 13:26 - 2015-08-31 21:22 - 00000000 ____D C:\Users\David\AppData\Local\Spotify 2015-08-22 13:26 - 2015-08-22 13:26 - 00001793 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-08-22 13:22 - 2015-08-31 21:22 - 00000000 ____D C:\Users\David\AppData\Roaming\Spotify 2015-08-22 11:47 - 2015-08-22 11:47 - 00077373 _____ C:\Users\David\Desktop\d_rocketleague_3.aup 2015-08-22 11:47 - 2015-08-22 11:47 - 00000000 ____D C:\Users\David\Desktop\d_rocketleague_3_data 2015-08-15 11:33 - 2015-08-15 11:33 - 00078360 _____ C:\Users\David\Desktop\d_minecraft_pp_1.aup 2015-08-15 11:33 - 2015-08-15 11:33 - 00000000 ____D C:\Users\David\Desktop\d_minecraft_pp_1_data 2015-08-07 22:38 - 2015-08-07 22:38 - 00000000 ____D C:\Users\David\Documents\PCSX2 2015-08-07 22:38 - 2015-08-07 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2 2015-08-07 21:59 - 2015-08-07 21:59 - 00866384 _____ C:\Users\David\Desktop\OpenPS2Loader 0.9.2.zip 2015-08-07 21:55 - 2015-08-07 21:55 - 00100490 _____ C:\Users\David\Desktop\ESRDiscPatcher.zip 2015-08-07 21:55 - 2015-08-07 21:55 - 00028642 _____ C:\Users\David\Desktop\ESR.zip 2015-08-07 14:55 - 2015-08-07 14:55 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PS2 Save Builder 0.8 2015-08-07 14:54 - 2015-08-07 14:54 - 00000000 ____D C:\Program Files (x86)\PS2 Save Builder 0.8 2015-08-07 14:37 - 2015-08-07 14:38 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyMC 2015-08-07 14:36 - 2015-08-07 14:36 - 00000000 ____D C:\Program Files (x86)\MyMC 2015-08-07 14:24 - 2015-08-07 14:24 - 04710029 _____ C:\Users\David\Desktop\mymc-alpha-2.6.zip 2015-08-07 13:57 - 2015-08-07 13:58 - 05116874 _____ C:\Users\David\Desktop\[140629]FMCB-0194-bin.7z 2015-08-07 13:54 - 2015-08-07 14:12 - 00000000 ____D C:\Users\David\Desktop\PS2 Saves ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-06 12:36 - 2015-03-11 11:11 - 00000000 ____D C:\FRST 2015-09-06 12:35 - 2014-02-28 11:35 - 01150434 _____ C:\Windows\WindowsUpdate.log 2015-09-06 12:21 - 2015-03-07 14:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-06 12:06 - 2009-07-14 14:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-06 12:06 - 2009-07-14 14:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-06 12:05 - 2009-07-14 15:13 - 00801230 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-06 12:02 - 2014-06-23 14:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-06 11:59 - 2015-07-12 21:28 - 00000000 ____D C:\Users\David\AppData\Local\Bvckup2 2015-09-06 11:59 - 2015-03-13 13:04 - 00017430 _____ C:\Windows\setupact.log 2015-09-06 11:59 - 2015-03-07 14:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-06 11:59 - 2015-01-10 12:41 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner 2015-09-06 11:59 - 2015-01-09 22:44 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2015-09-06 11:59 - 2014-10-04 10:02 - 00000000 ____D C:\ProgramData\VMware 2015-09-06 11:59 - 2014-06-23 16:53 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-06 11:59 - 2014-03-01 08:43 - 01192302 _____ C:\Windows\PFRO.log 2015-09-06 11:59 - 2013-09-26 16:39 - 00000000 ____D C:\Users\David\AppData\Local\Deployment 2015-09-06 11:59 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-06 00:37 - 2013-10-01 12:36 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner 2015-09-05 23:15 - 2014-11-20 16:21 - 00000000 ____D C:\Program Files (x86)\Steam 2015-09-05 12:43 - 2014-02-28 23:06 - 00000000 ____D C:\ProgramData\Unity 2015-09-04 16:47 - 2015-03-12 08:37 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-09-04 14:42 - 2015-06-21 21:03 - 00000000 ____D C:\Users\David\Desktop\Keygen-CRD 2015-09-04 14:42 - 2009-07-14 15:32 - 00000000 ____D C:\Windows\Performance 2015-09-04 09:18 - 2014-02-13 12:45 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-08-30 21:38 - 2014-11-22 12:00 - 00000000 ____D C:\Users\David\Desktop\Stiff to Sort 2015-08-30 12:05 - 2014-08-07 16:56 - 00000000 ____D C:\Users\David\AppData\Roaming\Audacity 2015-08-30 11:57 - 2014-03-03 11:07 - 00000000 ____D C:\Users\David\AppData\Roaming\HandBrake 2015-08-30 11:53 - 2013-10-06 10:26 - 00000000 ____D C:\Users\David\AppData\Roaming\Mumble 2015-08-29 16:16 - 2015-03-07 14:45 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-29 16:16 - 2015-03-07 14:45 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-26 09:26 - 2009-07-14 15:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-24 14:41 - 2013-12-25 23:19 - 00000000 ____D C:\Users\David\AppData\Roaming\.minecraft 2015-08-24 11:34 - 2015-05-24 16:31 - 00000080 _____ C:\Users\David\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 2015-08-24 07:15 - 2015-03-12 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-08-24 07:15 - 2015-03-12 08:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2015-08-23 15:07 - 2015-04-12 09:56 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2015-08-23 15:07 - 2015-04-12 09:55 - 00000000 ____D C:\Program Files\Rockstar Games 2015-08-22 14:06 - 2013-10-26 23:09 - 00000000 ____D C:\Users\David\AppData\Roaming\Unity 2015-08-22 13:21 - 2013-10-05 10:17 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc 2015-08-22 09:48 - 2015-06-28 11:35 - 00000328 _____ C:\Users\David\Desktop\costs.txt 2015-08-16 16:42 - 2015-03-16 12:26 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps 2015-08-09 13:42 - 2013-11-09 13:20 - 00007631 _____ C:\Users\David\AppData\Local\Resmon.ResmonCfg 2015-08-07 22:38 - 2014-03-11 09:16 - 00000000 ____D C:\Windows\SysWOW64\directx ==================== Files in the root of some directories ======= 2014-11-11 19:55 - 2014-11-11 19:55 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-05-23 00:40 - 2015-05-23 00:43 - 0000132 _____ () C:\Users\David\AppData\Roaming\Adobe PNG Format CS6 Prefs 2013-12-31 22:52 - 2013-12-31 23:02 - 0065617 _____ () C:\Users\David\AppData\Roaming\Camdata.ini 2013-12-31 22:52 - 2013-12-31 23:02 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamLayout.ini 2013-12-31 22:52 - 2013-12-31 23:02 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamShapes.ini 2013-12-31 22:52 - 2013-12-31 23:02 - 0004548 _____ () C:\Users\David\AppData\Roaming\CamStudio.cfg 2015-01-17 13:22 - 2015-01-18 12:18 - 0000699 _____ () C:\Users\David\AppData\Roaming\DriveCalculator Preferences 2014-12-28 09:08 - 2014-12-28 21:57 - 0003982 _____ () C:\Users\David\AppData\Roaming\LTspiceIV.ini 2014-02-07 08:30 - 2014-05-14 17:22 - 0000813 _____ () C:\Users\David\AppData\Roaming\MPQEditor.ini 2013-12-31 22:51 - 2013-12-31 22:52 - 0000096 _____ () C:\Users\David\AppData\Roaming\version2.xml 2014-04-05 14:22 - 2014-04-18 17:18 - 0003584 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-14 16:28 - 2014-08-14 16:28 - 1065984 _____ () C:\Users\David\AppData\Local\file__0.localstorage 2013-10-24 10:05 - 2013-10-24 10:05 - 0000093 _____ () C:\Users\David\AppData\Local\fusioncache.dat 2013-10-25 13:19 - 2013-10-25 13:19 - 0000000 ___SH () C:\Users\David\AppData\Local\LumaEmu 2015-07-26 14:16 - 2015-07-26 14:16 - 0006667 _____ () C:\Users\David\AppData\Local\recently-used.xbel 2013-11-09 13:20 - 2015-08-09 13:42 - 0007631 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg 2015-02-22 19:52 - 2015-02-22 19:52 - 0000080 _____ () C:\Users\David\AppData\Local\X-Plane Installer.prf 2015-02-22 19:27 - 2015-02-22 19:27 - 0000036 _____ () C:\Users\David\AppData\Local\x-plane_install_10.txt 2014-08-31 11:26 - 2014-08-31 11:26 - 0000044 _____ () C:\ProgramData\.SimImages 2015-04-09 12:49 - 2015-04-09 12:49 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some files in TEMP: ==================== C:\Users\David\AppData\Local\Temp\bzfclean.exe C:\Users\David\AppData\Local\Temp\installerdll783592140.dll C:\Users\David\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\David\AppData\Local\Temp\sfamcc00001.dll C:\Users\David\AppData\Local\Temp\sfareca00001.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-01 00:31 ==================== End of FRST.txt ============================ Addition.txt
  2. I have resolved this issue, but I was a little surprised that it happened at all, so I'm posting here to see what others have to say. I use Chrome as a browser and was reading a page today when I got a pop-up, complete with audio, telling my my computer was infecting with adware and to called Microsoft at a given toll-free number immediately. Of course it was a phishing scam. I had to turn my computer off the hard way, because the pop-up prevented me from closing the browser. I restarted in safe mode and ran a scan. Nothing found. I restarted in regular mode and declined the browser's offer to restart where it had left off. I ran a scan again - nothing. I have Malwarebytes Anti-Malware Premium and the free version of Anti-Exploit. Was one of these supposed to stop the phishing scam, and if so, can you suggest why it did not. I confess I'm not always clear about what kinds of malware these programs are supposed to stop, so I'm curious. I used to use No-Script to stop stuff like this when I used Firefox; I suspect it would have stopped this pop-up from taking over. However, they don't make No-Script for Chrome and there are very mixed reviews for similar programs that are available for Chrome. Do you have any recommendations along this line? Thank you!
  3. Hi, When using chrome this evening I ran into an unsecure connection error when trying to make a purchase online. The same error did not occur when I logged into my amazon account and made a purchase. One of the potential causes for this issue (according to the chrome forums) is malware so I downloaded and ran a threat scan on Malwarebytes. Two issues were found and recorded in the log (attached). Could I please have some advice on the severity of these issues and how I should go about removing them? The two items are currently in quarantine in malwarebytes. thanks for any help, joe malscan.txt
  4. I first received a notification from avast that it blocked a harmful webpage while browsing google chrome. After that I tried deleting and reinstalling google chrome, and I also deleted the appdata. It started showing up again in Firefox. It shows up no matter what browser I use. The notification contains the link to a harmful website, and the object states URL:MAL Here are the logs: can result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015Ran by selec_000 (administrator) on JOSH (01-08-2015 18:05:03)Running from C:\Users\selec_000\DownloadsLoaded Profiles: selec_000 (Available Profiles: selec_000)Platform: Windows 8.1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe(Valve Corporation) C:\Games\Steam\Steam.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Valve Corporation) C:\Games\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe() C:\Games\Modding Tools\ModOrganizer\ModOrganizer.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Farbar) C:\Users\selec_000\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)HKU\S-1-5-21-2450985420-56091920-2760118653-1001\...\Run: [steam] => C:\Games\Steam\steam.exe [2895552 2015-07-23] (Valve Corporation)HKU\S-1-5-21-2450985420-56091920-2760118653-1001\...\Run: [Google Update] => C:\Users\selec_000\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-05-15] (Google Inc.)ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-09] (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.ProxyServer: [.DEFAULT] => http=127.0.0.1:59610;https=127.0.0.1:59610HKU\S-1-5-21-2450985420-56091920-2760118653-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-09] (Avast Software s.r.o.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-22] (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-09] (Avast Software s.r.o.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-22] (Oracle Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{FF92A986-E8ED-4B99-9729-DE754A90F58C}: [DhcpNameServer] 192.168.1.254 FireFox:========FF ProfilePath: C:\Users\selec_000\AppData\Roaming\Mozilla\Firefox\Profiles\hq45mnug.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-22] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-22] (Oracle Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-01] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-01] (Google Inc.)FF Plugin HKU\S-1-5-21-2450985420-56091920-2760118653-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\selec_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No FileFF Plugin HKU\S-1-5-21-2450985420-56091920-2760118653-1001: @talk.google.com/O1DPlugin -> C:\Users\selec_000\AppData\Roaming\Mozilla\plugins\npo1d.dll No FileFF Plugin HKU\S-1-5-21-2450985420-56091920-2760118653-1001: @tools.google.com/Google Update;version=3 -> C:\Users\selec_000\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin HKU\S-1-5-21-2450985420-56091920-2760118653-1001: @tools.google.com/Google Update;version=9 -> C:\Users\selec_000\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-09] Chrome: =======CHR Profile: C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-01]CHR Extension: (Google Docs) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-01]CHR Extension: (Google Drive) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-01]CHR Extension: (YouTube) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-01]CHR Extension: (Google Search) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-01]CHR Extension: (Avast SafePrice) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-08-01]CHR Extension: (Google Sheets) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-01]CHR Extension: (Avast Online Security) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-01]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-01]CHR Extension: (Chrome Web Store Payments) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]CHR Extension: (Gmail) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-01]CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-09]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-09] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-09] (Avast Software s.r.o.)R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-09] (Avast Software)S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-11] ()S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)R3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [838336 2015-07-23] (Valve Corporation) [File not signed]S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-09] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-09] (Avast Software s.r.o.)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-09] (Avast Software s.r.o.)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-09] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-09] (Avast Software s.r.o.)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-09] (Avast Software s.r.o.)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-09] ()R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-09] (Avast Software)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  5. Hello, newbie here...I am getting chrome virus popup warnings. Premium member. Attached the FRST and Addition files.....TIA.... FRST_29-07-2015_22-11-19.txt Addition_29-07-2015_22-11-19.txt
  6. I installed MBAE a few days ago, and when I start up chrome, the outer window or tab bar I guess (the colored portion, blue or whatever color you set your task bar to) will flicker. From the color it's set to, to gray and back again. It does this instantly, and not on a new tab window. It doesn't do this on every page, and it usually happens on a web page with a video, like youtube. It'll only do this once on a page also. It's only a slight annoyance and if it's a bug, I don't care if it does this. I've tried reinstalling the program and disabling my avast antivirus free to see if there was a conflict (there wasn't any effect). The antivirus programs I have installed are: Avast Antivirus Free Malwarebytes Anti-Malware Free Malwarebytes Anti-Exploit Free Malwarebytes Anti-Rootkit Beta (I understand that this doesn't install a program on the computer) Emsisoft Emergency Kit (This also doesn't install a program) TDSS Killer (This doesn't install a program) By the way, I'm experiencing the chrome bug where it doesn't show as protected nor does it show on the logs. Really all I want to know is whether this is okay, or if my computer is infected.
  7. Suspected virus - random Chrome pop ups - Resolved HijackThis Logs - Malwarebytes Forum https://forums.malwarebytes.org/index.php?/topic/124537-suspected-virus-random-chrome-pop-ups/ When clicking on certain websites that are completely safe and I have used before, pop ups such as "make money fast" or "try this miracle product" are appearing in a new tab. took little notice at first but is getting rather regularly now and more common, with sometimes every click for 4-5 clicks in a row opening up a tab. have norton and windows defender active but neither had any success. Note: did a bit of digging myself and found a post that sounds similar, started following the steps but soon realised that it might be different with each computer as I have no idea what to look for. sorry for keeping it short, just feel like the other post sums it up exactly
  8. Help, cloudscout has infected chrome and steam. I have tried HitmanPro, malware bytes, ADW cleaner and 360 total security and none have helped and have only solved other issues. Please can anyone help get rid of cloudscout from chrome and steam. kind regards CROWNZ
  9. Hello, I just did a clean install of Windows 8 after a nasty virus. Things seems to be running really well until yesterday. Certain websites on chrome do not load and I receive an error message "DNS_PROBE_FINISHED_NXDOMAIN". If I disable Malicious Website Protection on MBAM, I can access any site. However, it is it on I can only get Google sites. I attempted to fix the problem myself and reset my dns by putting the following into cmd line: netsh winsock reset catalog This didn't work, so I turn to you all: The FRST file was too long to paste as text so it was attached to this post.FRST.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01Ran by Daniel at 2015-04-29 20:06:46Running from C:\Users\Daniel\DownloadsBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1154547124-2327209256-1540992038-500 - Administrator - Disabled) => C:\Users\AdministratorDaniel (S-1-5-21-1154547124-2327209256-1540992038-1002 - Administrator - Enabled) => C:\Users\DanielGuest (S-1-5-21-1154547124-2327209256-1540992038-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1154547124-2327209256-1540992038-1009 - Limited - Enabled)UpdatusUser (S-1-5-21-1154547124-2327209256-1540992038-1010 - Limited - Enabled) => C:\Users\UpdatusUser.Daniel ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Windows Live Essentials“ (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden„Windows Live Mail“ (x32 Version: 16.4.3503.0728 - „Microsoft Corporation“) Hidden„Windows Live Messenger“ (x32 Version: 16.4.3503.0728 - „Microsoft Corporation“) Hidden7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1208.0301 - Micro-Star International Co., Ltd.)BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1211.2901 - Micro-Star International Co., Ltd.)CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hiddenf.lux (HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\...\Flux) (Version: - )f.lux (HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Flux) (Version: - )Fotoattēlu galerija (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenFotogaléria (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenFotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenFotogalerii (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenFotogalerija (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenFoto-galerija (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenFotogalleri (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenFotogalleriet (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenFotoğraf Galerisi (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenFotótár (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenGaleria de Fotografias (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenGaleria de Fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenGalería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenGaleria fotografii (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenGalerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenGalerie foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenGalerija fotografija (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenIntel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenKB9X Radio Switch Driver (HKLM\...\B16388B2E5D3CBA8F0EE88A8C5459BADAF4DE251) (Version: 1.0.7112.20593 - ENE TECHNOLOGY INC.)KeePass Password Safe 1.29 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.29 - Dominik Reichl)KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1112.1901 - Micro-Star International Co., Ltd.)KLM (x32 Version: 1.0.1112.1901 - Micro-Star International Co., Ltd.) HiddenMalwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4711.1002 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenMSI Remind Manager (HKLM-x32\...\{7359585E-A828-4EFC-8177-7D1883DDA0B5}) (Version: 2.12.1003 - MSI)MSI VGA Overclock Tool (HKLM-x32\...\{26C18D1A-CA42-4682-8CBA-98929848278A}) (Version: 12.06.0601 - MSI)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)NVIDIA Graphics Driver 306.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.14 - NVIDIA Corporation)NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4711.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) HiddenPCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )Poczta usługi Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenPodstawowe programy Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenPošta Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenQualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.437 - Qualcomm Atheros)Qualcomm Atheros Killer Network Manager (Version: 6.1.0.437 - Qualcomm Atheros) HiddenRaccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenRealtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)SCM (HKLM\...\{FA8AB91A-0B41-4797-9015-9B3FBC7834CC}) (Version: 10.012.09132 - )Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)Spotify (HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)Spotify (HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.010 - MSI)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.04.02 - Creative Technology Limited)USB GamePad (HKLM-x32\...\{B8CDAD75-96FB-48A5-A2AE-6515DDEB7BFA}) (Version: 3.85 - My Company Name)Valokuvavalikoima (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Driver Package - Intel (NETwNe64) net (09/12/2012 15.5.4.45) (HKLM\...\A007E57753F87B14A4737DA95057F173950A6A3D) (Version: 09/12/2012 15.5.4.45 - Intel)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )Συλλογή φωτογραφιών (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenОснови Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenОсновные компоненты Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenПочта Windows Live (x32 Version: 16.4.3503.0728 - Корпорация Майкрософт) HiddenФотоальбом (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenФотогалерия (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenФотографии (общедоступная версия) (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenФотоколекція (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hiddenフォト ギャラリー (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hiddenגלריית התמונות (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hiddenبريد Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hiddenمعرض الصور (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden사진 갤러리 (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden影像中心 (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden照片库 (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 20-04-2015 01:42:58 Removed Qualcomm Atheros Killer Network Manager20-04-2015 22:47:01 Factory Settings + Windows Office 201324-04-2015 03:32:40 Windows Update27-04-2015 13:38:22 Removed Nuance PaperPort 12.28-04-2015 22:05:58 Removed Nuance PDF Viewer Plus. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {5A3924A4-6528-4752-BA5C-27D269D03A85} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-03-10] (Microsoft Corporation)Task: {7472CF23-05E6-4DC6-854B-929156282E34} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-12-07] (Synaptics Incorporated)Task: {7D100B1A-B4DD-4246-84E7-D63C6535BFA2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-01] (Microsoft Corporation)Task: {89420919-1F24-408C-B579-A0F4E9064037} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DANIEL-Daniel Daniel => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-04-20] (Microsoft Corporation)Task: {DE6AC600-1592-45D5-ABC4-076F20640B32} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-03-10] (Microsoft Corporation)Task: {EC69054D-BFF3-41A6-8FEC-9E51698E9AF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)Task: {F34074F6-EF17-44F9-80F2-41F793EE4E36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)Task: {F657E487-C513-437B-8B0B-ED1559693456} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-04-20 03:36 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2012-09-25 02:08 - 2012-09-25 02:08 - 00490496 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe2011-05-09 23:46 - 2011-05-09 23:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll2011-05-09 23:56 - 2011-05-09 23:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll2011-05-09 23:47 - 2011-05-09 23:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll2012-09-25 02:08 - 2012-09-25 02:08 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll2011-05-09 23:48 - 2011-05-09 23:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll2011-05-10 15:32 - 2011-05-10 15:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll2015-04-20 03:40 - 2015-04-20 03:40 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2012-07-26 02:58 - 2012-07-26 02:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll2012-12-07 08:00 - 2010-05-04 14:00 - 00237056 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL2012-12-07 17:56 - 2012-12-07 17:56 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2012-08-10 21:28 - 2012-08-10 21:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll2012-12-07 07:42 - 2012-12-07 17:56 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll2012-06-06 18:18 - 2012-06-06 18:18 - 00089088 _____ () C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe2012-12-07 07:42 - 2012-12-07 17:56 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll2012-12-07 07:51 - 2012-07-17 22:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2015-04-29 00:37 - 2015-04-27 21:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll2015-04-29 00:37 - 2015-04-27 21:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll2015-03-17 01:34 - 2015-03-17 01:34 - 20722336 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll2015-03-17 01:34 - 2015-03-17 01:34 - 00322208 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll2015-03-17 01:34 - 2015-03-17 01:34 - 34089120 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll2015-04-29 00:37 - 2015-04-27 21:07 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Daniel\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\Daniel\Downloads\10401142_29915353546_2620_n.jpg:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\1528558_10153701422420177_7300771_n.jpg:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\20xx3.0.iso:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\37 Avatars.swf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\AbstractTemplateForm.doc:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Atlantic Diasporas - 04.17.2015.pdf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\B19wsQ2.jpg:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Bridge0.rar:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Ch35F.pdf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\chromeinstall-8u40.exe:$CmdTcIDAlternateDataStreams: C:\Users\Daniel\Downloads\chromeinstall-8u40.exe:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Determinant.nb:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Discussion on Linear Independence.pdf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\documents-export-2015-03-04.zip:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\download.htm:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Exp4.nb:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\F0000TEK.BMP:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\fittinggauss.nb:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\flux-setup.exe:$CmdTcIDAlternateDataStreams: C:\Users\Daniel\Downloads\flux-setup.exe:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\gettin+turnt.jpg:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Homework_6.pdf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Homework_8.pdf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Jennifer_post.pptx:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Midterm Exam - Kamil - 03.06.2015.pdf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Model evaluation methods.doc:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\normref.txt:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Notes from Discussion.pdf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\p600_04q.ppt:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Phys 115L 2015 Mathematica program sample fit.txt:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Phys 115l Spring 2015 Lab Manual Experiment 6 (1).pdf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Phys 115l Spring 2015 Lab Manual Experiment 9 (1).pdf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Phys 115l Spring 2015 Lab Manual Experiment 9 (2).pdf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\physical-model-of-the-plucking-process-in-the-classical.pdf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Physics 115l prelab6.pdf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\ProbSet3.pdf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\ps3.ps:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Solved Problems.pdf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Souryuu.Asuka.Langley.full.1345484.jpg:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Souryuu.Asuka.Langley.full.1349360.jpg:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\ssbm_mp3.part1.rar:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\ssbm_mp3.part2.rar:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\ssbm_mp3.part3.rar:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Suggested+solution++Test+FyBNVC08+Ch11-12+Waves-Sound.doc:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\The Science of String Instruments.pdf:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\The Vibrating String.ppt:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\URF 2014-2015 Application Form(2).doc:$CmdZnIDAlternateDataStreams: C:\Users\Daniel\Downloads\Voigt.nb:$CmdZnID ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaperHKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaperHKU\S-1-5-21-1154547124-2327209256-1540992038-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpgDNS Servers: 128.83.185.41 - 128.83.185.40 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\...\StartupApproved\Run: => "Spotify"HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\...\StartupApproved\Run: => "Steam"HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify"HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Steam" ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{0598FD00-2DAA-46D2-A321-586DCC771AAE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{0AFD600E-FFF2-437F-8C98-1AD7404A2264}] => (Allow) LPort=2869FirewallRules: [{80E6F86B-D6D4-4DF1-8570-4C1244947B39}] => (Allow) LPort=1900FirewallRules: [{208ACDB2-28E4-4353-BD22-6B3E1A5C3959}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeFirewallRules: [{ACF3BD7F-8118-4087-8801-93A07CBF0154}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exeFirewallRules: [{244957FA-6037-45DB-A8E2-96576BEAC26D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXEFirewallRules: [{39B7A0DA-EFEA-4D7C-AE8C-C7A97A28A9BD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{4EF7424E-9322-460D-B862-8866E8EF6437}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{700EE4A1-0C95-4327-98C0-682C1A722BE1}] => (Allow) C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\OneDrive.exeFirewallRules: [{56A79F0F-5327-474A-B0A7-3BFDAD03DC78}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{5F584BC2-84BD-414F-8D0C-876D17D0BEA6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{CEFB49A6-107F-46D6-8D18-AF93D19E2561}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{646F752E-E3B5-4FA1-B15D-DD3A1009AB00}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{BD051826-15BB-44B8-B156-5B6575E85F9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeFirewallRules: [{EDCE2718-5B0B-4C80-9835-BDC77911F9B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeFirewallRules: [TCP Query User{E6B352A7-E7B7-4BB1-85CF-233194D8BCD6}C:\users\daniel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daniel\appdata\roaming\spotify\spotify.exeFirewallRules: [uDP Query User{D74543EE-B37F-4391-8EE9-BC853EE08ABC}C:\users\daniel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daniel\appdata\roaming\spotify\spotify.exeFirewallRules: [TCP Query User{70928EF6-A7C6-4E9C-8240-865C4457358E}C:\users\daniel\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\daniel\appdata\roaming\spotify\spotify.exeFirewallRules: [uDP Query User{5A2A72B9-81CC-40AE-BD34-13CE6A1ED645}C:\users\daniel\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\daniel\appdata\roaming\spotify\spotify.exeFirewallRules: [{541ACA62-3981-4F39-85F1-2769AD6BE985}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Bluetooth ServerDescription: Bluetooth ServerClass Guid: {34446e8e-37b4-4b16-9da6-bea2db33465a}Manufacturer: Intel CorporationService: btmauxProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors:==================Error: (04/29/2015 07:52:19 PM) (Source: Adobe Reader) (EventID: 16) (User: )Description: Error: (04/29/2015 07:52:19 PM) (Source: Adobe Reader) (EventID: 16) (User: )Description: Error: (04/29/2015 06:21:24 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program Explorer.EXE version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: af4 Start Time: 01d08233fdfa812e Termination Time: 31 Application Path: C:\WINDOWS\Explorer.EXE Report Id: 6cbb2282-eec6-11e4-be86-f4b7e20323c2 Faulting package full name: Faulting package-relative application ID: Error: (04/29/2015 01:47:21 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program mumble.exe version 1.2.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 32c Start Time: 01d082abe03c3ef6 Termination Time: 5 Application Path: C:\Program Files (x86)\Mumble\mumble.exe Report Id: 17f8e19b-eea0-11e4-be86-f4b7e20323c2 Faulting package full name: Faulting package-relative application ID: Error: (04/28/2015 11:56:12 PM) (Source: Adobe Reader) (EventID: 16) (User: )Description: Error: (04/28/2015 11:42:22 PM) (Source: Adobe Reader) (EventID: 16) (User: )Description: Error: (04/28/2015 11:41:47 PM) (Source: Adobe Reader) (EventID: 16) (User: )Description: Error: (04/28/2015 11:02:03 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: KillerNetManager.exe, version: 0.0.0.0, time stamp: 0x50612df1Faulting module name: QtCore4.dll, version: 4.7.3.0, time stamp: 0x4dc88ae9Exception code: 0xc0000005Fault offset: 0x0000000000002726Faulting process id: 0x1340Faulting application start time: 0xKillerNetManager.exe0Faulting application path: KillerNetManager.exe1Faulting module path: KillerNetManager.exe2Report Id: KillerNetManager.exe3Faulting package full name: KillerNetManager.exe4Faulting package-relative application ID: KillerNetManager.exe5 Error: (04/28/2015 10:43:03 PM) (Source: Adobe Reader) (EventID: 16) (User: )Description: Error: (04/28/2015 10:29:01 PM) (Source: Adobe Reader) (EventID: 16) (User: )Description: System errors:=============Error: (04/29/2015 07:28:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The NVIDIA Update Service Daemon service hung on starting. Error: (04/29/2015 07:22:35 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 6:51:24 PM on ‎4/‎29/‎2015 was unexpected. Error: (04/28/2015 10:01:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The Norton PC Checkup Application Launcher service hung on starting. Error: (04/28/2015 09:55:38 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 9:49:17 PM on ‎4/‎28/‎2015 was unexpected. Error: (04/28/2015 09:15:01 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (04/28/2015 08:43:11 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)Description: CBS Client initialization failed. Last error: 0x80080005 Error: (04/28/2015 08:43:11 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (04/28/2015 00:07:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Update for Windows 8 for x64-based Systems (KB2802618). Error: (04/27/2015 01:39:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x80004004: Update for Windows 8 for x64-based Systems (KB3004394). Error: (04/27/2015 01:39:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x80004004: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2966827). Microsoft Office Sessions:=========================Error: (04/29/2015 07:52:19 PM) (Source: Adobe Reader) (EventID: 16) (User: )Description: Error: (04/29/2015 07:52:19 PM) (Source: Adobe Reader) (EventID: 16) (User: )Description: Error: (04/29/2015 06:21:24 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Explorer.EXE6.2.9200.16628af401d08233fdfa812e31C:\WINDOWS\Explorer.EXE6cbb2282-eec6-11e4-be86-f4b7e20323c2 Error: (04/29/2015 01:47:21 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: mumble.exe1.2.8.032c01d082abe03c3ef65C:\Program Files (x86)\Mumble\mumble.exe17f8e19b-eea0-11e4-be86-f4b7e20323c2 Error: (04/28/2015 11:56:12 PM) (Source: Adobe Reader) (EventID: 16) (User: )Description: Error: (04/28/2015 11:42:22 PM) (Source: Adobe Reader) (EventID: 16) (User: )Description: Error: (04/28/2015 11:41:47 PM) (Source: Adobe Reader) (EventID: 16) (User: )Description: Error: (04/28/2015 11:02:03 PM) (Source: Application Error) (EventID: 1000) (User: )Description: KillerNetManager.exe0.0.0.050612df1QtCore4.dll4.7.3.04dc88ae9c00000050000000000002726134001d08228273b65a1C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exeC:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll7dd6b7bc-ee24-11e4-be85-f4b7e20323c2 Error: (04/28/2015 10:43:03 PM) (Source: Adobe Reader) (EventID: 16) (User: )Description: Error: (04/28/2015 10:29:01 PM) (Source: Adobe Reader) (EventID: 16) (User: )Description: CodeIntegrity Errors:=================================== Date: 2015-04-29 17:04:42.380 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-29 16:43:11.812 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-29 16:35:49.169 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-29 16:35:47.111 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-29 16:33:52.390 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-29 16:33:40.441 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-29 13:48:16.514 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-29 13:48:15.112 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-29 13:47:58.518 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-29 13:47:39.435 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-3630QM CPU @ 2.40GHzPercentage of memory in use: 27%Total physical RAM: 16275.57 MBAvailable physical RAM: 11811.89 MBTotal Pagefile: 32659.57 MBAvailable Pagefile: 28008.5 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (OS_Install) (Fixed) (Total:676.43 GB) (Free:142.43 GB) NTFSDrive d: (The Big ) (Fixed) (Total:698.51 GB) (Free:672.61 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 698.6 GB) (Disk ID: 8A440388) Partition: GPT Partition Type. ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
  10. Hi, I've somehow managed to download some malware that squashes all headers (h1,h2 tag) together on every website. There is nothing online on this problem or how to fix it so this must be a new threat. I've attached some images displaying the problem i'm experiencing. I will be hugely grateful if someone has any idea how to fix this. Im using a mac, mavericks operating system. Thanks.
  11. Hi, I've somehow managed to download some malware that squashes all headers (h1,h2 tag) together on every website. There is nothing online on this problem or how to fix it so this must be a new threat. I've attached some images displaying the problem i'm experiencing. I will be hugely grateful if someone has any idea how to fix this. Thanks.
  12. Hello folks, I keep getting weird hyper links on pages that I open related to "SwiftSearch". Some adware that I think I was infected with. I tried a clean re-install of chrome to see if that would help before going through this process but I did not. Here you go: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015Ran by Daniel (administrator) on DANIEL on 18-04-2015 19:39:50Running from C:\Users\Daniel\DownloadsLoaded Profiles: Daniel & (Available profiles: Daniel)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Swift Search) C:\Program Files (x86)\SwiftSearch_1.10.0.14\Service\swsesvc.exe(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyWebHelper.exe(Flux Software LLC) C:\Users\Daniel\AppData\Local\FluxSoftware\Flux\flux.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe() C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe(Corsair Components Inc) C:\Program Files (x86)\corsair\M95 Mouse\M95Hid.exe(Corsair Components Inc) C:\Program Files (x86)\corsair\M95 Mouse\CorsTra.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe\KeePass.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\Spotify.exe(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyCrashService.exe(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\Spotify.exe(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\Spotify.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayAppHKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [403848 2012-09-13] (MSI)HKLM\...\Run: [sCM] => C:\Program Files (x86)\SCM\SCM.exe [399776 2012-09-13] (MSI)HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-04-15] (NVIDIA Corporation)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-12-07] (Synaptics Incorporated)HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297624 2015-02-17] (COMODO)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-01] (Apple Inc.)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)HKLM-x32\...\Run: [super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502328 2012-05-22] (MSI)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [181208 2013-04-02] (cyberlink)HKLM-x32\...\Run: [VGAOCAP] => C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe [89088 2012-06-06] ()HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1522376 2011-12-19] (Micro-Star International Co., Ltd.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-01] (Apple Inc.)HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)HKLM-x32\...\Run: [Corsair Duke] => C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe [1769984 2013-05-27] (Corsair Components Inc)HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exeHKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKLM-x32\...\Run: [ZoneAlarm Installer] => "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r welcome /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /wHKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-15] (Avast Software s.r.o.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-14] (Oracle Corporation)HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-01-24] ( (Qualcomm®Atheros®))HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\...\Run: [skyDrive] => C:\Users\Daniel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation)HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\...\Run: [spotify Web Helper] => C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-04] (Spotify Ltd)HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\...\Run: [f.lux] => C:\Users\Daniel\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2015-02-09] (Flux Software LLC)HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\...\Run: [GoogleChromeAutoLaunch_9CB2B8404301F8169D10E27C4B481A41] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-18] (Google Inc.)HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\...\Run: [spotify] => C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe [7112248 2015-04-04] (Spotify Ltd)HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\...\Policies\Explorer: [NoChangeStartMenu] 0HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\...\Policies\Explorer: [NoLogOff] 0HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skyDrive] => C:\Users\Daniel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation)HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify Web Helper] => C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-04] (Spotify Ltd)HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => C:\Users\Daniel\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2015-02-09] (Flux Software LLC)HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_9CB2B8404301F8169D10E27C4B481A41] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-18] (Google Inc.)HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify] => C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe [7112248 2015-04-04] (Spotify Ltd)HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogOff] 0AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-15] (NVIDIA Corporation)AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175880 2015-04-15] (NVIDIA Corporation)AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [154256 2015-04-15] (NVIDIA Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnkShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnkShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_16&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtDtAtBtA0CtB0EtDzzyDtN0D0Tzu0StCtCzyzytN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0DtDzyyEtAyBtCtGtB0FtCtBtGtCyDyEyEtGzytAzztDtGtByE0C0ByD0E0Dzzzy0FyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DtD0D0Fzzzz0CtG0BtDtAtDtGyEyCtAyEtGzz0B0EtBtGtB0EtCtC0CzzzzzztDyBtBtC2QtN0A0LzutD%26cr%3D703021297%26a%3Dwny_ir_15_16%26os%3DWindows8.1 HKU\S-1-5-21-1154547124-2327209256-1540992038-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.comHKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_16&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtDtAtBtA0CtB0EtDzzyDtN0D0Tzu0StCtCzyzytN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0DtDzyyEtAyBtCtGtB0FtCtBtGtCyDyEyEtGzytAzztDtGtByE0C0ByD0E0Dzzzy0FyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DtD0D0Fzzzz0CtG0BtDtAtDtGyEyCtAyEtGzz0B0EtBtGtB0EtCtC0CzzzzzztDyBtBtC2QtN0A0LzutD%26cr%3D703021297%26a%3Dwny_ir_15_16%26os%3DWindows8.1 HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.comSearchScopes: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002 -> DefaultScope {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtDtAtBtA0CtB0EtDzzyDtN0D0Tzu0StCtCzyzytN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0DtDzyyEtAyBtCtGtB0FtCtBtGtCyDyEyEtGzytAzztDtGtByE0C0ByD0E0Dzzzy0FyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DtD0D0Fzzzz0CtG0BtDtAtDtGyEyCtAyEtGzz0B0EtBtGtB0EtCtC0CzzzzzztDyBtBtC2QtN0A0LzutD%26cr%3D703021297%26a%3Dwny_ir_15_16%26os%3DWindows8.1&p={searchTerms} SearchScopes: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtDtAtBtA0CtB0EtDzzyDtN0D0Tzu0StCtCzyzytN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0DtDzyyEtAyBtCtGtB0FtCtBtGtCyDyEyEtGzytAzztDtGtByE0C0ByD0E0Dzzzy0FyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DtD0D0Fzzzz0CtG0BtDtAtDtGyEyCtAyEtGzz0B0EtBtGtB0EtCtC0CzzzzzztDyBtBtC2QtN0A0LzutD%26cr%3D703021297%26a%3Dwny_ir_15_16%26os%3DWindows8.1&p={searchTerms} SearchScopes: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002 -> {F1DED5B2-8519-4E87-935E-D46700481619} URL = SearchScopes: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtDtAtBtA0CtB0EtDzzyDtN0D0Tzu0StCtCzyzytN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0DtDzyyEtAyBtCtGtB0FtCtBtGtCyDyEyEtGzytAzztDtGtByE0C0ByD0E0Dzzzy0FyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DtD0D0Fzzzz0CtG0BtDtAtDtGyEyCtAyEtGzz0B0EtBtGtB0EtCtC0CzzzzzztDyBtBtC2QtN0A0LzutD%26cr%3D703021297%26a%3Dwny_ir_15_16%26os%3DWindows8.1&p={searchTerms} SearchScopes: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtDtAtBtA0CtB0EtDzzyDtN0D0Tzu0StCtCzyzytN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0DtDzyyEtAyBtCtGtB0FtCtBtGtCyDyEyEtGzytAzztDtGtByE0C0ByD0E0Dzzzy0FyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DtD0D0Fzzzz0CtG0BtDtAtDtGyEyCtAyEtGzz0B0EtBtGtB0EtCtC0CzzzzzztDyBtBtC2QtN0A0LzutD%26cr%3D703021297%26a%3Dwny_ir_15_16%26os%3DWindows8.1&p={searchTerms} SearchScopes: HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F1DED5B2-8519-4E87-935E-D46700481619} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-15] (Avast Software s.r.o.)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-15] (Avast Software s.r.o.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)Winsock: Catalog9-x64 16 C:\Windows\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)Tcpip\Parameters: [DhcpNameServer] 128.83.185.41 128.83.185.40Tcpip\..\Interfaces\{9BB2BF7F-9F24-4F7C-A7AC-9B31C3E3FC1F}: [NameServer] 156.154.70.22,156.154.71.22Tcpip\..\Interfaces\{EFF8EADE-4328-493A-9149-774F87E7593D}: [NameServer] 156.154.70.22,156.154.71.22 FireFox:========FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-11] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-18] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-18] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1154547124-2327209256-1540992038-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-04-04] ()FF Plugin HKU\S-1-5-21-1154547124-2327209256-1540992038-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-04-04] ()FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-01] Chrome: =======CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-18]CHR Extension: (BetterTTV) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-04-18]CHR Extension: (Google Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-18]CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-18]CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-18]CHR Extension: (Adblock Plus) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-18]CHR Extension: (Google Search) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-18]CHR Extension: (Avast SafePrice) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-04-18]CHR Extension: (Google Sheets) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-18]CHR Extension: (Avast Online Security) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-18]CHR Extension: (Custom Google™ Background) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepibmfmhopgkplegmkjgifmhabbjadg [2015-04-18]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-18]CHR Extension: (Hangouts) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-04-18]CHR Extension: (Google Wallet) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-18]CHR Extension: (Blue Space Sunset Chrome Theme) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog [2015-04-18]CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-21]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-21] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-02-01] (Apple Inc.)R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-01-24] (Windows ® Win 7 DDK provider) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-15] (Avast Software s.r.o.)R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-21] (Avast Software)S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-17] (Microsoft Corporation)S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [247768 2013-04-02] (CyberLink)R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-02-17] (COMODO)S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-02-17] (COMODO)R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-04-15] (NVIDIA Corporation)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-12-07] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-24] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-24] (Malwarebytes Corporation)R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2012-09-13] (Micro-Star International Co., Ltd.) [File not signed]R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [142904 2012-05-22] (MSI)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-04-15] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-04-15] (NVIDIA Corporation)R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [490496 2012-09-25] () [File not signed]R2 swsesvc_1.10.0.14; C:\Program Files (x86)\SwiftSearch_1.10.0.14\Service\swsesvc.exe [279120 2015-04-14] (Swift Search)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-10] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-10] (Microsoft Corporation)R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-24] (Atheros) [File not signed]S3 BrYNSvc; "C:\Program Files (x86)\Browny02\BrYNSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3203440 2012-09-25] (Qualcomm Atheros, Inc.)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-15] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-15] (Avast Software s.r.o.)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-15] (Avast Software s.r.o.)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-15] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-15] (Avast Software s.r.o.)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-15] (Avast Software s.r.o.)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-15] (Avast Software s.r.o.)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-15] ()S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2012-09-25] (Qualcomm Atheros, Inc.)R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-24] (Qualcomm Atheros)R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO)R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [807568 2015-01-30] (COMODO)R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2015-01-30] (COMODO)R3 DUKEMS; C:\Windows\system32\drivers\DUKEMS.sys [25600 2012-08-16] ( )R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126208 2015-01-30] (COMODO)S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [17936 2011-12-12] (Windows ® Win 7 DDK provider)R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [164720 2012-09-25] (Qualcomm Atheros, Inc.)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-24] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-18] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-24] (Malwarebytes Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-01-17] (NVIDIA Corporation)U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [465624 2014-01-03] (Realsil Semiconductor Corporation)R1 swsenfd_1_10_0_14; C:\Windows\System32\drivers\swsenfd_1_10_0_14.sys [58232 2015-04-10] (Swift Search)R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-21] (Avast Software)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-10] (Microsoft Corporation)S3 WsAudio_Device(1); C:\Windows\system32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-18 19:39 - 2015-04-18 19:40 - 00035276 _____ () C:\Users\Daniel\Downloads\FRST.txt2015-04-18 19:37 - 2015-04-18 19:39 - 00000000 ____D () C:\FRST2015-04-18 19:36 - 2015-04-18 19:36 - 02098176 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe2015-04-18 19:33 - 2015-04-18 19:33 - 00000023 ____H () C:\Users\Daniel\Documents\Jul 8 2014.kdb.lock2015-04-18 18:55 - 2015-04-18 19:00 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-04-18 18:55 - 2015-04-18 19:00 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-04-18 18:55 - 2015-04-18 18:56 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Google2015-04-18 18:55 - 2015-04-18 18:55 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2015-04-18 18:55 - 2015-04-18 18:55 - 00003648 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2015-04-18 18:55 - 2015-04-18 18:55 - 00002289 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-04-18 18:55 - 2015-04-18 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-04-17 01:58 - 2015-04-17 02:00 - 275593715 _____ () C:\Users\Daniel\Downloads\Front Mission 3 (E) [sLES-02423].7z2015-04-17 01:54 - 2015-04-17 01:54 - 289651789 _____ () C:\Users\Daniel\Downloads\Front Mission 3 [NTSC-U] [sLUS-01011].rar2015-04-16 21:24 - 2015-04-17 01:36 - 00000000 ____D () C:\Users\Daniel\Downloads\ePSXe19252015-04-15 23:32 - 2015-04-15 23:37 - 00000000 ___RD () C:\Users\Daniel\Dropbox2015-04-15 23:27 - 2015-04-15 23:27 - 00356232 _____ (Dropbox, Inc.) C:\Users\Daniel\Downloads\DropboxInstaller.exe2015-04-15 22:05 - 2015-04-15 21:16 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-04-15 22:05 - 2015-04-15 21:16 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2015-04-15 21:52 - 2015-04-15 22:03 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV2015-04-15 21:52 - 2015-04-15 22:03 - 00000000 ____D () C:\WINDOWS\system32\NV2015-04-15 21:50 - 2015-04-15 21:50 - 31570064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll2015-04-15 21:50 - 2015-04-15 21:50 - 30397072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll2015-04-15 21:50 - 2015-04-15 21:50 - 25375048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll2015-04-15 21:50 - 2015-04-15 21:50 - 24053576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll2015-04-15 21:50 - 2015-04-15 21:50 - 15818528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll2015-04-15 21:50 - 2015-04-15 21:50 - 15716232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll2015-04-15 21:50 - 2015-04-15 21:50 - 14617288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll2015-04-15 21:50 - 2015-04-15 21:50 - 14006752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll2015-04-15 21:50 - 2015-04-15 21:50 - 12852784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll2015-04-15 21:50 - 2015-04-15 21:50 - 11380728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll2015-04-15 21:50 - 2015-04-15 21:50 - 10423952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys2015-04-15 21:50 - 2015-04-15 21:50 - 02896528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll2015-04-15 21:50 - 2015-04-15 21:50 - 02573456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll2015-04-15 21:50 - 2015-04-15 21:50 - 01895568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435012.dll2015-04-15 21:50 - 2015-04-15 21:50 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435012.dll2015-04-15 21:50 - 2015-04-15 21:50 - 01047368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll2015-04-15 21:50 - 2015-04-15 21:50 - 01037640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll2015-04-15 21:50 - 2015-04-15 21:50 - 00970568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll2015-04-15 21:50 - 2015-04-15 21:50 - 00962192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll2015-04-15 21:50 - 2015-04-15 21:50 - 00150648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll2015-04-15 21:50 - 2015-04-15 21:50 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll2015-04-15 21:50 - 2015-04-15 21:50 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys2015-04-15 21:38 - 2015-04-15 21:38 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe2015-04-15 21:38 - 2015-04-15 21:38 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr2015-04-15 21:18 - 2015-04-15 21:18 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2015-04-15 21:18 - 2015-04-15 21:18 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2015-04-15 21:18 - 2015-04-15 21:18 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2015-04-15 21:18 - 2015-04-15 21:18 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2015-04-15 21:18 - 2015-04-15 21:18 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2015-04-15 21:18 - 2015-04-15 21:18 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2015-04-15 21:18 - 2015-04-15 21:18 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2015-04-15 21:18 - 2015-04-15 21:18 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2015-04-15 21:18 - 2015-04-15 21:18 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2015-04-15 21:18 - 2015-04-15 21:18 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2015-04-15 21:18 - 2015-04-15 21:18 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2015-04-15 21:18 - 2015-04-15 21:18 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2015-04-15 21:18 - 2015-04-15 21:18 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2015-04-15 21:18 - 2015-04-15 21:18 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2015-04-15 21:18 - 2015-04-15 21:18 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll2015-04-15 21:18 - 2015-04-15 21:18 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2015-04-15 21:18 - 2015-04-15 21:18 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll2015-04-15 21:18 - 2015-04-15 21:18 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys2015-04-15 21:18 - 2015-04-15 21:18 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2015-04-15 21:18 - 2015-04-15 21:18 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe2015-04-15 21:18 - 2015-04-15 21:18 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys2015-04-15 21:18 - 2015-04-15 21:18 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe2015-04-15 21:18 - 2015-04-15 21:18 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll2015-04-15 21:18 - 2015-04-15 21:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll2015-04-15 21:17 - 2015-04-15 21:21 - 00000000 ____D () C:\Users\Daniel\Documents\PCSX22015-04-15 21:16 - 2015-04-15 21:16 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2015-04-15 21:16 - 2015-04-15 21:16 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2015-04-15 21:16 - 2015-04-15 21:16 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2015-04-15 21:16 - 2015-04-15 21:16 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe2015-04-15 21:16 - 2015-04-15 21:16 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe2015-04-15 21:16 - 2015-04-15 21:16 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll2015-04-15 21:16 - 2015-04-15 21:16 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll2015-04-15 21:10 - 2015-04-15 21:10 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx2015-04-15 21:07 - 2015-04-15 21:10 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.2.12015-04-15 21:07 - 2015-04-15 21:07 - 00002011 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX22015-04-14 15:37 - 2015-04-14 15:37 - 00000000 ____D () C:\Program Files (x86)\SwiftSearch_1.10.0.142015-04-12 20:07 - 2015-04-12 20:07 - 00000000 ____D () C:\Users\Daniel\Documents\PASCO Capstone Files2015-04-12 20:07 - 2015-04-12 20:07 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\PASCO Scientific2015-04-12 20:05 - 2015-04-12 20:08 - 00000000 ____D () C:\ProgramData\PASCO Scientific2015-04-12 20:05 - 2015-04-12 20:05 - 00002246 _____ () C:\Users\Public\Desktop\PASCO Capstone.lnk2015-04-12 20:05 - 2015-04-12 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PASCO scientific2015-04-12 20:04 - 2015-04-12 20:05 - 00025550 _____ () C:\WINDOWS\DPINST.LOG2015-04-12 20:04 - 2015-04-12 20:05 - 00000000 ____D () C:\Program Files (x86)\PASCO scientific2015-04-12 20:03 - 2015-04-12 20:03 - 00000000 ____D () C:\ProgramData\Pasco2015-04-12 19:56 - 2015-04-12 19:59 - 191710512 _____ (PASCO scientific) C:\Users\Daniel\Downloads\PASCO_Capstone_Setup.exe2015-04-10 15:00 - 2015-04-10 15:00 - 00058232 _____ (Swift Search) C:\WINDOWS\system32\Drivers\swsenfd_1_10_0_14.sys2015-04-10 06:43 - 2015-04-10 06:44 - 00752928 _____ () C:\WINDOWS\Minidump\041015-24765-01.dmp2015-04-07 12:04 - 2015-04-07 12:04 - 07304192 _____ () C:\Users\Daniel\Downloads\chapter7.ppt2015-04-04 02:37 - 2015-04-04 02:37 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX2015-04-04 02:37 - 2015-04-04 02:37 - 00000000 ___SD () C:\WINDOWS\system32\GWX2015-03-29 23:25 - 2015-03-29 23:25 - 01152054 _____ () C:\Users\Daniel\Downloads\F0000TEK.BMP2015-03-24 02:36 - 2015-03-24 02:37 - 00849215 _____ () C:\Users\Daniel\Downloads\Jennifer_post.pptx2015-03-21 18:27 - 2015-03-21 18:27 - 00000197 _____ () C:\WINDOWS\system32\2015-03-21-23-27-41.039-AvastVBoxSVC.exe-11204.log2015-03-20 02:49 - 2015-03-20 02:49 - 00000047 _____ () C:\Users\Daniel\jagex_cl_speccollect_LIVE.dat2015-03-20 02:39 - 2015-03-31 23:43 - 00000024 _____ () C:\Users\Daniel\random.dat2015-03-20 02:39 - 2015-03-31 22:59 - 00000045 _____ () C:\Users\Daniel\jagex_cl_oldschool_LIVE.dat2015-03-20 02:39 - 2015-03-20 02:49 - 00000000 ____D () C:\Users\Daniel\jagexcache ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-18 19:39 - 2014-06-29 16:21 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-04-18 19:36 - 2014-10-07 22:51 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Spotify2015-04-18 19:36 - 2014-10-07 22:47 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Spotify2015-04-18 19:27 - 2015-01-01 23:02 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update2015-04-18 19:07 - 2014-07-16 16:27 - 02038300 _____ () C:\WINDOWS\WindowsUpdate.log2015-04-18 19:00 - 2015-01-01 23:19 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1154547124-2327209256-1540992038-10022015-04-18 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-04-18 18:58 - 2013-07-02 21:09 - 01760256 ___SH () C:\Users\Daniel\Downloads\Thumbs.db2015-04-18 18:55 - 2013-05-02 17:04 - 00004968 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DANIEL-Daniel Daniel2015-04-18 18:55 - 2013-05-02 08:32 - 00000000 ___DO () C:\Users\Daniel\SkyDrive2015-04-18 18:55 - 2013-04-29 20:43 - 00000000 ____D () C:\Program Files (x86)\Google2015-04-18 18:50 - 2013-05-02 08:17 - 00000000 ____D () C:\Program Files\Microsoft Office 152015-04-18 18:49 - 2014-07-16 22:30 - 00038884 _____ () C:\WINDOWS\setupact.log2015-04-18 18:49 - 2012-12-07 07:42 - 00000000 ____D () C:\temp2015-04-18 18:48 - 2014-07-19 00:13 - 00546628 _____ () C:\WINDOWS\PFRO.log2015-04-18 18:48 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-04-18 18:47 - 2013-08-22 08:25 - 01310720 ___SH () C:\WINDOWS\system32\config\BBI2015-04-18 18:40 - 2015-01-01 23:13 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Dropbox2015-04-18 18:02 - 2014-11-27 20:34 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\uTorrent2015-04-18 04:03 - 2013-05-01 19:47 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Mumble2015-04-17 16:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-04-17 01:44 - 2013-04-29 20:14 - 00000000 ____D () C:\Users\Daniel\AppData\Local\CrashDumps2015-04-16 01:25 - 2013-04-08 21:44 - 00000000 ____D () C:\Users\Daniel\Desktop\GAMES2015-04-16 00:15 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat2015-04-15 23:32 - 2014-03-17 02:47 - 00000000 ____D () C:\Users\Daniel2015-04-15 22:49 - 2013-11-14 02:28 - 01162826 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-04-15 22:03 - 2013-08-22 09:44 - 05140128 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2015-04-15 22:01 - 2013-08-14 11:52 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-04-15 21:55 - 2013-04-30 23:24 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-04-15 21:55 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-04-15 21:53 - 2014-12-10 17:07 - 00000000 ____D () C:\WINDOWS\system32\appraiser2015-04-15 21:53 - 2014-07-08 22:27 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2015-04-15 21:52 - 2014-03-17 02:38 - 00000000 ____D () C:\ProgramData\NVIDIA2015-04-15 21:51 - 2014-03-17 02:38 - 00936264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe2015-04-15 21:50 - 2014-11-20 04:37 - 17176128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll2015-04-15 21:50 - 2014-03-17 02:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2015-04-15 21:50 - 2014-03-10 18:32 - 12689592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll2015-04-15 21:50 - 2014-03-10 18:32 - 03317344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll2015-04-15 21:50 - 2014-03-10 18:32 - 02935416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll2015-04-15 21:50 - 2014-03-10 18:32 - 01086424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll2015-04-15 21:50 - 2014-03-10 18:32 - 00927440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll2015-04-15 21:50 - 2014-03-10 18:32 - 00175880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll2015-04-15 21:50 - 2014-03-10 18:32 - 00154256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll2015-04-15 21:45 - 2014-12-15 23:44 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2015-04-15 21:38 - 2015-01-01 23:02 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys2015-04-15 21:38 - 2015-01-01 23:02 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys2015-04-15 21:38 - 2015-01-01 23:02 - 00271200 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys2015-04-15 21:38 - 2015-01-01 23:02 - 00136752 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys2015-04-15 21:38 - 2015-01-01 23:02 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys2015-04-15 21:38 - 2015-01-01 23:02 - 00088408 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys2015-04-15 21:38 - 2015-01-01 23:02 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys2015-04-15 21:38 - 2015-01-01 23:02 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys2015-04-15 21:08 - 2013-05-27 01:35 - 00000000 ____D () C:\ProgramData\Package Cache2015-04-15 20:49 - 2014-07-08 03:08 - 00023708 _____ () C:\Users\Daniel\Documents\Jul 8 2014.kdb2015-04-14 02:12 - 2014-11-09 18:40 - 00007875 _____ () C:\WINDOWS\BRRBCOM.INI2015-04-13 19:30 - 2013-05-05 04:48 - 00000000 ____D () C:\Program Files (x86)\Steam2015-04-13 17:10 - 2014-05-29 17:08 - 00000000 ____D () C:\Users\Daniel\Desktop\College2015-04-12 20:05 - 2012-12-07 07:47 - 00000000 ____D () C:\Program Files\DIFX2015-04-10 06:43 - 2014-07-30 01:40 - 1310950117 _____ () C:\WINDOWS\MEMORY.DMP2015-04-10 06:43 - 2014-04-13 14:13 - 00000000 ____D () C:\WINDOWS\Minidump2015-04-08 19:58 - 2014-03-10 18:32 - 00029329 _____ () C:\WINDOWS\system32\nvinfo.pb2015-04-08 16:30 - 2014-03-17 02:38 - 06841488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll2015-04-08 16:30 - 2014-03-17 02:38 - 03478344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll2015-04-08 16:30 - 2014-03-17 02:38 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll2015-04-08 16:30 - 2014-03-17 02:38 - 01047696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll2015-04-08 16:30 - 2014-03-17 02:38 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll2015-04-08 16:30 - 2014-03-17 02:38 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll2015-04-08 16:30 - 2014-03-17 02:38 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll2015-04-08 12:52 - 2014-03-17 02:38 - 04336074 _____ () C:\WINDOWS\system32\nvcoproc.bin2015-04-07 12:06 - 2013-04-29 19:31 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Packages2015-04-06 13:10 - 2014-10-19 17:04 - 00000000 ____D () C:\Users\Daniel\AppData\Local\anaconda-launcher2015-04-06 05:46 - 2014-10-19 17:10 - 00000000 ____D () C:\Users\Daniel\CS303E2015-04-06 05:25 - 2014-10-19 16:53 - 00000000 ____D () C:\Users\Daniel\Anaconda2015-04-04 18:35 - 2014-10-07 22:48 - 00001866 _____ () C:\Users\Daniel\Desktop\Spotify.lnk2015-04-04 18:35 - 2014-10-07 22:48 - 00001852 _____ () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2015-03-29 15:06 - 2015-01-19 19:22 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\vlc2015-03-28 17:40 - 2014-04-21 19:26 - 00000000 ____D () C:\Users\Daniel\.VirtualBox2015-03-27 22:44 - 2014-06-03 00:21 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll2015-03-27 22:44 - 2013-10-28 19:14 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll2015-03-27 22:43 - 2014-06-03 00:21 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll2015-03-27 22:43 - 2013-10-28 19:14 - 01570672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll2015-03-24 17:17 - 2014-06-29 16:20 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-03-24 17:17 - 2014-06-29 16:20 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2015-03-24 17:17 - 2014-06-29 16:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-03-24 17:17 - 2014-02-09 03:21 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-03-21 18:27 - 2015-03-16 13:34 - 00000197 _____ () C:\WINDOWS\system32\2015-03-16-18-34-30.048-AvastVBoxSVC.exe-4904.log2015-03-19 14:09 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports ==================== Files in the root of some directories ======= 2013-05-10 17:28 - 2014-06-17 16:39 - 0007611 _____ () C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg Files to move or delete:====================C:\Users\Daniel\jagex_cl_oldschool_LIVE.datC:\Users\Daniel\jagex_cl_speccollect_LIVE.datC:\Users\Daniel\random.dat Some content of TEMP:====================C:\Users\Daniel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnqkvde.dllC:\Users\Daniel\AppData\Local\Temp\ICReinstall_CR_Downloader_for_front-mission-3.exeC:\Users\Daniel\AppData\Local\Temp\ICReinstall_CR_Downloader_for_neo-geo.exeC:\Users\Daniel\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exeC:\Users\Daniel\AppData\Local\Temp\jre-8u31-windows-au.exeC:\Users\Daniel\AppData\Local\Temp\Nexus%20Mod%20Manager-0.52.3.exeC:\Users\Daniel\AppData\Local\Temp\Quarantine.exeC:\Users\Daniel\AppData\Local\Temp\SpotifyUninstall.exeC:\Users\Daniel\AppData\Local\Temp\utt15B1.tmp.exeC:\Users\Daniel\AppData\Local\Temp\utt1D1B.tmp.exeC:\Users\Daniel\AppData\Local\Temp\uttAF9A.tmp.exeC:\Users\Daniel\AppData\Local\Temp\_is3170.exeC:\Users\Daniel\AppData\Local\Temp\_is7122.exeC:\Users\Daniel\AppData\Local\Temp\{C5940957-05A5-436F-8D96-1409991513BB}.exe Some zero byte size files/folders:==========================C:\Windows\System32\Drivers\btmhsf.sys ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-16 00:00 ==================== End Of Log ============================ Addition.txt
  13. The only symptoms are described in the title. Began about a week ago, I'd been streaming video with Chrome and suddenly the advertisements started ignoring my ABP. Did not have Firefox open at the time, but Firefox was also affected with similar symptoms, random adware extensions downloading and running. I found the two random-character folders in ProgramData while following instructions for removal of one of the extensions, trying to figure out where they might be coming from. I couldn't delete them at first, they were a regular pain in the rear end until I took ownership of the folders and toyed with permissions for a while. I don't know if they're related to the adware issue, but I did want to make them known just in case. Reinstalled Chrome clean just a few days ago when the browser refused to let me download an extension I actually wanted to download. That fixed the problem. Ran MBAM the same night and found a PUP (can't remember what kind or the full name) as well as IndepthEdit issues, all removed. Today's MBAM quick scan resulted in no threats. Uninstalled uTorrent. I think all torrent files are gone. Thank you in advance! FRST Log: When I tried to post the topic with Addition.txt, the post editor said I had to shorten the post 'a little'. Very unhelpful. Can we get a max character counter please? Addition.txt
  14. Hi Malwarebytes forums, im having a problem with my computer it seems to be infected by a nasty adware. Chrome keeps on repeatedly self installing ad extensions even after i remove them and run Malwarebytes Removal Tool. as instructed on the pinned post, i ran FRST and here are the logs. FRST log here is the Addition Log Addition.txt FRST.txt
  15. Im using Malwarebytes Anti-Exploit on a windows 7 ultimate 64 bit pc mainly protecting google chrome. In the advanced settings menu I noticed alot of protection options disabled for various attack surfaces. For example under application hardening for Browsers and Chrome Browsers Bottom Up ASLR Enforcement was disabled and for Crome browsers Anti-HeapSpraying Enforcement was disabled. Which options is it safe to enable and is it adviced to test this yourself on a trial and error basis or should I leave all the options as default? Any help with which settings I could enable without worry is greatly appreciated. Im using: Windows 7 Ultimate 64bit Google Chrome 41.0.2272.118 m (64-bit)Malwarebytes Anti Malware Free 2.0.4.1028 using database v2015.04.11.08Malwarebytes Anti Exploit Premium 1.06.1.1018Hitmanpro (no realtime)Browser Extensions: Avira Browser SafetyAdblockPlusWeb of TrustHTTPS EverywhereGoogle DocsGoogle SheetsGoogle SlidesThanks in Advance.
  16. Hi all I have problem with random ad keeps spamming me while i am surfing web. I have read the topic im infected what-do i do now and follow those steps there by trying: MBAM, FARBAR RECOVERY SCAN TOOL but those ads still keep coming back. i have been bombed with those annoying ads for 1 month. Please help me if you can. Thanks, Long FRST.txt Addition.txt
  17. The Hijacker, www.safesear.ch, is set as my Chrome default browser and is locked with an icon that says "This setting is enforced by your administrator". This a a private windows 8.1 laptop and I am the administrator. I have run free Malware Bites and it does not identify the hijacker. I have run AdwCleaner and it apparently finds the hijacker and says it cleans it but when i open Chrome Browser again it is still there. I use Bit Defender 2014 for virus protection and with a full scan it does not find anything. When I check for programs names Safe Search, Safesear, safesear.ch, none are found. none of the short cuts are affected. Internet Explorer and Fire Fox are both clean. I have done both Malware Bites and AdwCleaner scans in minimum Safe Mode with no help. When I open Chrome, Chrome tasks are opened and remain open after I shut down the Browser so I must use Task Manager to shut down the tasks to uninstall Chrome. i have shut down the Chrome process and renamed the DEFAULT file, forcing Chrome to generate a new one but www.safesear.ch remains the default browser. I am at a loss as to what to do next. Please help. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by dorma_000 (administrator) on BILLANDJO on 13-03-2015 13:16:25 Running from C:\Users\dorma_000\Downloads Loaded Profiles: UpdatusUser & dorma_000 (Available profiles: UpdatusUser & dorma_000) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe (Soluto) C:\Program Files\Soluto\SolutoService.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Soluto) C:\Program Files\Soluto\Soluto.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor) HKLM\...\Run: [bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1757520 2014-12-08] (Bitdefender) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM\...\Run: [soluto] => c:\program files\soluto\soluto.exe [1253848 2013-01-29] (Soluto) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Qualcomm Atheros Commnucations)) HKU\S-1-5-21-4258198927-4012173705-4119787221-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation) HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\Run: [spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-12-14] () HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18247424 2014-02-13] (Acer Incorporated) HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender) HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-23] (Bitdefender) HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-23] (Bitdefender) HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\Run: [GoogleChromeAutoLaunch_029DEB9830534415356275BD590D8920] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.) HKU\S-1-5-18\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender) HKU\S-1-5-18\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-23] (Bitdefender) HKU\S-1-5-18\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-23] (Bitdefender) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation) AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://rockmelt.com/?via=acer&mt=preload URLSearchHook: [s-1-5-21-4258198927-4012173705-4119787221-1001] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4258198927-4012173705-4119787221-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2014-08-23] (Bitdefender) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-01-25] (Qualcomm Atheros Commnucations) BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll [2014-08-23] (Bitdefender) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\dorma_000\AppData\Roaming\Mozilla\Firefox\Profiles\8f3b30io.default-1425496160666 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] () FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-13] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-04-06] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-04-14] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR HomePage: Default -> hxxp://my.yahoo.com/ CHR StartupUrls: Default -> "hxxp://my.yahoo.com/" CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} CHR Profile: C:\Users\dorma_000\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Television Fanatic Homepage) - C:\Users\dorma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpgmmlogfloaeldffkaeijpkdgabijk [2015-03-08] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dorma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04] CHR Extension: (Google Wallet) - C:\Users\dorma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-04] CHR Extension: (Bitdefender QuickScan) - C:\Users\dorma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-03-08] CHR HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-12-08] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations) [File not signed] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2798336 2014-02-13] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-11] (WildTangent) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate) R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-23] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1538672 2014-12-08] (Bitdefender) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-12-08] (BitDefender) S3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [263032 2014-12-08] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-23] (BitDefender) S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC) S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-09] (Acer Incorporated) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.) R3 msvad_simple; C:\Windows\system32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-09] (Acer Incorporated) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-12-08] (BitDefender S.R.L.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed] S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation) R3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-13 13:16 - 2015-03-13 13:16 - 02095616 _____ (Farbar) C:\Users\dorma_000\Downloads\FRST64.exe 2015-03-13 13:16 - 2015-03-13 13:16 - 00019318 _____ () C:\Users\dorma_000\Downloads\FRST.txt 2015-03-13 13:16 - 2015-03-13 13:16 - 00000000 ____D () C:\FRST 2015-03-13 12:40 - 2015-03-13 12:40 - 00000760 _____ () C:\Users\dorma_000\Desktop\JRT.txt 2015-03-13 12:36 - 2015-03-13 12:36 - 01388333 _____ (Thisisu) C:\Users\dorma_000\Downloads\JRT (1).exe 2015-03-13 12:10 - 2015-03-13 12:10 - 00002283 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-13 12:10 - 2015-03-13 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-13 12:09 - 2015-03-13 13:14 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-13 12:09 - 2015-03-13 12:14 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-13 12:09 - 2015-03-13 12:09 - 00880208 _____ (Google Inc.) C:\Users\dorma_000\Downloads\ChromeSetup(1).exe 2015-03-13 12:09 - 2015-03-13 12:09 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-03-13 12:09 - 2015-03-13 12:09 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-03-13 10:29 - 2015-03-04 16:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-03-13 10:29 - 2015-03-04 16:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-13 10:00 - 2015-03-13 10:00 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\dorma_000\Downloads\sh-remover.exe 2015-03-11 18:03 - 2015-03-11 18:03 - 00010556 _____ () C:\Users\dorma_000\Downloads\hijackthis.log 2015-03-11 18:01 - 2015-03-11 18:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\dorma_000\Downloads\HijackThis.exe 2015-03-11 12:53 - 2015-03-11 12:53 - 00000000 ____D () C:\WINDOWS\pss 2015-03-11 12:42 - 2015-03-11 12:42 - 00000000 ____D () C:\WINDOWS\system32\Soluto 2015-03-11 11:50 - 2015-02-03 18:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-03-11 11:50 - 2015-02-03 18:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-03-11 11:50 - 2015-02-03 18:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-03-11 11:50 - 2015-02-02 18:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-03-11 11:50 - 2015-02-02 18:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-03-11 11:50 - 2015-01-26 22:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe 2015-03-11 11:50 - 2015-01-23 20:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe 2015-03-11 11:49 - 2015-03-05 21:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-03-11 11:49 - 2015-03-05 21:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-03-11 11:49 - 2015-02-25 18:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-03-11 11:49 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-03-11 11:49 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-03-11 11:49 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-03-11 11:49 - 2015-02-20 19:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-03-11 11:49 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-03-11 11:49 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-03-11 11:49 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-03-11 11:49 - 2015-02-19 22:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-03-11 11:49 - 2015-02-19 21:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-03-11 11:49 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-03-11 11:49 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-03-11 11:49 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-03-11 11:49 - 2015-02-19 21:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-03-11 11:49 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2015-03-11 11:49 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-03-11 11:49 - 2015-02-19 21:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-03-11 11:49 - 2015-02-19 21:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-03-11 11:49 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-03-11 11:49 - 2015-02-19 21:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-03-11 11:49 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-03-11 11:49 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-03-11 11:49 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-03-11 11:49 - 2015-02-19 20:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-03-11 11:49 - 2015-02-19 20:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-03-11 11:49 - 2015-02-19 20:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-03-11 11:49 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-03-11 11:49 - 2015-02-19 20:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-03-11 11:49 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-03-11 11:49 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-03-11 11:49 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-03-11 11:49 - 2015-02-19 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-03-11 11:49 - 2015-02-19 20:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-03-11 11:49 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-03-11 11:49 - 2015-02-19 20:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-03-11 11:49 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-03-11 11:49 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-03-11 11:49 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-03-11 11:49 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-03-11 11:49 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-03-11 11:49 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-03-11 11:49 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-03-11 11:49 - 2015-02-12 12:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-03-11 11:49 - 2015-02-12 12:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-03-11 11:49 - 2015-02-07 18:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2015-03-11 11:49 - 2015-02-07 18:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2015-03-11 11:49 - 2015-02-06 18:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-03-11 11:49 - 2015-02-05 20:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2015-03-11 11:49 - 2015-02-05 20:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2015-03-11 11:49 - 2015-02-05 15:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2015-03-11 11:49 - 2015-02-02 19:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2015-03-11 11:49 - 2015-02-02 19:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2015-03-11 11:49 - 2015-01-30 18:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2015-03-11 11:49 - 2015-01-30 18:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2015-03-11 11:49 - 2015-01-30 18:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2015-03-11 11:49 - 2015-01-29 22:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2015-03-11 11:49 - 2015-01-29 22:00 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys 2015-03-11 11:49 - 2015-01-29 21:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll 2015-03-11 11:49 - 2015-01-29 21:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll 2015-03-11 11:49 - 2015-01-29 21:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll 2015-03-11 11:49 - 2015-01-29 20:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll 2015-03-11 11:49 - 2015-01-29 20:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll 2015-03-11 11:49 - 2015-01-29 20:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll 2015-03-11 11:49 - 2015-01-29 20:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll 2015-03-11 11:49 - 2015-01-29 20:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll 2015-03-11 11:49 - 2015-01-29 20:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll 2015-03-11 11:49 - 2015-01-29 20:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll 2015-03-11 11:49 - 2015-01-29 20:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll 2015-03-11 11:49 - 2015-01-29 20:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll 2015-03-11 11:49 - 2015-01-29 20:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll 2015-03-11 11:49 - 2015-01-29 13:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-03-11 11:49 - 2015-01-29 13:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-03-11 11:49 - 2015-01-28 20:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll 2015-03-11 11:49 - 2015-01-28 20:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll 2015-03-11 11:49 - 2015-01-28 20:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-11 11:49 - 2015-01-28 20:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2015-03-11 11:49 - 2015-01-28 20:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2015-03-11 11:49 - 2015-01-28 20:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-11 11:49 - 2015-01-28 19:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-03-11 11:49 - 2015-01-28 19:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2015-03-11 11:49 - 2015-01-28 19:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2015-03-11 11:49 - 2015-01-28 19:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-03-11 11:49 - 2015-01-28 10:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-03-11 11:49 - 2015-01-28 10:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-03-11 11:49 - 2015-01-28 10:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-03-11 11:49 - 2015-01-27 21:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll 2015-03-11 11:49 - 2015-01-27 20:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll 2015-03-11 11:49 - 2015-01-27 20:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2015-03-11 11:49 - 2015-01-27 20:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2015-03-11 11:49 - 2015-01-27 18:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-03-11 11:49 - 2015-01-27 18:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-03-11 11:49 - 2015-01-26 23:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2015-03-11 11:49 - 2015-01-26 21:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2015-03-11 11:49 - 2015-01-23 02:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2015-03-11 11:49 - 2015-01-23 00:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2015-03-11 11:49 - 2015-01-21 00:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-03-11 11:49 - 2015-01-21 00:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2015-03-11 11:49 - 2014-12-11 00:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe 2015-03-11 11:45 - 2015-03-13 13:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-10 19:41 - 2015-03-10 19:41 - 00002220 _____ () C:\Users\Public\Desktop\ImTOO iPhone Contacts Transfer.lnk 2015-03-10 19:41 - 2015-03-10 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImTOO 2015-03-10 19:38 - 2015-03-10 19:38 - 00000000 ____D () C:\ProgramData\ImTOO 2015-03-10 19:38 - 2015-03-10 19:38 - 00000000 ____D () C:\Program Files (x86)\ImTOO 2015-03-10 19:36 - 2015-03-10 19:37 - 21389024 _____ () C:\Users\dorma_000\Downloads\iphone-contacts-transfer-92146.exe 2015-03-09 17:22 - 2015-03-09 17:22 - 00880208 _____ (Google Inc.) C:\Users\dorma_000\Downloads\ChromeSetup.exe 2015-03-09 15:28 - 2015-03-09 15:28 - 00000000 _____ () C:\autoexec.bat 2015-03-09 15:27 - 2015-03-09 15:27 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\dorma_000\Downloads\SpyHunter-Installer.exe 2015-03-08 14:12 - 2015-03-08 14:13 - 02126848 _____ () C:\Users\dorma_000\Downloads\AdwCleaner (1).exe 2015-03-08 14:05 - 2015-03-08 14:05 - 00002576 _____ () C:\Users\dorma_000\Downloads\software_removal_tool.log 2015-03-08 13:06 - 2015-03-08 13:06 - 00001386 _____ () C:\Users\dorma_000\Desktop\Steam.exe - Shortcut.lnk 2015-03-04 15:45 - 2015-03-04 15:45 - 00023641 _____ () C:\Users\dorma_000\Downloads\FY 2014 HUD Median Homeownership Value Limits.xlsx 2015-03-04 15:16 - 2015-03-04 15:19 - 00000000 ____D () C:\Users\dorma_000\AppData\Roaming\PDF Reader 2015-03-04 14:41 - 2014-10-28 20:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll 2015-03-04 14:40 - 2014-10-28 21:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll 2015-03-04 14:38 - 2014-10-28 20:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2015-03-04 14:37 - 2014-10-28 20:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2015-03-04 14:35 - 2014-10-28 20:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2015-03-04 14:35 - 2014-10-28 19:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2015-03-04 14:35 - 2014-10-28 19:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll 2015-03-04 14:35 - 2014-10-28 19:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll 2015-03-04 14:34 - 2014-10-28 21:45 - 01198080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2015-03-04 14:34 - 2014-10-28 20:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll 2015-03-04 14:34 - 2014-10-28 20:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll 2015-03-04 14:34 - 2014-10-28 19:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll 2015-03-04 14:34 - 2014-10-28 19:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll 2015-03-04 14:33 - 2014-10-28 22:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2015-03-04 14:33 - 2014-10-28 21:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2015-03-04 14:33 - 2014-10-28 21:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2015-03-04 14:33 - 2014-10-28 21:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll 2015-03-04 14:33 - 2014-10-28 21:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe 2015-03-04 14:33 - 2014-10-28 21:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll 2015-03-04 14:33 - 2014-10-28 21:03 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe 2015-03-04 14:33 - 2014-10-28 21:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2015-03-04 14:33 - 2014-10-28 21:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2015-03-04 14:33 - 2014-10-28 20:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe 2015-03-04 14:33 - 2014-10-28 20:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll 2015-03-04 14:33 - 2014-10-28 20:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll 2015-03-04 14:33 - 2014-10-28 20:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll 2015-03-04 14:33 - 2014-10-28 19:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll 2015-03-04 14:32 - 2014-10-28 21:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2015-03-04 14:32 - 2014-10-28 21:46 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2015-03-04 14:32 - 2014-10-28 21:46 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2015-03-04 14:32 - 2014-10-28 21:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe 2015-03-04 14:32 - 2014-10-28 21:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2015-03-04 14:32 - 2014-10-28 21:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2015-03-04 14:09 - 2015-03-04 14:09 - 00000000 ____D () C:\Users\dorma_000\Desktop\Old Firefox Data 2015-03-04 13:54 - 2015-03-13 12:54 - 00000000 ____D () C:\Users\dorma_000\AppData\Local\Component 2015-03-04 13:54 - 2015-03-04 13:54 - 00001051 _____ () C:\Users\Public\Desktop\PDF Reader.lnk 2015-03-04 13:54 - 2015-03-04 13:54 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Component System 2015-03-04 13:54 - 2015-03-04 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Reader 2015-03-04 13:53 - 2015-03-04 13:54 - 00000000 ____D () C:\Users\dorma_000\AppData\Local\Fast Browser 2015-03-04 13:53 - 2015-03-04 13:53 - 00002239 _____ () C:\Users\dorma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk 2015-03-04 13:53 - 2015-03-04 13:53 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2015-03-04 13:52 - 2015-03-04 13:52 - 00226456 _____ () C:\Users\dorma_000\Downloads\Adobe_Reader.exe 2015-02-26 12:10 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls 2015-02-26 12:10 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls 2015-02-26 12:10 - 2014-10-28 20:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-02-26 12:10 - 2014-10-28 20:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2015-02-26 12:10 - 2014-10-28 20:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-02-26 12:10 - 2014-10-28 20:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2015-02-21 11:45 - 2015-02-21 11:45 - 01368303 _____ () C:\Users\dorma_000\Downloads\Maps for History of Baptists (1).pptx 2015-02-20 09:17 - 2015-02-20 09:17 - 01368303 _____ () C:\Users\dorma_000\Downloads\Maps for History of Baptists.pptx 2015-02-20 09:03 - 2015-02-20 09:03 - 00030425 _____ () C:\Users\dorma_000\Downloads\Attachments_2015220 (1).zip 2015-02-20 09:02 - 2015-02-20 09:02 - 00174729 _____ () C:\Users\dorma_000\Downloads\Attachments_2015220.zip 2015-02-11 12:46 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll 2015-02-11 12:46 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll 2015-02-11 12:46 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-02-11 12:46 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-02-11 12:46 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-02-11 12:46 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-02-11 12:46 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-02-11 12:46 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-02-11 12:46 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-02-11 12:46 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-02-11 12:45 - 2015-02-03 18:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-02-11 12:45 - 2015-02-03 18:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-02-11 12:45 - 2015-02-03 18:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-02-11 12:45 - 2015-02-02 18:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-02-11 12:45 - 2015-02-02 18:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-02-11 12:45 - 2015-02-02 18:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-02-11 12:45 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2015-02-11 12:45 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-02-11 12:45 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-02-11 12:45 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-02-11 12:45 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-02-11 12:45 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2015-02-11 12:45 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-11 12:45 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-02-11 12:45 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-11 12:45 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2015-02-11 12:45 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2015-02-11 12:45 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2015-02-11 12:45 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-02-11 12:45 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2015-02-11 12:45 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2015-02-11 12:45 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-13 13:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-03-13 13:01 - 2014-04-05 21:16 - 02073118 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-13 12:59 - 2014-04-05 17:23 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4258198927-4012173705-4119787221-1002 2015-03-13 12:49 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-03-13 12:49 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-03-13 12:33 - 2014-04-30 11:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-03-13 12:10 - 2014-04-05 22:26 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-13 12:06 - 2013-11-14 02:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-03-13 12:06 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-03-13 12:03 - 2014-04-05 21:36 - 00000000 ___DO () C:\Users\dorma_000\SkyDrive 2015-03-13 12:01 - 2013-08-22 09:46 - 00358078 _____ () C:\WINDOWS\setupact.log 2015-03-13 12:01 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-13 12:01 - 2013-08-22 09:44 - 00394528 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-03-13 12:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2015-03-13 12:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-13 12:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-13 12:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-13 12:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore 2015-03-13 12:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-13 12:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-13 12:00 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-03-13 11:56 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-03-13 11:15 - 2014-05-08 12:11 - 00000000 ____D () C:\AdwCleaner 2015-03-13 10:38 - 2014-05-08 12:34 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-03-13 10:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer 2015-03-13 10:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager 2015-03-13 10:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera 2015-03-13 09:33 - 2014-04-05 22:15 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E4E88E14-951E-40C1-84B1-EE56B9CB6095} 2015-03-11 18:02 - 2014-04-05 17:14 - 00000000 ____D () C:\Users\dorma_000\AppData\Local\VirtualStore 2015-03-11 12:54 - 2014-04-28 20:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-11 12:40 - 2013-11-14 02:20 - 00279944 _____ () C:\WINDOWS\PFRO.log 2015-03-10 19:06 - 2014-04-05 18:17 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-03-10 19:01 - 2014-04-05 18:17 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-03-09 16:27 - 2014-08-24 21:47 - 00278016 ___SH () C:\Users\dorma_000\Desktop\Thumbs.db 2015-03-09 14:29 - 2014-04-05 21:21 - 00000000 ____D () C:\Users\dorma_000 2015-03-08 15:49 - 2014-04-14 13:58 - 00003576 _____ () C:\WINDOWS\System32\Tasks\Bitdefender Autoscan 2015-03-08 13:53 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\InputMethod 2015-03-08 13:28 - 2014-05-08 12:34 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-03-08 13:28 - 2014-05-08 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-03-08 13:28 - 2014-05-08 12:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-03-04 13:53 - 2013-08-22 10:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2015-03-04 13:53 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy 2015-02-20 09:19 - 2014-04-06 15:27 - 00000000 ____D () C:\Users\dorma_000\Documents\Maranatha 2015-02-15 16:31 - 2015-02-01 14:59 - 00000000 ____D () C:\adb 2015-02-15 14:20 - 2014-12-12 13:30 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-15 14:20 - 2014-07-08 18:18 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-12 15:55 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF ==================== Files in the root of some directories ======= 2014-04-05 22:39 - 2014-04-06 15:39 - 0000079 _____ () C:\Users\dorma_000\AppData\Roaming\WB.CFG 2014-06-19 11:03 - 2014-07-11 17:42 - 0009728 _____ () C:\Users\dorma_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-14 13:58 - 2014-04-14 13:58 - 0498849 _____ () C:\ProgramData\1397501674.bdinstall.bin 2015-01-20 16:31 - 2015-01-20 16:31 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-12-14 13:09 - 2013-12-14 13:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-04-05 17:28 - 2014-04-05 17:28 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc Some content of TEMP: ==================== C:\Users\dorma_000\AppData\Local\Temp\APNSetup.exe C:\Users\dorma_000\AppData\Local\Temp\Execute2App.exe C:\Users\dorma_000\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\dorma_000\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\dorma_000\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\dorma_000\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\dorma_000\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\dorma_000\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\dorma_000\AppData\Local\Temp\msvcp90.dll C:\Users\dorma_000\AppData\Local\Temp\msvcr90.dll C:\Users\dorma_000\AppData\Local\Temp\optprosetup.exe C:\Users\dorma_000\AppData\Local\Temp\vlc-2.1.3-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-08 14:38 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by dorma_000 at 2015-03-13 13:17:36 Running from C:\Users\dorma_000\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated) Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated) Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer) Acer Games (HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated) Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated) Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3003.1 - Acer Incorporated) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3004 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated) Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 17.27.0.1146 - Bitdefender) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) ChrisPC Free Anonymous Proxy 5.40 (HKLM-x32\...\{6006089C-84B5-4F18-8113-D96792AED0DE}_is1) (Version: - Chris P.C. srl) Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM) Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.) Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 8.1.0.17 - WildTangent, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard) HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MyHarmony (HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech) Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG) NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation) Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer) OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.) Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
  18. I have found a "hidden" extension, that is not in the usual Chrome extension list called SuperAdRomove. I believe it interferes with certain websites giving me the "Aw Snap!" Chrome warning that something was wrong with a webpage. I know it is this SuperAdRomove because when I disable it in the Chrome task manager, I can load the webpages (usually wikia web pages) just fine. when I close Chrome and reopen it, SuperAdRomove is back in the Extensions list and the webpages show the "Aw Snap!" warning again. I think I have the ID path for the Extension here: SuperAdRomove chrome-extension://bpimjanmknifnoiajikmhmhmlihdccbd/background.html I have a bad feeling about extensions I don't remember installing and can't permanently get rid of. I have run Malwarebyte's and it does not hit this program. I'm trying Microsoft's Malicious Software Removal Tool at the moment and will post if it has any results. Can someone please help me remove this thing from my computer? Thanks
  19. Not quite sure where to post this... MB has detected 305 non-malware items that belong to Google Chrome and more specifically, to one of the 20 odd extensions installed. Have quarantined these non-malware items but how can i determine which extension is the culprit? See per attachment. BTW, my apologies for not responding to my first post here! Thought settings were made to advise me via email. Should be good this time! non-malware items detected 305.txt
  20. Hello, Thank you for taking the time to help with this. My main problem is that I have a fast laptop that's behaving very slow. Sporadic alert boxes appear saying that the system is low on memory when only browsing the web (I have 12gb of RAM). There is definitely something going on here. Here is the log file:- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01Ran by paul (administrator) on PAULSLAPTOP on 06-03-2015 23:40:08Running from C:\Users\paul\DesktopLoaded Profiles: UpdatusUser & paul (Available profiles: UpdatusUser & paul & Guest)Platform: Windows 8 (X64) OS Language: English (United States)Internet Explorer Version 10 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe(DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\dglvrsvc.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe(Spotify Ltd) C:\Users\paul\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Facebook) C:\Users\paul\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(LINE Corporation) C:\Program Files (x86)\Naver\LINE\Line.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayAppHKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2775804174-2262364050-3693733238-1002\...\Run: [Facebook Update] => C:\Users\paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-09] (Facebook Inc.)HKU\S-1-5-21-2775804174-2262364050-3693733238-1002\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation)HKU\S-1-5-21-2775804174-2262364050-3693733238-1002\...\Run: [spotify] => C:\Users\paul\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-02-11] (Spotify Ltd)HKU\S-1-5-21-2775804174-2262364050-3693733238-1002\...\Run: [spotify Web Helper] => C:\Users\paul\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-11] (Spotify Ltd)HKU\S-1-5-21-2775804174-2262364050-3693733238-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)HKU\S-1-5-21-2775804174-2262364050-3693733238-1002\...\Run: [GoToMeeting] => C:\Users\paul\AppData\Local\Citrix\GoToMeeting\1468\g2mstart.exe [40304 2014-07-12] (Citrix Online, a division of Citrix Systems, Inc.)HKU\S-1-5-21-2775804174-2262364050-3693733238-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-11-08] (Electronic Arts)HKU\S-1-5-21-2775804174-2262364050-3693733238-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)HKU\S-1-5-21-2775804174-2262364050-3693733238-1002\...\Run: [GoogleChromeAutoLaunch_4BC6A3A146A3475CAD0E7CF8A223408D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-18] (Google Inc.)AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [247144 2012-10-09] (NVIDIA Corporation)AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [202600 2012-10-09] (NVIDIA Corporation)Startup: C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnkShortcutTarget: Facebook Messenger.lnk -> C:\Users\paul\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2775804174-2262364050-3693733238-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.comHKU\S-1-5-21-2775804174-2262364050-3693733238-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.comSearchScopes: HKU\S-1-5-21-2775804174-2262364050-3693733238-1002 -> DefaultScope {CF50D439-8C56-4617-ADD2-C75CCD3EB842} URL = SearchScopes: HKU\S-1-5-21-2775804174-2262364050-3693733238-1002 -> {CF50D439-8C56-4617-ADD2-C75CCD3EB842} URL = BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL (Symantec Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\4nty6emn.defaultFF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2775804174-2262364050-3693733238-1002: @citrixonline.com/appdetectorplugin -> C:\Users\paul\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin HKU\S-1-5-21-2775804174-2262364050-3693733238-1002: facebook.com/fbDesktopPlugin -> C:\Users\paul\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013-11-12]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-02-27] Chrome: =======CHR HomePage: Default -> CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileCHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Profile: C:\Users\paul\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-09]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]CHR Extension: (YouTube) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-09]CHR Extension: (Nanny for Google Chrome ) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno [2015-02-11]CHR Extension: (Google Search) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-09]CHR Extension: (LastPass: Free Password Manager) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-08-09]CHR Extension: (Norton Identity Safe) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-05]CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-25]CHR Extension: (Google Wallet) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-09]CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-11]CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-2775804174-2262364050-3693733238-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-11]CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)R2 dglvrsvc; C:\windows\dglvrsvc.exe [30464 2014-11-21] (DEVGURU Co., LTD.(www.devguru.co.kr))R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-10-19] (Samsung Electronics CO., LTD.)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55120 2012-11-01] (Condusiv Technologies)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-13] (Electronic Arts)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [1525848 2013-09-24] (Symantec Corporation)R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)R3 dglvrbus; C:\Windows\System32\drivers\dglvrbus.sys [77568 2014-11-21] (DEVGURU Co., LTD.(www.devguru.co.kr))R3 dglvrkdod; C:\Windows\system32\DRIVERS\dglvrkdod.sys [37120 2014-11-21] (DEVGURU Co., LTD.(www.devguru.co.kr))R3 dglvrmflt; C:\Windows\System32\drivers\dglvrmflt.sys [18688 2014-11-21] (DEVGURU Co., LTD.(www.devguru.co.kr))R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-28] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-28] (Symantec Corporation)R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131111.002\IDSvia64.sys [521816 2013-11-06] (Symantec Corporation)R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [28496 2012-11-01] (Condusiv Technologies)R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104272 2012-11-01] (Condusiv Technologies)S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131007.009\ENG64.SYS [126040 2013-08-30] (Symantec Corporation)S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131007.009\EX64.SYS [2099288 2013-08-30] (Symantec Corporation)S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2012-07-26] (Microsoft Corporation)R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-21] (Symantec Corporation)R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-10] (Symantec Corporation)R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [X]S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-06 23:40 - 2015-03-06 23:41 - 00026766 _____ () C:\Users\paul\Desktop\FRST.txt2015-03-06 23:39 - 2015-03-06 23:40 - 00000000 ____D () C:\FRST2015-03-06 23:38 - 2015-03-06 23:38 - 02092544 _____ (Farbar) C:\Users\paul\Desktop\FRST64.exe2015-03-06 23:37 - 2015-03-06 23:37 - 01132544 _____ (Farbar) C:\Users\paul\Desktop\FRST.exe2015-03-06 23:33 - 2015-03-06 23:33 - 00003136 _____ () C:\windows\System32\Tasks\Registry Optimizer2015-03-06 14:24 - 2015-03-06 14:24 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-03-06 14:23 - 2015-03-06 14:23 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-03-06 14:23 - 2015-03-06 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-03-06 14:23 - 2015-03-06 14:23 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-03-06 14:23 - 2015-03-06 14:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-03-06 14:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2015-03-06 14:23 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2015-03-06 14:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2015-03-06 14:22 - 2015-03-06 14:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\paul\Desktop\mbam-setup-2.0.4.1028.exe2015-03-05 12:31 - 2015-03-06 16:50 - 00000000 ____D () C:\Users\paul\Desktop\membermouse2015-03-05 11:28 - 2015-03-05 11:28 - 00000903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PaySketch.lnk2015-03-05 11:28 - 2015-03-05 11:28 - 00000891 _____ () C:\Users\Public\Desktop\PaySketch.lnk2015-03-05 11:28 - 2015-03-05 11:28 - 00000000 ____D () C:\Users\paul\AppData\Roaming\com.paysketch.application2015-03-05 11:28 - 2015-03-05 11:28 - 00000000 ____D () C:\Program Files (x86)\PaySketch2015-03-05 11:26 - 2015-03-05 11:27 - 03108465 _____ () C:\Users\paul\Desktop\PaySketch.air2015-03-02 12:31 - 2015-03-04 09:54 - 00001015 _____ () C:\Users\paul\Desktop\this year - thrive.txt2015-02-28 05:09 - 2015-03-06 23:34 - 00000580 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2775804174-2262364050-3693733238-1002.job2015-02-25 19:58 - 2015-02-27 07:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird2015-02-24 22:25 - 2015-02-24 22:25 - 00272510 _____ () C:\Users\paul\Desktop\leads_dashboard_radu.txt2015-02-24 22:20 - 2015-02-24 22:20 - 00275079 _____ () C:\Users\paul\Desktop\leads_dashboard.txt2015-02-22 17:35 - 2015-02-22 18:51 - 00001436 _____ () C:\Users\paul\Desktop\thrive_leads_further_additions.txt2015-02-22 17:31 - 2015-02-22 17:31 - 00050602 _____ () C:\Users\paul\Desktop\_3743765.m4a2015-02-19 20:30 - 2015-02-19 20:31 - 00044196 _____ () C:\Users\paul\Desktop\clever-widgets-product-small.psd2015-02-19 20:01 - 2015-02-19 20:10 - 00000000 ____D () C:\Users\paul\Desktop\Thrive Clever Widgets2015-02-16 03:47 - 2015-02-16 04:07 - 00000000 ____D () C:\Users\paul\Desktop\Invoices2015-02-16 02:07 - 2015-02-16 02:07 - 00000210 _____ () C:\Users\paul\Downloads\download.csv2015-02-12 18:06 - 2015-02-12 18:06 - 00000047 _____ () C:\Users\paul\Desktop\tax assist details.txt2015-02-11 16:51 - 2015-02-11 17:03 - 00000000 ____D () C:\Users\paul\Desktop\assets2015-02-11 03:11 - 2015-02-11 17:05 - 00036182 _____ () C:\Users\paul\Desktop\thrive-leads_canvas.bmml2015-02-10 17:28 - 2015-02-10 17:28 - 00000606 _____ () C:\Users\paul\Desktop\thrive leads future features.txt2015-02-10 16:25 - 2015-02-10 16:25 - 00001103 _____ () C:\Users\paul\Desktop\thrive leads meeting.txt2015-02-06 01:38 - 2015-03-06 23:43 - 00000930 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-02-06 01:38 - 2015-03-06 23:23 - 00000926 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-06 23:42 - 2013-08-09 01:08 - 00000000 ____D () C:\Users\paul\AppData\Roaming\Skype2015-03-06 23:33 - 2012-12-04 02:06 - 00000000 ____D () C:\ProgramData\WinClon2015-03-06 23:32 - 2012-12-04 00:58 - 01772068 _____ () C:\windows\WindowsUpdate.log2015-03-06 23:28 - 2015-01-17 08:09 - 00000000 ___RD () C:\Users\paul\Google Drive2015-03-06 23:27 - 2014-07-21 16:56 - 00000000 ____D () C:\Users\paul\AppData\Roaming\Spotify2015-03-06 23:26 - 2014-07-21 16:57 - 00000000 ____D () C:\Users\paul\AppData\Local\Spotify2015-03-06 22:53 - 2013-08-13 11:14 - 00000948 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2775804174-2262364050-3693733238-1002UA.job2015-03-06 22:02 - 2012-07-26 15:12 - 00000000 ____D () C:\windows\system32\sru2015-03-06 19:53 - 2013-08-13 11:14 - 00000926 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2775804174-2262364050-3693733238-1002Core.job2015-03-06 16:54 - 2012-07-26 14:59 - 00000000 ____D () C:\windows\CbsTemp2015-03-06 15:02 - 2013-11-25 03:45 - 00000318 _____ () C:\windows\Tasks\Registry Optimizer_DEFAULT.job2015-03-06 12:45 - 2013-11-25 03:45 - 00000000 ____D () C:\Users\paul\AppData\Roaming\FileZilla2015-03-06 09:25 - 2012-07-26 15:12 - 00000000 ____D () C:\windows\system32\NDF2015-03-05 14:57 - 2015-01-16 22:51 - 00000000 ____D () C:\Users\paul\AppData\Local\Windows Live2015-03-04 21:45 - 2013-11-25 03:45 - 00000326 _____ () C:\windows\Tasks\Registry Optimizer_UPDATES.job2015-03-02 09:22 - 2012-07-26 14:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI2015-02-28 05:09 - 2014-03-25 16:06 - 00003584 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2775804174-2262364050-3693733238-10022015-02-27 22:52 - 2014-07-22 03:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2015-02-27 22:52 - 2012-07-26 14:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT2015-02-22 00:03 - 2012-07-26 12:26 - 00262144 ___SH () C:\windows\system32\config\ELAM2015-02-20 01:46 - 2013-08-09 00:45 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-02-17 20:39 - 2015-01-17 02:33 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk2015-02-17 20:39 - 2015-01-17 02:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE2015-02-16 03:34 - 2012-12-04 01:59 - 00000000 ____D () C:\ProgramData\Adobe2015-02-16 03:19 - 2014-07-07 03:13 - 00000000 ____D () C:\Users\paul\AppData\Local\Adobe2015-02-16 03:19 - 2013-08-08 23:19 - 00000000 ____D () C:\Users\paul\AppData\Roaming\Adobe2015-02-14 02:43 - 2013-08-22 15:08 - 00000000 ____D () C:\Users\paul\AppData\Local\TSVNCache2015-02-13 03:21 - 2014-11-08 09:18 - 00000000 ____D () C:\Program Files (x86)\Origin2015-02-11 03:13 - 2013-08-20 12:02 - 00000000 ____D () C:\Users\paul\Desktop\Work2015-02-08 00:27 - 2012-07-26 15:12 - 00000000 ____D () C:\windows\AUInstallAgent2015-02-06 01:38 - 2013-08-09 00:45 - 00003902 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-06 01:38 - 2013-08-09 00:45 - 00003666 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2013-08-08 23:19 - 2013-09-28 02:38 - 0002755 _____ () C:\Users\paul\AppData\Roaming\AbsoluteReminder.xml2013-12-02 07:59 - 2015-01-19 23:45 - 0000600 _____ () C:\Users\paul\AppData\Local\PUTTY.RND2012-12-04 02:11 - 2012-08-08 11:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe2012-12-04 02:11 - 2012-08-07 17:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml Files to move or delete:====================C:\ProgramData\MakeMarkerFile.exeC:\Users\EasySurvey\EasySurvey.exe Some content of TEMP:====================C:\Users\paul\AppData\Local\Temp\i4jdel0.exeC:\Users\paul\AppData\Local\Temp\restarter241210232408057410.exeC:\Users\paul\AppData\Local\Temp\restarter3115759491703456231.exeC:\Users\paul\AppData\Local\Temp\restarter3467548738018000141.exeC:\Users\paul\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-03 12:04 ==================== End Of Log ============================ Thanks in advance,Paul
  21. Hi, I've used MBAE for a while now with Avast! Free on my Windows 7 Ultimate 64-bit machine, and I'm having some very weird Chrome crashes, without any malware. (I already went through the works and checked for malware with multiple products and came up empty) (Heads up: sorry for the lengthy post, thought you should know the whole story) After every long(ish) browsing session, I had Chrome beta (v40) crash when I exited the browser. I didn't mind much, because I was shutting down anyway, but one day I broke and opened Visual Studio for debugging. It was an Access Violation, and at first, it seemed like an extension bug, so I uninstalled it. Then another extension "caused" the crash. I noticed they were the only two extensions that needed full page access -- and I had a beta feature turned on that restricted full-page access -- so I thought it was related. (According to the stack trace, the crash occurred when the GUI tried to draw the extensions' icons and they were the only two extensions with icons in the address bar that weren't supposed to have one. (That's where full-page access is enabled) After disabling that feature, it seemed like it was OK again -- but then random (after about an hour) crashes started appearing, this time due to an Invalid Handle being closed. Chromium wiki says this points to corruption (without any actual handle bug), which sounds about right because my stack looks exactly like the second example. (Except "ntdll.dll" had called the exception, not any debug function) My point is: I've disabled MBAE about 20 minutes ago and I've had zero crashes so far. I noticed the known issues have nothing on Chrome x64 or Avast, but is there any chance of an incompatibility here? I'll wait until the hour passes and see, but so far it looks like MBAE is the culprit.
  22. I noticed my computers Internet started to become slow (i have good internet) and at startup my google chrome fires up with a unknown website every time (different websites). So I suspected a Malware/Virus. Installed Anti Malware 2.0. It found 3 malware and quarantined a lot of files. Rebooted computer but the same problem. I installed Anti-Exploit and it says my Chrome is now guarded. Rebooted but same problem. I checked the startup map and installed the startup program but nothing there either. How can I remove this problem? It feels like there is still some sneaky malware somewhere. I wish Malwarebytes could fix this problem. Would upgrade to premium instantly
  23. Hi, Just started installing MBAE Corporate and rolling it out to my clients. About halfway through, I started getting support calls. Mostly minor, like Adobe protected mode and stuff we could get around but.... Now I'm having an issue where Chrome will not function at all if MBAE is installed. I have been using MB Pro with no issues. This is all my client PC's having this issue. It is seen on Windows 7 Pro and 8.1 Pro. No difference. We use Avast Antivirus Corporate and have had no issues like this before. What I have tried: I used the Stop Protection button in the client, no difference. I went into the Shields section and deactivated Chrome, no dice. The remove shield is greyed out, which is fine. I actually want my users Chrome sessions protected. I uninstalled and reinstalled Chrome, no good. I uninstalled MBAE and rebooted, Chrome works. I pushed it back out to my PC with the console, chrome won't work again. You can't even get into Chrome to change any settings, it just sits at a blank page and times out. I uninstalled MBAE again and looked at the add-ons running. Only Avast Antivirus plugin is functional. I disabled it, reinstalled MBAE and it made no difference. I shut off Avasts' shields and it made no difference. It has to be MBAE. I looked at the log files and they are suspiciously bare, there's a single text file with only the following in it but I attached it here anyway. MBAE version is 1.04.2.1012 which looked to be current at the time of install, but it looks like there might be a 1.05 now? Any ideas?
  24. Shortly after installing MBAM and MBAE on this Win7 machine, I discovered that I was not able to print to my Brother printer (command caused Chrome to close). I can print from Firefox, but intentionally closing Firefox causes an error. Can't quote exact message since I am sending this via Firefox, but it's something like "plugin-container.exe stopped working". Tried to uninstall MBAM and MBAE to see if these caused the problems, but cannot do either: message is "Setup was unable to create the directory 'C:\Users\Joyce\AppData\Local\Temp\is-HUJQC.tmp'" (final characters vary with each try).
  25. Hi, I have the malware PUP.Optional.Remarkable.A on my computer and regardless of how many times I run malwarebytes, adwcleaner or any other anti-malware software, it keeps reinstalling itself as soon as I reopen a browser. How can I remove it? Thanks so much in advance
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.