Jump to content

Recommended Posts

No matter what I do I cannot get rid of your add exchange. There is nothing in my add/remove program remotely related to it - I haven't even added any new programs lately. I run Bitdefender and Mbam on a daily basis and they are not doing much about it. I have run every single thing I could think of to try to get rid of it, JRT, Roguekiller, adw.... and am still plagued. If I don't close chrome at night when I come in the next morning there are 12 - 14 tabs this garbage ware has opened that had been blocked by either add blocker plus or mbam. I chose Bitdefender as my antiviral last year because of the ratings it had for windows 8 but I am not seeing the advantage. So I am also looking for recomendations for a different antiviral when my subscription expires in a few months.

 

You guys have been a big help in the past when weird things invaded my computer.

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

Link to post
Share on other sites

If you see my pcnlocker program it is something that was purchased to help a friend get back into his computer after he tried to enter the wrong password in windows 8.1 too many times microsoft locked him out. It was never intended for anything illegal.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01
Ran by Pat (administrator) on BOOKJUNKYSDREAM on 11-03-2015 01:52:16
Running from C:\Users\Pat\Downloads\Installers
Loaded Profiles: Pat (Available profiles: Pat)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\CometBird\cometbird.exe" -requestPending -osint -url "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
() C:\Program Files\AskMrRobot\AmrTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Users\Pat\AppData\Roaming\Dashlane\Dashlane.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Amazon Digital Services, LLC.) C:\Users\Pat\AppData\Local\Apps\2.0\8MA1RZ94.J9C\93NMYMD8.N6N\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe
(Dropbox, Inc.) C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Sun Microsystems, Inc.) C:\Users\Pat\AppData\Local\Apps\2.0\8MA1RZ94.J9C\93NMYMD8.N6N\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Users\Pat\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Pat\Downloads\Installers\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1757520 2014-12-09] (Bitdefender)
HKLM\...\Run: [Ask Mr. Robot] => C:\Program Files\AskMrRobot\AmrTray.exe [792576 2014-02-03] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [PerditiongmmouseRun] => C:\Program Files (x86)\REDRAGON GAMING MOUSE\pdmon.exe [3234304 2013-11-18] ()
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [Dashlane] => C:\Users\Pat\AppData\Roaming\Dashlane\Dashlane.exe [227000 2015-02-17] ()
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-09] (Bitdefender)
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3951261367-891674079-5071855-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-09] (Bitdefender)
HKU\S-1-5-18\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing LP)
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [s-1-5-21-3951261367-891674079-5071855-1001] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3951261367-891674079-5071855-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3951261367-891674079-5071855-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2014-08-13] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-02] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-08-21] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll [2014-08-13] (Bitdefender)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll [2014-08-21] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-06-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-29] (Microsoft Corporation)
Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://hsrd.yahoo.com/_ylt=Ap7baCq5xIi8aj53VbU6G9GbvZx4/RV=1/RE=1418774642/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cHM6Ly93d3cueWFob28uY29tLw--/RS=%5EADAV42NLp4bTaYYKLtMRe25WUJN8D8-
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-11-07] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Evernote Web Clipper - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-08-21]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-02-26]
FF Extension: Facebook Ads Block - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\jid1-CGxMej0nDJTjwQ@jetpack.xpi [2015-02-26]
FF Extension: Clearly - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\readable@evernote.com.xpi [2014-08-21]
FF Extension: Auto-Sort Bookmarks - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\sortbookmarks@bouanto.xpi [2015-02-26]
FF Extension: The Addon Bar (restored) - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2015-02-26]
FF Extension: Download Status Bar - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2015-02-26]
FF Extension: Adblock Plus - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-26]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-06-24]
FF Extension: Dashlane - C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2015-02-19]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/?r644=1325500449
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/?r644=1329216927", "https://www.facebook.com/","hxxp://www.google.com/", "hxxp://websearch.amaizingsearches.info/?pid=377&r=2014/04/15&hid=12534082340414630104&lg=EN&cc=US&unqvl=51", "hxxp://www.default-search.net?sid=476&aid=100&itype=n&ver=12349&tm=334&src=hmp", "hxxp://www.default-search.net?sid=476&aid=100&itype=a&ver=12521&tm=334&src=hmp", "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_43_ch&cd=2XzuyEtN2Y1L1QzuyByE0DyEtAyDzytAtDzy0CyB0D0BzytCtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0F0F0E0CtDtB0FtGtAtCtC0CtGyByDyDtAtGtC0FyEyBtGyC0AtAyByBzzyEyEyBtC0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0EzyyByEyB0EtG0CtCyD0FtGyEyEyBzztG0ByE0A0EtGtDtCyCtA0EzyyBzzyBtC0B0E2Q&cr=1245928839&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (PDF to Word Converter) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aflgemggaffjfjmjchhckncplcfioiid [2014-05-13]
CHR Extension: (Google Docs) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-11]
CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2014-05-13]
CHR Extension: (Google Drive) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-11]
CHR Extension: (ABP ( Adblock Plus )) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\begnflkjkcebjioagifeaongciheiogj [2015-02-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (Adguard AdBlocker) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-02-10]
CHR Extension: (YouTube) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-11]
CHR Extension: (World of Warcraft Map) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnneemhnjgncpnfdcofcpobbaaifjclc [2015-02-26]
CHR Extension: (Adblock Plus) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-01]
CHR Extension: (Silverlight for Chrome) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgnklfhofbcfndknbonklnijndoeknal [2015-02-01]
CHR Extension: (Adblock for Youtube™) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-02-26]
CHR Extension: (Google Search) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-11]
CHR Extension: (Kingdoms Of Camelot) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkadejngfdiifodimfhejphllfecigmm [2014-04-11]
CHR Extension: (Easy Clock) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplbpgapoedppajbikieafefmcceaagn [2014-05-20]
CHR Extension: (Autocomplete = on) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh [2014-04-11]
CHR Extension: (Google Calendar) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-04-11]
CHR Extension: (Pandora) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-05-13]
CHR Extension: (Dashlane) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2015-02-12]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2015-02-26]
CHR Extension: (AdBlock) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-15]
CHR Extension: (QuickTime for Chrome) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\glkdifongmamddfegpjkmghbmoikkjai [2015-02-01]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-05-13]
CHR Extension: (VoiceNote II - Speech to text) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2014-05-13]
CHR Extension: (CloudConvert) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2014-05-13]
CHR Extension: (Read the Bible) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbiofnodpilbapfbjilbkgbaokknihg [2014-05-13]
CHR Extension: (Dropbox) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-02-26]
CHR Extension: (Clearly) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2014-05-18]
CHR Extension: (Google Tasks Offline (Unofficial)) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekhpicinnaamcmadbipjejafgkjdokh [2014-05-13]
CHR Extension: (iBreviary) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldklipcfhnmkcanfbhkabmbpdhoahcfg [2014-04-11]
CHR Extension: (the Mobile Catholic) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcefjbgoeionpamjaemafhnogabjof [2014-05-13]
CHR Extension: (iCloud Dashboard) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgojgddhfhekopdpkocobommepgdeffb [2015-02-12]
CHR Extension: (Google Play Books) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-05-13]
CHR Extension: (OneDrive) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-02-26]
CHR Extension: (Google Wallet) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-11]
CHR Extension: (WordToPdf - A Word to Pdf Converter) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\oegaegenphlmcphgannobdndkoimkocj [2014-05-13]
CHR Extension: (Offline Solitaire) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojldfpglenpceffckkjhajofdbpkfgmn [2014-05-13]
CHR Extension: (Picasa) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-05-13]
CHR Extension: (Recovery Password) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpdleddmnabebaibkllglcmldpbobpm [2014-05-13]
CHR Extension: (Outlook.com) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-04-12]
CHR Extension: (Evernote Web Clipper) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-05-13]
CHR Extension: (Gmail) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-11]
CHR HKU\S-1-5-21-3951261367-891674079-5071855-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-12-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1538672 2014-12-09] (Bitdefender)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-12-09] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [263032 2014-12-09] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-03-07] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-12-09] (BitDefender S.R.L.)
S1 UdfReadr; C:\Windows\SysWow64\Drivers\UdfReadr.sys [206368 2000-06-15] (Adaptec)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [233160 2013-01-02] (VIA Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
U4 iSafeNetFilter; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-11 01:44 - 2015-03-11 01:44 - 00002997 _____ () C:\Users\Pat\Desktop\HiJackThis.lnk
2015-03-11 01:44 - 2015-03-11 01:44 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-03-11 01:44 - 2015-03-11 01:44 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2015-03-10 05:20 - 2015-03-10 05:20 - 00182019 _____ () C:\Users\Pat\Desktop\bdsyslog.zip
2015-03-07 21:51 - 2015-03-07 21:51 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-07 06:09 - 2015-03-07 06:09 - 00000000 ____D () C:\Windows\Fish Screensave
2015-03-05 05:30 - 2015-03-05 05:30 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2015-03-04 03:43 - 2015-03-04 03:53 - 00000000 ____D () C:\AdwCleaner
2015-03-03 18:47 - 2015-03-03 18:47 - 00003108 _____ () C:\Windows\System32\Tasks\{0785AB04-54A7-4A38-968D-0AAB97F58706}
2015-03-03 07:40 - 2015-03-04 03:52 - 00000000 ____D () C:\Windows\system32\log
2015-03-02 23:46 - 2015-03-03 07:51 - 00000000 ___HD () C:\$WINDOWS.~BT
2015-03-02 23:04 - 2015-03-02 23:47 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-03-02 23:04 - 2015-03-02 23:47 - 00001908 _____ () C:\Windows\diagerr.xml
2015-03-02 22:51 - 2015-03-02 22:53 - 2894594048 _____ () C:\Users\Pat\Desktop\Windows.iso
2015-03-02 22:51 - 2015-03-02 22:51 - 00001425 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Install Windows.lnk
2015-03-02 22:04 - 2015-03-02 22:04 - 00000000 __RHD () C:\ESD
2015-03-02 22:02 - 2015-03-02 22:03 - 05487040 _____ (Microsoft Corporation) C:\Users\Pat\Downloads\Windows8-Setup.exe
2015-03-02 21:55 - 2015-03-04 03:57 - 00000000 ____D () C:\Users\Pat\AppData\Local\LogMeIn Rescue Applet
2015-03-02 20:42 - 2015-03-02 21:24 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\ImgBurn
2015-03-02 20:39 - 2015-03-02 20:39 - 02747392 _____ (LIGHTNING UK!) C:\Users\Pat\Desktop\ImgBurn.exe
2015-03-02 20:28 - 2015-03-02 20:35 - 377118720 _____ () C:\Users\Pat\Desktop\EasyRE Professional for Windows 8.iso
2015-03-02 20:08 - 2015-03-02 20:08 - 00003192 _____ () C:\Windows\System32\Tasks\{68DE6CEC-BF3A-4188-AA4E-17A44EADF5A3}
2015-02-26 03:51 - 2015-02-26 03:51 - 00000000 ____D () C:\ProgramData\bdch
2015-02-25 06:49 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 06:49 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-20 13:48 - 2015-02-20 13:51 - 80271640 _____ () C:\Users\Pat\Desktop\DB-Norris_ Chuck - Abraham_ Ken Against all odds_ my story  DB60819.zip
2015-02-20 13:43 - 2015-02-20 14:08 - 1288145457 _____ () C:\Users\Pat\Desktop\DB-Jones_ Alexander The Jerusalem Bible DB57847.zip
2015-02-20 10:15 - 2015-03-07 21:49 - 00000520 _____ () C:\Windows\system32\.crusader
2015-02-20 10:00 - 2015-02-20 10:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-19 17:04 - 2015-02-19 17:04 - 00001765 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-19 17:04 - 2015-02-19 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-19 17:03 - 2015-02-19 17:04 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-19 17:03 - 2015-02-19 17:04 - 00000000 ____D () C:\Program Files\iTunes
2015-02-19 17:03 - 2015-02-19 17:03 - 00000000 ____D () C:\Program Files\iPod
2015-02-19 17:03 - 2015-02-19 17:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-15 14:27 - 2015-03-02 20:03 - 00000000 ____D () C:\Program Files (x86)\Top Password
2015-02-15 14:27 - 2015-02-15 14:27 - 00001043 _____ () C:\Users\Pat\Desktop\ISO2Disc.lnk
2015-02-15 14:27 - 2015-02-15 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO2Disc
2015-02-15 14:21 - 2015-02-15 14:21 - 00001029 _____ () C:\Users\Public\Desktop\ISO to USB.lnk
2015-02-15 14:21 - 2015-02-15 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB
2015-02-15 14:21 - 2015-02-15 14:21 - 00000000 ____D () C:\Program Files (x86)\ISO to USB
2015-02-13 15:08 - 2015-02-13 15:08 - 00000927 _____ () C:\Users\Pat\Documents - Shortcut.lnk
2015-02-13 15:01 - 2015-01-23 00:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 15:01 - 2015-01-22 23:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 14:44 - 2015-02-13 14:44 - 00003432 ____N () C:\bootsqm.dat
2015-02-13 14:44 - 2015-02-13 14:44 - 00000000 __SHD () C:\found.000
2015-02-13 13:41 - 2015-02-13 13:41 - 00000000 _____ () C:\Windows\system32\atiicdxx.dat
2015-02-13 13:41 - 2015-02-13 13:41 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-02-11 15:59 - 2015-02-11 15:59 - 00002145 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-02-11 15:59 - 2015-02-05 13:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-11 15:56 - 2015-02-05 17:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-11 15:56 - 2015-02-05 17:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00833680 _____ () C:\Windows\system32\nvmcumd.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-11 00:40 - 2015-01-15 18:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 00:40 - 2015-01-15 18:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 00:40 - 2015-01-14 00:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 00:40 - 2015-01-13 23:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 00:40 - 2015-01-11 23:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 00:40 - 2015-01-11 22:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 00:40 - 2015-01-10 03:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 00:40 - 2015-01-10 02:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 00:40 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 00:40 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 00:39 - 2015-01-11 22:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 00:39 - 2015-01-11 22:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 00:39 - 2015-01-11 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 00:39 - 2015-01-11 22:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 00:39 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 00:39 - 2015-01-11 22:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 00:39 - 2015-01-11 22:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 00:39 - 2015-01-11 22:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 00:39 - 2015-01-11 22:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 00:39 - 2015-01-11 21:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 00:39 - 2015-01-11 21:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 00:39 - 2015-01-11 21:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 00:39 - 2015-01-11 21:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 00:39 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 00:39 - 2015-01-11 21:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 00:39 - 2015-01-11 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 00:39 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 00:39 - 2015-01-11 21:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 00:39 - 2015-01-11 21:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 00:39 - 2015-01-11 21:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 00:39 - 2015-01-11 21:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 00:39 - 2015-01-11 21:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 00:39 - 2015-01-11 21:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 00:39 - 2015-01-11 21:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 00:39 - 2015-01-11 21:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 00:39 - 2015-01-11 21:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 00:39 - 2015-01-11 21:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 00:39 - 2015-01-11 21:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 00:39 - 2015-01-11 21:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 00:39 - 2015-01-11 21:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 00:39 - 2015-01-11 20:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 00:39 - 2015-01-11 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 00:38 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 00:38 - 2015-01-13 18:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 00:38 - 2015-01-13 18:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 00:38 - 2015-01-10 05:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 00:38 - 2015-01-10 05:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 00:38 - 2015-01-10 04:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 00:38 - 2015-01-10 04:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 00:38 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 00:38 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 00:38 - 2014-12-08 19:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-11 01:52 - 2014-11-25 18:21 - 00000000 ____D () C:\FRST
2015-03-11 01:52 - 2014-04-14 21:41 - 00000000 ____D () C:\Users\Pat\Downloads\Installers
2015-03-11 01:50 - 2014-04-11 15:16 - 00003590 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3951261367-891674079-5071855-1001
2015-03-11 01:47 - 2014-08-28 05:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-11 01:45 - 2014-04-11 15:10 - 00000000 ____D () C:\Users\Pat\AppData\Local\VirtualStore
2015-03-11 01:43 - 2014-02-26 21:41 - 01281699 _____ () C:\Windows\WindowsUpdate.log
2015-03-11 01:36 - 2014-04-11 20:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-11 01:31 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-11 01:23 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-11 01:22 - 2014-04-11 16:18 - 00000000 ____D () C:\Users\Pat\AppData\Local\Deployment
2015-03-11 01:22 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-10 23:05 - 2014-04-11 16:18 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 22:05 - 2014-04-11 16:18 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 21:12 - 2014-04-11 15:47 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A637678E-0838-402C-B91D-96D3F723569D}
2015-03-10 20:42 - 2014-04-11 17:03 - 00004992 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for BOOKJUNKYSDREAM-Pat BookjunkysDream
2015-03-10 20:27 - 2014-02-26 21:46 - 00956540 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-10 20:22 - 2014-09-23 23:16 - 00000000 ___RD () C:\Users\Pat\iCloudDrive
2015-03-10 20:22 - 2014-05-08 09:43 - 00000000 ___RD () C:\Users\Pat\Dropbox
2015-03-10 20:22 - 2014-05-08 09:41 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dropbox
2015-03-10 20:22 - 2014-04-20 23:07 - 00000000 ___RD () C:\Users\Pat\Google Drive
2015-03-10 20:21 - 2014-04-11 15:11 - 00000000 ___DO () C:\Users\Pat\SkyDrive
2015-03-10 20:20 - 2014-04-11 22:53 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-03-10 20:20 - 2014-02-26 21:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-10 20:20 - 2013-08-22 10:46 - 00006685 _____ () C:\Windows\setupact.log
2015-03-10 20:20 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-10 11:28 - 2014-05-08 17:52 - 00000000 ____D () C:\Users\Pat\Desktop\Ebook library
2015-03-10 11:04 - 2014-06-24 14:33 - 00003576 _____ () C:\Windows\System32\Tasks\Bitdefender Autoscan
2015-03-10 10:38 - 2014-06-28 19:06 - 00000000 ____D () C:\Users\Pat\AppData\Local\CrashDumps
2015-03-10 10:33 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-03-10 03:59 - 2014-02-26 21:37 - 01025958 _____ () C:\Windows\PFRO.log
2015-03-10 03:58 - 2014-04-11 22:13 - 00000000 ____D () C:\Users\Pat\AppData\Local\Battle.net
2015-03-09 16:24 - 2014-04-11 17:03 - 00000000 ___RD () C:\Users\Pat\OneDrive
2015-03-09 10:14 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-08 04:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-05 05:36 - 2014-12-08 14:05 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-04 03:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\TAPI
2015-03-03 04:38 - 2014-07-08 07:44 - 00000000 ____D () C:\Users\Pat\Desktop\Unused Desktop Icons
2015-03-03 00:31 - 2014-04-14 21:38 - 00000000 ____D () C:\Users\Pat\Downloads\Books
2015-03-02 23:46 - 2013-08-22 10:46 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-02 23:43 - 2014-09-30 08:46 - 00000000 ____D () C:\Users\Pat\Downloads\Documents\Personal
2015-03-02 21:53 - 2014-12-08 13:49 - 00000000 __SHD () C:\Users\Pat\AppData\Local\EmieBrowserModeList
2015-02-28 07:02 - 2014-04-11 22:15 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-02-26 19:58 - 2014-04-11 22:13 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-26 07:59 - 2014-04-18 07:48 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\TS3Client
2015-02-26 07:53 - 2014-04-14 10:22 - 00071168 ___SH () C:\Users\Pat\Downloads\Thumbs.db
2015-02-25 15:22 - 2014-04-11 16:50 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-25 14:16 - 2014-05-14 07:59 - 00000000 ____D () C:\Users\Pat\AppData\Temp
2015-02-24 18:05 - 2014-04-11 22:18 - 00001244 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2015-02-20 16:06 - 2014-12-02 19:55 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 17:21 - 2014-06-04 12:56 - 00001958 _____ () C:\Users\Pat\Desktop\Dashlane.lnk
2015-02-19 17:21 - 2014-06-04 12:54 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dashlane
2015-02-19 17:09 - 2014-04-11 15:10 - 00000000 ____D () C:\Users\Pat
2015-02-19 17:03 - 2014-04-11 17:31 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-19 06:41 - 2015-01-12 11:12 - 00000000 ____D () C:\Users\Pat\AppData\Local\Adobe
2015-02-16 06:03 - 2014-11-30 01:09 - 00130048 ___SH () C:\Users\Pat\Desktop\Thumbs.db
2015-02-14 17:25 - 2014-07-02 17:57 - 00000000 ____D () C:\Users\Pat\AppData\Local\Nero
2015-02-14 17:22 - 2014-05-23 08:44 - 00000000 ____D () C:\Users\Pat\AppData\Local\Bandizip
2015-02-14 11:09 - 2014-05-22 18:01 - 00000000 ____D () C:\Users\Pat\Downloads\Documents\CFP
2015-02-14 03:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2015-02-14 00:03 - 2014-05-08 09:43 - 00001068 _____ () C:\Users\Pat\Desktop\Dropbox.lnk
2015-02-14 00:03 - 2014-05-08 09:42 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 13:43 - 2013-08-22 10:44 - 00380944 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 09:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-11 15:59 - 2014-02-26 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-11 01:33 - 2014-02-26 22:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 01:26 - 2014-02-26 22:01 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2014-05-14 07:54 - 2014-05-14 07:54 - 0582957 _____ () C:\ProgramData\1400067679.bdinstall.bin
2014-06-02 21:31 - 2014-06-02 21:31 - 0856200 _____ () C:\ProgramData\1401757402.bdinstall.bin
2014-06-24 07:11 - 2014-06-24 07:11 - 0244214 _____ () C:\ProgramData\1403608110.bdinstall.bin
2014-06-24 14:35 - 2014-06-24 14:35 - 0572174 _____ () C:\ProgramData\1403634396.bdinstall.bin
 
Some content of TEMP:
====================
C:\Users\Pat\AppData\Local\Temp\BANDIZIP-SETUP.EXE
C:\Users\Pat\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyn5tuz.dll
C:\Users\Pat\AppData\Local\Temp\msvcp120.dll
C:\Users\Pat\AppData\Local\Temp\msvcr120.dll
C:\Users\Pat\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Pat\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Pat\AppData\Local\Temp\nvStInst.exe
C:\Users\Pat\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\Pat\AppData\Local\Temp\Quarantine.exe
C:\Users\Pat\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Pat\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-13 23:59
 
==================== End Of Log ============================
 
 
Link to post
Share on other sites


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2015 01

Ran by Pat at 2015-03-11 01:53:21

Running from C:\Users\Pat\Downloads\Installers

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ActiveState ActivePython 2.7.6.9 (32-bit) (HKLM-x32\...\{B6FB74C1-B37C-44BC-A1C7-38B8DB3FC996}) (Version: 2.7.9 - ActiveState Software Inc.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Amazon Cloud Drive (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)

Amazon Cloud Player (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)

Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.239 - Amazon)

AMD Catalyst Install Manager (HKLM\...\{A731A859-7426-DEB6-80A3-E6A2508DC85A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)

AmrAddonInstall (Version: 1.2.8.0 - Microsoft) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Ask Mr. Robot (HKLM-x32\...\{86e39a0a-85dd-4d6f-b1cd-46d8208bd2e9}) (Version: 1.3.17.0 - Ask Mr. Robot)

Ask Mr. Robot (Version: 1.3.17.0 - Ask Mr. Robot) Hidden

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1929380210.4759644.48.2147344384 - Audible, Inc.)

Bandizip (HKLM\...\Bandizip) (Version: 5.05 - Bandisoft.com)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 17.28.0.1191 - Bitdefender)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

calibre 64bit (HKLM\...\{31ED17F1-B223-404B-9415-C31404A24CE9}) (Version: 2.16.0 - Kovid Goyal)

CometBird 11.0 (x86 en-US) (HKLM-x32\...\CometBird 11.0 (x86 en-US)) (Version: 11.0 - CometNetwork)

Curse Client (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dashlane (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Dashlane) (Version: 3.2.4.78888 - Dashlane SAS)

Dropbox (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)

Easy Computer Sync (HKLM-x32\...\Easy Computer Sync) (Version: 2.0 - Bravura Software LLC)

eReader (HKLM-x32\...\{ED8BB1CA-535A-408D-85C9-ED1986D2B85E}) (Version:  - )

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Evernote v. 5.4.1 (HKLM-x32\...\{A5F7DF42-F67D-11E3-B7EB-00163E98E7D6}) (Version: 5.4.1.3962 - Evernote Corp.)

EverQuest (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\soe-EverQuest) (Version: 1.0.3.183 - Sony Online Entertainment)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)

Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)

Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)

ISO2Disc 1.05 (HKLM-x32\...\ISO2Disc_is1) (Version:  - Top Password Software, Inc.)

iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)

Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)

Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)

Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)

Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)

Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)

MTP Porting Kit (HKLM-x32\...\{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp)

Nero MediaHome Free (HKLM-x32\...\{6CC8CA12-AD2B-4C07-B2C4-B32CDBF5F29D}) (Version: 15.0.01800 - Nero AG)

NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)

NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)

NVIDIA Miracast Virtual Audio 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

OverDrive Media Console (HKLM-x32\...\{7326DA0C-C09B-491C-81FF-6DA12B2256BB}) (Version: 3.3.0 - OverDrive, Inc.)

Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.)

Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden

Pharaoh (HKLM-x32\...\Pharaoh) (Version:  - )

Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden

Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)

REDRAGON GAMING MOUSE version 1.1 (HKLM-x32\...\{6513799F-D2B9-4BEA-A76E-52249156A2B5}_is1) (Version: 1.1 - redragonzone)

SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden

SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

WD Quick View (HKLM-x32\...\{63911503-7EA4-4685-B2FD-D391EF622FB9}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)

WD SmartWare (HKLM\...\{34C6812E-E231-4B13-9DAC-21E06ECA864A}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)

WD SmartWare Installer (HKLM-x32\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)

Windows 8 Portable Device Enabling Kit for MTP - Tools, Version 8 (HKLM-x32\...\{F04FB07B-0C96-48F8-95BB-FF8CAD522D2F}) (Version: 1 - Microsoft Corporation)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinZip (HKLM-x32\...\WinZip) (Version:  10.0  (6667) - WinZip Computing LP)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\Pat\AppData\Local\Bandizip\bdzshl64.dll (Bandisoft.com)

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{ddef1ef4-9e08-4b76-9267-1b800cddf116}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Pat\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

25-02-2015 14:17:44 Windows Update

07-03-2015 21:49:05 Checkpoint by HitmanPro

10-03-2015 10:43:17 Removed WD SmartWare

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 09:25 - 2014-04-18 02:01 - 00000867 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 d3oxij66pru1i3.cloudfront.net

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {1BAB1A57-D423-4298-BA5F-DC1E1414CF39} - System32\Tasks\{0785AB04-54A7-4A38-968D-0AAB97F58706} => pcalua.exe -a "C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe"

Task: {1FB941D5-8B93-4909-B45A-288FE1E66AA0} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3951261367-891674079-5071855-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Task: {24416CEE-170F-4AD8-B01E-0D3FE696811E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11] (Google Inc.)

Task: {26109B96-44CC-492E-AE05-1E72C614D11D} - System32\Tasks\Bitdefender Autoscan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2014-08-13] (Bitdefender)

Task: {3636007D-429D-48E0-8307-02C59202DA47} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {4A9FBEB4-87D2-4DE6-ADE8-3713696E50C2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)

Task: {6A846E28-89DB-4CDA-8A1F-69B6A6063A78} - System32\Tasks\{68DE6CEC-BF3A-4188-AA4E-17A44EADF5A3} => pcalua.exe -a C:\Users\Pat\AppData\Local\Microsoft\Windows\Burn\Burn\Windows_Password_Key_Standard_trial.exe

Task: {6E1721AC-8545-4A30-B0D2-8CDC4E7B1FCD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)

Task: {6F8185EA-BF45-4911-93AB-A316409DC4DF} - System32\Tasks\{9735F59D-DE47-4442-9B63-59C7ACDDEBA3} => pcalua.exe -a D:\ZToolBar.exe -d D:\

Task: {754F475B-25E7-4FB2-99C1-D73DC17C2F7B} - System32\Tasks\{E8C47BE1-F0CC-4BEA-A206-CFC603AF8716} => pcalua.exe -a C:\PROGRA~2\WSE_AS~1\\uninstall.exe

Task: {7C98B129-8DAC-49AF-BAE9-D8181993C69F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BOOKJUNKYSDREAM-Pat BookjunkysDream => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation)

Task: {9459F4CF-AC3F-4012-976E-F5D4BEB6602D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11] (Google Inc.)

Task: {A55071BE-35EE-44AB-9923-632E368F1790} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation)

Task: {BAD60DBD-9393-435E-9006-C39724215A52} - System32\Tasks\{06C77BE4-ACA9-45AA-BF99-760806114F29} => pcalua.exe -a D:\udfrinst.exe -d D:\ -c autorun

Task: {FB688180-3908-4255-9837-732F4363A14C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2014-10-13 10:45 - 2014-10-13 10:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll

2014-08-13 04:45 - 2014-08-13 04:45 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui

2014-06-24 14:33 - 2014-08-13 04:44 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui

2015-02-06 15:33 - 2015-02-06 15:33 - 00784712 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttpbr.mdl

2015-02-06 15:33 - 2015-02-06 15:33 - 00573544 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttpdsp.mdl

2015-02-06 15:33 - 2015-02-06 15:33 - 02657264 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttpph.mdl

2015-02-06 15:33 - 2015-02-06 15:33 - 01331648 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttprbl.mdl

2014-02-26 21:47 - 2015-02-05 15:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2012-08-06 12:24 - 2012-08-06 12:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-04-11 16:50 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2015-02-25 15:21 - 2014-12-23 15:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2014-02-03 18:55 - 2014-02-03 18:55 - 00792576 _____ () C:\Program Files\AskMrRobot\AmrTray.exe

2014-06-04 12:56 - 2015-02-17 07:49 - 00227000 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\Dashlane.exe

2014-05-13 21:56 - 2013-11-18 17:54 - 03234304 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe

2015-02-20 16:06 - 2015-02-17 21:34 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll

2015-02-20 16:06 - 2015-02-17 21:34 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll

2015-02-20 16:06 - 2015-02-17 21:34 - 10864456 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll

2014-06-04 12:56 - 2015-02-17 07:49 - 00232632 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\DashlanePlugin.exe

2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 00307384 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 00418488 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 00442040 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 30961336 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 00266936 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 05730488 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 06726840 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.2.4.78888.dll

2014-08-13 04:45 - 2014-10-13 10:44 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll

2015-02-10 17:00 - 2015-02-10 17:00 - 00750080 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-03-10 20:22 - 2015-03-10 20:22 - 00043008 _____ () c:\users\pat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyn5tuz.dll

2015-02-10 17:00 - 2015-02-10 17:00 - 00047616 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-02-10 17:00 - 2015-02-10 17:00 - 00865280 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-02-10 17:00 - 2015-02-10 17:00 - 00200704 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2014-05-13 21:56 - 2011-01-27 00:53 - 00028160 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\uiHook.dll

2014-06-17 18:10 - 2014-06-17 18:10 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

2014-06-17 18:10 - 2014-06-17 18:10 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

2014-04-14 07:47 - 2015-03-10 20:22 - 00046080 _____ () C:\Users\Pat\AppData\Local\Apps\2.0\8MA1RZ94.J9C\93NMYMD8.N6N\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll

2014-12-13 00:04 - 2014-12-13 00:04 - 00541696 _____ () C:\Users\Pat\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

2015-03-10 20:21 - 2015-03-10 20:21 - 00098816 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32api.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00110080 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\pywintypes27.dll

2015-03-10 20:21 - 2015-03-10 20:21 - 00364544 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\pythoncom27.dll

2015-03-10 20:21 - 2015-03-10 20:21 - 00045568 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\_socket.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 01160704 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\_ssl.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00320512 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32com.shell.shell.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00713216 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\_hashlib.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 01175040 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._core_.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00805888 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._gdi_.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00811008 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._windows_.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 01062400 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._controls_.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00735232 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._misc_.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00557056 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\pysqlite2._sqlite.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00128512 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\_elementtree.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00127488 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\pyexpat.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00087552 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\_ctypes.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00119808 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32file.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00108544 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32security.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00007168 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\hashobjs_ext.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00167936 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32gui.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00018432 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32event.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00038912 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32inet.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00011264 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32crypt.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00070656 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._html2.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00027136 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\_multiprocessing.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00035840 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32process.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00686080 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\unicodedata.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00122368 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._wizard.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00024064 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32pipe.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00025600 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32pdh.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00525640 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\windows._lib_cacheinvalidation.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00010240 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\select.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00017408 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32profile.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00022528 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\win32ts.pyd

2015-03-10 20:21 - 2015-03-10 20:21 - 00078336 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI54002\wx._animate.pyd

2014-11-16 01:28 - 2014-11-16 01:28 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 12115640 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 02047672 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 00183992 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.2.4.78888.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Pat\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\Pat\Desktop\ImgBurn.exe:BDU

AlternateDataStreams: C:\Users\Pat\Desktop\JRT.exe:BDU

AlternateDataStreams: C:\Users\Pat\Desktop\RogueKillerX64.exe:BDU

AlternateDataStreams: C:\Users\Pat\Downloads\Windows8-Setup.exe:BDU

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3951261367-891674079-5071855-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pat\Pictures\2014-04-11\Punkin\IMG_0219.JPG

DNS Servers: 192.168.1.254

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "WinZip Quick Pick.lnk"

HKLM\...\StartupApproved\Run32: => "WD Quick View"

HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\StartupApproved\Run: => "Amazon Cloud Player"

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3951261367-891674079-5071855-500 - Administrator - Disabled)

Guest (S-1-5-21-3951261367-891674079-5071855-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3951261367-891674079-5071855-1003 - Limited - Enabled)

Pat (S-1-5-21-3951261367-891674079-5071855-1001 - Administrator - Enabled) => C:\Users\Pat

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/11/2015 01:51:56 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

 

Error: (03/10/2015 08:18:33 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5

Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b

Exception code: 0xc0000005

Fault offset: 0x00000000000033c1

Faulting process id: 0x518

Faulting application start time: 0xFuel.Service.exe0

Faulting application path: Fuel.Service.exe1

Faulting module path: Fuel.Service.exe2

Report Id: Fuel.Service.exe3

Faulting package full name: Fuel.Service.exe4

Faulting package-relative application ID: Fuel.Service.exe5

 

Error: (03/10/2015 10:38:44 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ec

Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f

Exception code: 0xc0000135

Fault offset: 0x0009e0b2

Faulting process id: 0x1088

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

Faulting package full name: mbam.exe4

Faulting package-relative application ID: mbam.exe5

 

Error: (03/10/2015 10:33:05 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5

Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b

Exception code: 0xc0000005

Fault offset: 0x00000000000033c1

Faulting process id: 0x7ac

Faulting application start time: 0xFuel.Service.exe0

Faulting application path: Fuel.Service.exe1

Faulting module path: Fuel.Service.exe2

Report Id: Fuel.Service.exe3

Faulting package full name: Fuel.Service.exe4

Faulting package-relative application ID: Fuel.Service.exe5

 

Error: (03/10/2015 10:28:07 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

 

Error: (03/10/2015 04:00:49 AM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (03/10/2015 04:00:48 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll4

 

Error: (03/10/2015 03:58:42 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5

Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b

Exception code: 0xc0000005

Fault offset: 0x00000000000033c1

Faulting process id: 0x604

Faulting application start time: 0xFuel.Service.exe0

Faulting application path: Fuel.Service.exe1

Faulting module path: Fuel.Service.exe2

Report Id: Fuel.Service.exe3

Faulting package full name: Fuel.Service.exe4

Faulting package-relative application ID: Fuel.Service.exe5

 

Error: (03/07/2015 09:57:59 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1180

 

Start Time: 01d0594295d0f310

 

Termination Time: 4294967295

 

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

 

Report Id: 8af0c86e-c536-11e4-8325-74d4359309c7

 

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

 

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

 

Error: (03/07/2015 09:52:08 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

 

System errors:

=============

Error: (03/10/2015 08:20:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Bitdefender Virus Shield service hung on starting.

 

Error: (03/10/2015 08:19:10 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \SystemRoot\SysWow64\Drivers\UdfReadr.SYS

 

Error: (03/10/2015 08:18:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Superfetch service terminated with the following error: 

%%1062

 

Error: (03/10/2015 08:18:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (03/10/2015 11:26:36 AM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR12.

 

Error: (03/10/2015 11:26:36 AM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR12.

 

Error: (03/10/2015 11:26:36 AM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR12.

 

Error: (03/10/2015 11:26:36 AM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR12.

 

Error: (03/10/2015 11:16:27 AM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR8.

 

Error: (03/10/2015 11:16:27 AM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR8.

 

 

Microsoft Office Sessions:

=========================

Error: (03/11/2015 01:51:56 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Pat\Downloads\Installers\esetsmartinstaller_enu.exe

 

Error: (03/10/2015 08:18:33 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c151801d05b3f6617ac00C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll26c6fc38-c784-11e4-8327-74d4359309c7

 

Error: (03/10/2015 10:38:44 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.1.711542b53ecntdll.dll6.3.9600.1763054b0d74fc00001350009e0b2108801d05b3fe60ba0e3C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SYSTEM32\ntdll.dll26d5e9b3-c733-11e4-8327-74d4359309c7

 

Error: (03/10/2015 10:33:05 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c17ac01d05b084a37227eC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll5ca694ac-c732-11e4-8326-74d4359309c7

 

Error: (03/10/2015 10:28:07 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Pat\Downloads\Installers\esetsmartinstaller_enu.exe

 

Error: (03/10/2015 04:00:49 AM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (03/10/2015 04:00:48 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll4

 

Error: (03/10/2015 03:58:42 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c160401d05942741f73b6C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll44618217-c6fb-11e4-8325-74d4359309c7

 

Error: (03/07/2015 09:57:59 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: LiveComm.exe17.5.9600.20689118001d0594295d0f3104294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe8af0c86e-c536-11e4-8325-74d4359309c7microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

 

Error: (03/07/2015 09:52:08 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-03-04 00:55:44.518

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements.

 

  Date: 2015-03-04 00:55:44.516

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements.

 

  Date: 2015-03-03 19:42:58.658

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements.

 

  Date: 2015-03-03 19:42:58.547

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements.

 

  Date: 2015-03-03 18:08:38.534

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements.

 

  Date: 2014-06-24 11:27:38.555

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-06-24 11:27:38.452

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-06-24 11:27:38.265

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-06-24 09:09:45.615

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-06-24 09:09:45.510

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: AMD FX-4130 Quad-Core Processor 

Percentage of memory in use: 35%

Total physical RAM: 8173.53 MB

Available physical RAM: 5311.55 MB

Total Pagefile: 9453.53 MB

Available Pagefile: 5334.19 MB

Total Virtual: 131072 MB

Available Virtual: 131071.83 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.17 GB) (Free:513.55 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5F28E748)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Did you set up or know about a Proxy being enabled in Internet Explorer:

 

ProxyEnable: [s-1-5-21-3951261367-891674079-5071855-1001] => Internet Explorer proxy is enabled.

 

 

Did you add or know of this entry in the Hosts file:

 

 

Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net

 

What exactly do you mean with the following statement, what "add exchange" do you refer to?

 

 

No matter what I do I cannot get rid of your add exchange

 

Thank you,

 

Kevin.....

Link to post
Share on other sites

I never use internet explorer unless a web site requires it, such as certain VA web sites. The majority of tabs that are popping up have youraddexchange in them even if turn into something that looks totally unrelated before they get done. I had 22 open tabs worth of garbage when I came in this morning. I don't even have any favorite sites in internet explorer. By the time I got done closing all the garbage tabs this morning there were 22 of them, attacking a screen shot of them as open in Chrome.

post-163241-0-58362600-1426141965_thumb.

Link to post
Share on other sites

If there is something in ie, that i don't even use I really want to get rid of it. I did use ie once a few weeks before all the  garbage started. I used it for a function on a VA related web site that required it. We just found out I have been eligible for the Korean Defense Medal for years  and went to the page to get the appropriate paper work. Is there a setting I should enable in ie to make sure something never gets again?

Link to post
Share on other sites

Continue as follows please:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

 


  •  

     


  • Double click on Adwcleaner.exe to run the tool.

     

     


  • Click on Scan

     

     


  • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed

     

     


  • You will get a prompt asking to close all programs. Click OK.

     

     


  • Click OK again to reboot your computer.

     

     


  • A text file will open after the restart. Please post the content of that logfile in your reply.

     

     


  • You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

     

     



 

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

 


  •  

     


  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)

     

     


  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

     

     


  • The tool will open and start scanning your system.

     

     


  • Please be patient as this can take a while to complete depending on your system's specifications.

     

     


  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

     

     


  • Post the contents of JRT.txt into your next message.

     

     



 

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs in your next reply, also give an update on any remaining issues or concersn....

 

Thanks,

 

Kevin....

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

lp.ilividnewtab.com is what most tabs turn into after Adblocker plus gets hold of them but they start as saying youradexchange before they turn into that. I am not sure if that make sense or not I also see a lot of marvel tabs and some game things I am not interested in. I play World of Warcraft and the add ons like curse client I use with that I have used for 8 years without a problem and 95% of those who raid in the game use Mr Robot without a problem.

Link to post
Share on other sites

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Pat (administrator) on BOOKJUNKYSDREAM on 13-03-2015 06:58:40
Running from C:\Users\Pat\Downloads\Installers
Loaded Profiles: Pat (Available profiles: Pat)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\CometBird\cometbird.exe" -requestPending -osint -url "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
() C:\Program Files\AskMrRobot\AmrTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Amazon Digital Services, LLC.) C:\Users\Pat\AppData\Local\Apps\2.0\8MA1RZ94.J9C\93NMYMD8.N6N\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe
(Dropbox, Inc.) C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Sun Microsystems, Inc.) C:\Users\Pat\AppData\Local\Apps\2.0\8MA1RZ94.J9C\93NMYMD8.N6N\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Users\Pat\AppData\Roaming\Dashlane\DashlanePlugin.exe
() C:\Users\Pat\AppData\Roaming\Dashlane\Dashlane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1757520 2014-12-09] (Bitdefender)
HKLM\...\Run: [Ask Mr. Robot] => C:\Program Files\AskMrRobot\AmrTray.exe [792576 2014-02-03] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [PerditiongmmouseRun] => C:\Program Files (x86)\REDRAGON GAMING MOUSE\pdmon.exe [3234304 2013-11-18] ()
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [Dashlane] => C:\Users\Pat\AppData\Roaming\Dashlane\Dashlane.exe [227000 2015-02-17] ()
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-09] (Bitdefender)
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3951261367-891674079-5071855-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-09] (Bitdefender)
HKU\S-1-5-18\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing LP)
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [s-1-5-21-3951261367-891674079-5071855-1001] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3951261367-891674079-5071855-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3951261367-891674079-5071855-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2014-08-13] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-02] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-08-21] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll [2014-08-13] (Bitdefender)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll [2014-08-21] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-06-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-29] (Microsoft Corporation)
Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://hsrd.yahoo.com/_ylt=Ap7baCq5xIi8aj53VbU6G9GbvZx4/RV=1/RE=1418774642/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cHM6Ly93d3cueWFob28uY29tLw--/RS=%5EADAV42NLp4bTaYYKLtMRe25WUJN8D8-
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-11-07] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Evernote Web Clipper - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-08-21]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-02-26]
FF Extension: Facebook Ads Block - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\jid1-CGxMej0nDJTjwQ@jetpack.xpi [2015-02-26]
FF Extension: Clearly - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\readable@evernote.com.xpi [2014-08-21]
FF Extension: Auto-Sort Bookmarks - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\sortbookmarks@bouanto.xpi [2015-02-26]
FF Extension: The Addon Bar (restored) - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2015-02-26]
FF Extension: Download Status Bar - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2015-02-26]
FF Extension: Adblock Plus - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\upvm70ad.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-26]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-06-24]
FF Extension: Dashlane - C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2015-02-19]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/?r644=1325500449
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/?r644=1329216927", "https://www.facebook.com/","hxxp://www.google.com/", "hxxp://websearch.amaizingsearches.info/?pid=377&r=2014/04/15&hid=12534082340414630104&lg=EN&cc=US&unqvl=51", "hxxp://www.default-search.net?sid=476&aid=100&itype=n&ver=12349&tm=334&src=hmp", "hxxp://www.default-search.net?sid=476&aid=100&itype=a&ver=12521&tm=334&src=hmp", "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_43_ch&cd=2XzuyEtN2Y1L1QzuyByE0DyEtAyDzytAtDzy0CyB0D0BzytCtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0F0F0E0CtDtB0FtGtAtCtC0CtGyByDyDtAtGtC0FyEyBtGyC0AtAyByBzzyEyEyBtC0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0EzyyByEyB0EtG0CtCyD0FtGyEyEyBzztG0ByE0A0EtGtDtCyCtA0EzyyBzzyBtC0B0E2Q&cr=1245928839&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (PDF to Word Converter) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aflgemggaffjfjmjchhckncplcfioiid [2014-05-13]
CHR Extension: (Google Docs) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-11]
CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2014-05-13]
CHR Extension: (Google Drive) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-11]
CHR Extension: (ABP ( Adblock Plus )) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\begnflkjkcebjioagifeaongciheiogj [2015-02-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (Adguard AdBlocker) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-02-10]
CHR Extension: (YouTube) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-11]
CHR Extension: (World of Warcraft Map) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnneemhnjgncpnfdcofcpobbaaifjclc [2015-02-26]
CHR Extension: (Adblock Plus) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-01]
CHR Extension: (Silverlight for Chrome) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgnklfhofbcfndknbonklnijndoeknal [2015-02-01]
CHR Extension: (Adblock for Youtube™) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-02-26]
CHR Extension: (Google Search) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-11]
CHR Extension: (Kingdoms Of Camelot) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkadejngfdiifodimfhejphllfecigmm [2014-04-11]
CHR Extension: (Easy Clock) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplbpgapoedppajbikieafefmcceaagn [2014-05-20]
CHR Extension: (Autocomplete = on) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh [2014-04-11]
CHR Extension: (Google Calendar) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-04-11]
CHR Extension: (Pandora) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-05-13]
CHR Extension: (Dashlane) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2015-02-12]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2015-02-26]
CHR Extension: (AdBlock) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-15]
CHR Extension: (QuickTime for Chrome) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\glkdifongmamddfegpjkmghbmoikkjai [2015-02-01]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-05-13]
CHR Extension: (VoiceNote II - Speech to text) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2014-05-13]
CHR Extension: (CloudConvert) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2014-05-13]
CHR Extension: (Read the Bible) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbiofnodpilbapfbjilbkgbaokknihg [2014-05-13]
CHR Extension: (Dropbox) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-02-26]
CHR Extension: (Clearly) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2014-05-18]
CHR Extension: (Google Tasks Offline (Unofficial)) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekhpicinnaamcmadbipjejafgkjdokh [2014-05-13]
CHR Extension: (iBreviary) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldklipcfhnmkcanfbhkabmbpdhoahcfg [2014-04-11]
CHR Extension: (the Mobile Catholic) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcefjbgoeionpamjaemafhnogabjof [2014-05-13]
CHR Extension: (iCloud Dashboard) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgojgddhfhekopdpkocobommepgdeffb [2015-02-12]
CHR Extension: (Google Play Books) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-05-13]
CHR Extension: (OneDrive) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-02-26]
CHR Extension: (Google Wallet) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-11]
CHR Extension: (WordToPdf - A Word to Pdf Converter) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\oegaegenphlmcphgannobdndkoimkocj [2014-05-13]
CHR Extension: (Offline Solitaire) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojldfpglenpceffckkjhajofdbpkfgmn [2014-05-13]
CHR Extension: (Picasa) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-05-13]
CHR Extension: (Recovery Password) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpdleddmnabebaibkllglcmldpbobpm [2014-05-13]
CHR Extension: (Outlook.com) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-04-12]
CHR Extension: (Evernote Web Clipper) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-05-13]
CHR Extension: (Gmail) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-11]
CHR HKU\S-1-5-21-3951261367-891674079-5071855-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-12-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1538672 2014-12-09] (Bitdefender)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-12-09] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [263032 2014-12-09] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-03-07] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-12-09] (BitDefender S.R.L.)
S1 UdfReadr; C:\Windows\SysWow64\Drivers\UdfReadr.sys [206368 2000-06-15] (Adaptec)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [233160 2013-01-02] (VIA Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
U4 iSafeNetFilter; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-12 11:45 - 2015-03-12 11:45 - 00003576 _____ () C:\Windows\System32\Tasks\Bitdefender Autoscan
2015-03-12 11:24 - 2015-03-12 11:24 - 00000762 _____ () C:\Users\Pat\Desktop\JRT.txt
2015-03-12 09:24 - 2015-03-12 09:55 - 00000000 ____D () C:\Users\Pat\Downloads\Betty Jo
2015-03-12 01:58 - 2015-03-12 01:58 - 00185253 _____ () C:\Users\Public\Desktop\bdsyslog.zip
2015-03-11 01:33 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-11 01:33 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-11 01:33 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-11 01:33 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-11 01:33 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-11 01:33 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-11 01:33 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-11 01:32 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 01:32 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 01:32 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 01:32 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 01:32 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 01:32 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 01:32 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 01:32 - 2015-02-06 19:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-11 01:32 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-11 01:32 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-11 01:32 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-11 01:32 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-11 01:32 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-11 01:32 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-11 01:32 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-11 01:32 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 01:32 - 2015-01-29 23:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-11 01:32 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-11 01:32 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-11 01:32 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-11 01:32 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-11 01:32 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-11 01:32 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-11 01:32 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-11 01:32 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-11 01:32 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-11 01:32 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-11 01:32 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-11 01:32 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-11 01:32 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-11 01:32 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-11 01:32 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-11 01:32 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 01:32 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-11 01:32 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-11 01:32 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 01:32 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-11 01:32 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-11 01:32 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-11 01:32 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-11 01:32 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 01:32 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-11 01:32 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-11 01:32 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-11 01:32 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-11 01:32 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 01:32 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 01:32 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-11 01:32 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-11 01:31 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 01:31 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 01:31 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 01:31 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-11 01:31 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 01:31 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 01:31 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 01:31 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 01:31 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 01:31 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 01:31 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 01:31 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 01:31 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 01:31 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 01:31 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-11 01:31 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 01:31 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 01:31 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 01:31 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-11 01:31 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-11 01:31 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-11 01:31 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 01:31 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 01:31 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 01:31 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 01:31 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 01:31 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-11 01:31 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-11 01:31 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 01:31 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-11 01:31 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 01:31 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 01:31 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 01:31 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 01:31 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 01:31 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 01:31 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 01:31 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 01:31 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 01:31 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-11 01:31 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-11 01:31 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 01:31 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 01:31 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 01:31 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 01:31 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-11 01:31 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-11 01:31 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 01:31 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 01:31 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-10 05:20 - 2015-03-10 05:20 - 00182019 _____ () C:\Users\Pat\Desktop\bdsyslog.zip
2015-03-07 21:51 - 2015-03-07 21:51 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-07 06:09 - 2015-03-07 06:09 - 00000000 ____D () C:\Windows\Fish Screensave
2015-03-05 05:30 - 2015-03-05 05:30 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2015-03-04 03:43 - 2015-03-12 11:34 - 00000000 ____D () C:\AdwCleaner
2015-03-03 18:47 - 2015-03-03 18:47 - 00003108 _____ () C:\Windows\System32\Tasks\{0785AB04-54A7-4A38-968D-0AAB97F58706}
2015-03-03 07:40 - 2015-03-04 03:52 - 00000000 ____D () C:\Windows\system32\log
2015-03-02 23:46 - 2015-03-03 07:51 - 00000000 ___HD () C:\$WINDOWS.~BT
2015-03-02 23:04 - 2015-03-02 23:47 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-03-02 23:04 - 2015-03-02 23:47 - 00001908 _____ () C:\Windows\diagerr.xml
2015-03-02 22:51 - 2015-03-02 22:53 - 2894594048 _____ () C:\Users\Pat\Desktop\Windows.iso
2015-03-02 22:51 - 2015-03-02 22:51 - 00001425 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Install Windows.lnk
2015-03-02 22:04 - 2015-03-02 22:04 - 00000000 __RHD () C:\ESD
2015-03-02 22:02 - 2015-03-02 22:03 - 05487040 _____ (Microsoft Corporation) C:\Users\Pat\Downloads\Windows8-Setup.exe
2015-03-02 21:55 - 2015-03-04 03:57 - 00000000 ____D () C:\Users\Pat\AppData\Local\LogMeIn Rescue Applet
2015-03-02 20:42 - 2015-03-02 21:24 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\ImgBurn
2015-03-02 20:39 - 2015-03-02 20:39 - 02747392 _____ (LIGHTNING UK!) C:\Users\Pat\Desktop\ImgBurn.exe
2015-03-02 20:28 - 2015-03-02 20:35 - 377118720 _____ () C:\Users\Pat\Desktop\EasyRE Professional for Windows 8.iso
2015-03-02 20:08 - 2015-03-02 20:08 - 00003192 _____ () C:\Windows\System32\Tasks\{68DE6CEC-BF3A-4188-AA4E-17A44EADF5A3}
2015-02-26 03:51 - 2015-02-26 03:51 - 00000000 ____D () C:\ProgramData\bdch
2015-02-25 06:49 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 06:49 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-20 13:48 - 2015-02-20 13:51 - 80271640 _____ () C:\Users\Pat\Desktop\DB-Norris_ Chuck - Abraham_ Ken Against all odds_ my story  DB60819.zip
2015-02-20 13:43 - 2015-02-20 14:08 - 1288145457 _____ () C:\Users\Pat\Desktop\DB-Jones_ Alexander The Jerusalem Bible DB57847.zip
2015-02-20 10:15 - 2015-03-07 21:49 - 00000520 _____ () C:\Windows\system32\.crusader
2015-02-20 10:00 - 2015-02-20 10:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-19 17:04 - 2015-02-19 17:04 - 00001765 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-19 17:04 - 2015-02-19 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-19 17:03 - 2015-02-19 17:04 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-19 17:03 - 2015-02-19 17:04 - 00000000 ____D () C:\Program Files\iTunes
2015-02-19 17:03 - 2015-02-19 17:03 - 00000000 ____D () C:\Program Files\iPod
2015-02-19 17:03 - 2015-02-19 17:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-15 14:27 - 2015-03-02 20:03 - 00000000 ____D () C:\Program Files (x86)\Top Password
2015-02-15 14:27 - 2015-02-15 14:27 - 00001043 _____ () C:\Users\Pat\Desktop\ISO2Disc.lnk
2015-02-15 14:27 - 2015-02-15 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO2Disc
2015-02-15 14:21 - 2015-02-15 14:21 - 00001029 _____ () C:\Users\Public\Desktop\ISO to USB.lnk
2015-02-15 14:21 - 2015-02-15 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB
2015-02-15 14:21 - 2015-02-15 14:21 - 00000000 ____D () C:\Program Files (x86)\ISO to USB
2015-02-13 15:08 - 2015-02-13 15:08 - 00000927 _____ () C:\Users\Pat\Documents - Shortcut.lnk
2015-02-13 14:44 - 2015-02-13 14:44 - 00003432 ____N () C:\bootsqm.dat
2015-02-13 14:44 - 2015-02-13 14:44 - 00000000 __SHD () C:\found.000
2015-02-13 13:41 - 2015-02-13 13:41 - 00000000 _____ () C:\Windows\system32\atiicdxx.dat
2015-02-13 13:41 - 2015-02-13 13:41 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-02-11 15:59 - 2015-02-11 15:59 - 00002145 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-02-11 15:59 - 2015-02-05 13:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-11 15:56 - 2015-02-05 17:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-11 15:56 - 2015-02-05 17:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00833680 _____ () C:\Windows\system32\nvmcumd.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-11 15:56 - 2015-02-05 17:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-11 00:40 - 2015-01-15 18:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 00:40 - 2015-01-15 18:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 00:40 - 2015-01-14 00:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 00:40 - 2015-01-13 23:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 00:40 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 00:40 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 00:39 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 00:39 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 00:39 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 00:39 - 2015-01-11 21:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 00:38 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 00:38 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 00:38 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-13 06:58 - 2014-11-25 18:21 - 00000000 ____D () C:\FRST
2015-03-13 06:58 - 2014-04-14 21:41 - 00000000 ____D () C:\Users\Pat\Downloads\Installers
2015-03-13 06:45 - 2014-08-28 05:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-13 06:41 - 2014-04-11 16:18 - 00000000 ____D () C:\Users\Pat\AppData\Local\Deployment
2015-03-13 06:36 - 2014-04-11 20:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-13 06:14 - 2014-02-26 21:41 - 02000190 _____ () C:\Windows\WindowsUpdate.log
2015-03-13 06:05 - 2014-04-11 16:18 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-13 06:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-13 05:13 - 2014-04-11 15:16 - 00003590 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3951261367-891674079-5071855-1001
2015-03-13 05:07 - 2014-12-02 19:55 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-13 04:50 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-13 04:44 - 2014-04-11 15:47 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A637678E-0838-402C-B91D-96D3F723569D}
2015-03-12 22:05 - 2014-04-11 16:18 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 21:11 - 2014-04-11 17:03 - 00004992 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for BOOKJUNKYSDREAM-Pat BookjunkysDream
2015-03-12 20:54 - 2014-02-26 21:46 - 00956540 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-12 20:51 - 2014-05-08 09:43 - 00000000 ___RD () C:\Users\Pat\Dropbox
2015-03-12 20:51 - 2014-05-08 09:41 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dropbox
2015-03-12 20:51 - 2014-04-20 23:07 - 00000000 ___RD () C:\Users\Pat\Google Drive
2015-03-12 20:50 - 2014-09-23 23:16 - 00000000 ___RD () C:\Users\Pat\iCloudDrive
2015-03-12 20:50 - 2014-04-11 15:11 - 00000000 ___DO () C:\Users\Pat\SkyDrive
2015-03-12 20:49 - 2014-04-11 22:53 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-03-12 20:48 - 2013-08-22 10:46 - 00007729 _____ () C:\Windows\setupact.log
2015-03-12 20:48 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 20:47 - 2014-02-26 21:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-12 20:46 - 2013-08-22 10:44 - 00380944 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 20:43 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 20:43 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 20:43 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 20:43 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 20:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 20:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 20:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 20:42 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-12 11:34 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-03-12 11:15 - 2014-06-28 19:06 - 00000000 ____D () C:\Users\Pat\AppData\Local\CrashDumps
2015-03-12 11:10 - 2014-04-11 17:03 - 00000000 ___RD () C:\Users\Pat\OneDrive
2015-03-12 11:08 - 2014-05-08 09:43 - 00001068 _____ () C:\Users\Pat\Desktop\Dropbox.lnk
2015-03-12 11:08 - 2014-05-08 09:42 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-12 10:52 - 2014-02-26 22:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 10:46 - 2014-02-26 22:01 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 05:27 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-11 01:45 - 2014-04-11 15:10 - 00000000 ____D () C:\Users\Pat\AppData\Local\VirtualStore
2015-03-10 11:28 - 2014-05-08 17:52 - 00000000 ____D () C:\Users\Pat\Desktop\Ebook library
2015-03-10 03:59 - 2014-02-26 21:37 - 01025958 _____ () C:\Windows\PFRO.log
2015-03-10 03:58 - 2014-04-11 22:13 - 00000000 ____D () C:\Users\Pat\AppData\Local\Battle.net
2015-03-08 04:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-05 05:36 - 2014-12-08 14:05 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-04 17:24 - 2014-11-13 03:15 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 17:24 - 2014-11-13 03:15 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-04 03:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\TAPI
2015-03-03 04:38 - 2014-07-08 07:44 - 00000000 ____D () C:\Users\Pat\Desktop\Unused Desktop Icons
2015-03-03 00:31 - 2014-04-14 21:38 - 00000000 ____D () C:\Users\Pat\Downloads\Books
2015-03-02 23:46 - 2013-08-22 10:46 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-02 23:43 - 2014-09-30 08:46 - 00000000 ____D () C:\Users\Pat\Downloads\Documents\Personal
2015-03-02 21:53 - 2014-12-08 13:49 - 00000000 __SHD () C:\Users\Pat\AppData\Local\EmieBrowserModeList
2015-02-28 07:02 - 2014-04-11 22:15 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-02-26 19:58 - 2014-04-11 22:13 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-26 07:59 - 2014-04-18 07:48 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\TS3Client
2015-02-26 07:53 - 2014-04-14 10:22 - 00071168 ___SH () C:\Users\Pat\Downloads\Thumbs.db
2015-02-25 15:22 - 2014-04-11 16:50 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-25 14:16 - 2014-05-14 07:59 - 00000000 ____D () C:\Users\Pat\AppData\Temp
2015-02-24 18:05 - 2014-04-11 22:18 - 00001244 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2015-02-19 17:21 - 2014-06-04 12:56 - 00001958 _____ () C:\Users\Pat\Desktop\Dashlane.lnk
2015-02-19 17:21 - 2014-06-04 12:54 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dashlane
2015-02-19 17:09 - 2014-04-11 15:10 - 00000000 ____D () C:\Users\Pat
2015-02-19 17:03 - 2014-04-11 17:31 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-19 06:41 - 2015-01-12 11:12 - 00000000 ____D () C:\Users\Pat\AppData\Local\Adobe
2015-02-16 06:03 - 2014-11-30 01:09 - 00130048 ___SH () C:\Users\Pat\Desktop\Thumbs.db
2015-02-14 17:25 - 2014-07-02 17:57 - 00000000 ____D () C:\Users\Pat\AppData\Local\Nero
2015-02-14 17:22 - 2014-05-23 08:44 - 00000000 ____D () C:\Users\Pat\AppData\Local\Bandizip
2015-02-14 11:09 - 2014-05-22 18:01 - 00000000 ____D () C:\Users\Pat\Downloads\Documents\CFP
2015-02-14 03:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2015-02-12 09:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-11 15:59 - 2014-02-26 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
 
==================== Files in the root of some directories =======
 
2014-05-14 07:54 - 2014-05-14 07:54 - 0582957 _____ () C:\ProgramData\1400067679.bdinstall.bin
2014-06-02 21:31 - 2014-06-02 21:31 - 0856200 _____ () C:\ProgramData\1401757402.bdinstall.bin
2014-06-24 07:11 - 2014-06-24 07:11 - 0244214 _____ () C:\ProgramData\1403608110.bdinstall.bin
2014-06-24 14:35 - 2014-06-24 14:35 - 0572174 _____ () C:\ProgramData\1403634396.bdinstall.bin
 
Some content of TEMP:
====================
C:\Users\Pat\AppData\Local\Temp\BANDIZIP-SETUP.EXE
C:\Users\Pat\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc4ycqx.dll
C:\Users\Pat\AppData\Local\Temp\msvcp120.dll
C:\Users\Pat\AppData\Local\Temp\msvcr120.dll
C:\Users\Pat\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Pat\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Pat\AppData\Local\Temp\nvStInst.exe
C:\Users\Pat\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\Pat\AppData\Local\Temp\Quarantine.exe
C:\Users\Pat\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Pat\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-13 23:59
 
==================== End Of Log ============================
Link to post
Share on other sites

 



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015

Ran by Pat at 2015-03-13 06:59:46

Running from C:\Users\Pat\Downloads\Installers

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ActiveState ActivePython 2.7.6.9 (32-bit) (HKLM-x32\...\{B6FB74C1-B37C-44BC-A1C7-38B8DB3FC996}) (Version: 2.7.9 - ActiveState Software Inc.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Amazon Cloud Drive (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)

Amazon Cloud Player (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)

Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.239 - Amazon)

AMD Catalyst Install Manager (HKLM\...\{A731A859-7426-DEB6-80A3-E6A2508DC85A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)

AmrAddonInstall (Version: 1.2.8.0 - Microsoft) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Ask Mr. Robot (HKLM-x32\...\{86e39a0a-85dd-4d6f-b1cd-46d8208bd2e9}) (Version: 1.3.17.0 - Ask Mr. Robot)

Ask Mr. Robot (Version: 1.3.17.0 - Ask Mr. Robot) Hidden

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1929380210.4759644.48.2147344384 - Audible, Inc.)

Bandizip (HKLM\...\Bandizip) (Version: 5.05 - Bandisoft.com)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 17.28.0.1191 - Bitdefender)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

calibre 64bit (HKLM\...\{31ED17F1-B223-404B-9415-C31404A24CE9}) (Version: 2.16.0 - Kovid Goyal)

CometBird 11.0 (x86 en-US) (HKLM-x32\...\CometBird 11.0 (x86 en-US)) (Version: 11.0 - CometNetwork)

Curse Client (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dashlane (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Dashlane) (Version: 3.2.4.78888 - Dashlane SAS)

Dropbox (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)

Easy Computer Sync (HKLM-x32\...\Easy Computer Sync) (Version: 2.0 - Bravura Software LLC)

eReader (HKLM-x32\...\{ED8BB1CA-535A-408D-85C9-ED1986D2B85E}) (Version:  - )

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Evernote v. 5.4.1 (HKLM-x32\...\{A5F7DF42-F67D-11E3-B7EB-00163E98E7D6}) (Version: 5.4.1.3962 - Evernote Corp.)

EverQuest (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\soe-EverQuest) (Version: 1.0.3.183 - Sony Online Entertainment)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)

Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)

Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)

ISO2Disc 1.05 (HKLM-x32\...\ISO2Disc_is1) (Version:  - Top Password Software, Inc.)

iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)

Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)

Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)

Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)

Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)

Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)

MTP Porting Kit (HKLM-x32\...\{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp)

Nero MediaHome Free (HKLM-x32\...\{6CC8CA12-AD2B-4C07-B2C4-B32CDBF5F29D}) (Version: 15.0.01800 - Nero AG)

NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)

NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)

NVIDIA Miracast Virtual Audio 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

OverDrive Media Console (HKLM-x32\...\{7326DA0C-C09B-491C-81FF-6DA12B2256BB}) (Version: 3.3.0 - OverDrive, Inc.)

Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.)

Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden

Pharaoh (HKLM-x32\...\Pharaoh) (Version:  - )

Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden

Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)

REDRAGON GAMING MOUSE version 1.1 (HKLM-x32\...\{6513799F-D2B9-4BEA-A76E-52249156A2B5}_is1) (Version: 1.1 - redragonzone)

SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden

SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

WD Quick View (HKLM-x32\...\{63911503-7EA4-4685-B2FD-D391EF622FB9}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)

WD SmartWare (HKLM\...\{34C6812E-E231-4B13-9DAC-21E06ECA864A}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)

WD SmartWare Installer (HKLM-x32\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)

Windows 8 Portable Device Enabling Kit for MTP - Tools, Version 8 (HKLM-x32\...\{F04FB07B-0C96-48F8-95BB-FF8CAD522D2F}) (Version: 1 - Microsoft Corporation)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinZip (HKLM-x32\...\WinZip) (Version:  10.0  (6667) - WinZip Computing LP)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\Pat\AppData\Local\Bandizip\bdzshl64.dll (Bandisoft.com)

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{ddef1ef4-9e08-4b76-9267-1b800cddf116}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Pat\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3951261367-891674079-5071855-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 09:25 - 2014-04-18 02:01 - 00000867 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 d3oxij66pru1i3.cloudfront.net

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {1BAB1A57-D423-4298-BA5F-DC1E1414CF39} - System32\Tasks\{0785AB04-54A7-4A38-968D-0AAB97F58706} => pcalua.exe -a "C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe"

Task: {1FB941D5-8B93-4909-B45A-288FE1E66AA0} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3951261367-891674079-5071855-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Task: {24416CEE-170F-4AD8-B01E-0D3FE696811E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11] (Google Inc.)

Task: {3636007D-429D-48E0-8307-02C59202DA47} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {476185A3-1D79-44F9-AF08-B01C434A3B30} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-12] (Microsoft Corporation)

Task: {4A9FBEB4-87D2-4DE6-ADE8-3713696E50C2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)

Task: {6A846E28-89DB-4CDA-8A1F-69B6A6063A78} - System32\Tasks\{68DE6CEC-BF3A-4188-AA4E-17A44EADF5A3} => pcalua.exe -a C:\Users\Pat\AppData\Local\Microsoft\Windows\Burn\Burn\Windows_Password_Key_Standard_trial.exe

Task: {6E1721AC-8545-4A30-B0D2-8CDC4E7B1FCD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)

Task: {6F8185EA-BF45-4911-93AB-A316409DC4DF} - System32\Tasks\{9735F59D-DE47-4442-9B63-59C7ACDDEBA3} => pcalua.exe -a D:\ZToolBar.exe -d D:\

Task: {754F475B-25E7-4FB2-99C1-D73DC17C2F7B} - System32\Tasks\{E8C47BE1-F0CC-4BEA-A206-CFC603AF8716} => pcalua.exe -a C:\PROGRA~2\WSE_AS~1\\uninstall.exe

Task: {7C98B129-8DAC-49AF-BAE9-D8181993C69F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BOOKJUNKYSDREAM-Pat BookjunkysDream => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation)

Task: {93214BBB-7CFD-400A-81FA-9DCC2405DADC} - System32\Tasks\Bitdefender Autoscan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2014-08-13] (Bitdefender)

Task: {9459F4CF-AC3F-4012-976E-F5D4BEB6602D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11] (Google Inc.)

Task: {BAD60DBD-9393-435E-9006-C39724215A52} - System32\Tasks\{06C77BE4-ACA9-45AA-BF99-760806114F29} => pcalua.exe -a D:\udfrinst.exe -d D:\ -c autorun

Task: {FB688180-3908-4255-9837-732F4363A14C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2014-10-13 10:45 - 2014-10-13 10:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll

2014-08-13 04:45 - 2014-08-13 04:45 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui

2014-06-24 14:33 - 2014-08-13 04:44 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui

2015-02-06 15:33 - 2015-02-06 15:33 - 00784712 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttpbr.mdl

2015-02-06 15:33 - 2015-02-06 15:33 - 00573544 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttpdsp.mdl

2015-02-06 15:33 - 2015-02-06 15:33 - 02657264 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttpph.mdl

2015-02-06 15:33 - 2015-02-06 15:33 - 01331648 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_005\ashttprbl.mdl

2014-02-26 21:47 - 2015-02-05 15:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2012-08-06 12:24 - 2012-08-06 12:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-04-11 16:50 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2015-02-25 15:21 - 2014-12-23 15:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2014-02-03 18:55 - 2014-02-03 18:55 - 00792576 _____ () C:\Program Files\AskMrRobot\AmrTray.exe

2014-05-13 21:56 - 2013-11-18 17:54 - 03234304 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe

2015-02-20 16:06 - 2015-02-17 21:34 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll

2015-02-20 16:06 - 2015-02-17 21:34 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll

2015-02-20 16:06 - 2015-02-17 21:34 - 10864456 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll

2014-06-04 12:56 - 2015-02-17 07:49 - 00232632 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\DashlanePlugin.exe

2014-06-04 12:56 - 2015-02-17 07:49 - 00227000 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\Dashlane.exe

2015-02-20 16:06 - 2015-02-17 21:34 - 26771784 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll

2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-08-13 04:45 - 2014-10-13 10:44 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll

2015-03-04 18:08 - 2015-03-04 18:08 - 00750080 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-03-12 20:51 - 2015-03-12 20:51 - 00043008 _____ () c:\users\pat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc4ycqx.dll

2015-03-04 18:08 - 2015-03-04 18:08 - 00047616 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-03-04 18:08 - 2015-03-04 18:08 - 00865280 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-03-04 18:07 - 2015-03-04 18:07 - 00200704 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2014-05-13 21:56 - 2011-01-27 00:53 - 00028160 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\uiHook.dll

2014-06-17 18:10 - 2014-06-17 18:10 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

2014-06-17 18:10 - 2014-06-17 18:10 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

2014-04-14 07:47 - 2015-03-12 20:52 - 00046080 _____ () C:\Users\Pat\AppData\Local\Apps\2.0\8MA1RZ94.J9C\93NMYMD8.N6N\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll

2014-12-13 00:04 - 2014-12-13 00:04 - 00541696 _____ () C:\Users\Pat\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

2015-03-12 20:50 - 2015-03-12 20:50 - 00098816 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32api.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00110080 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\pywintypes27.dll

2015-03-12 20:50 - 2015-03-12 20:50 - 00364544 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\pythoncom27.dll

2015-03-12 20:50 - 2015-03-12 20:50 - 00045568 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\_socket.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 01160704 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\_ssl.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00320512 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32com.shell.shell.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00713216 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\_hashlib.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 01175040 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._core_.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00805888 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._gdi_.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00811008 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._windows_.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 01062400 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._controls_.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00735232 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._misc_.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00557056 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\pysqlite2._sqlite.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00128512 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\_elementtree.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00127488 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\pyexpat.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00087552 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\_ctypes.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00119808 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32file.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00108544 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32security.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00007168 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\hashobjs_ext.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00167936 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32gui.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00018432 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32event.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00038912 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32inet.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00011264 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32crypt.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00070656 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._html2.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00027136 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\_multiprocessing.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00035840 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32process.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00686080 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\unicodedata.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00122368 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._wizard.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00024064 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32pipe.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00025600 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32pdh.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00525640 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\windows._lib_cacheinvalidation.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00010240 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\select.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00017408 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32profile.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00022528 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\win32ts.pyd

2015-03-12 20:50 - 2015-03-12 20:50 - 00078336 _____ () C:\Users\Pat\AppData\Local\Temp\_MEI55722\wx._animate.pyd

2014-11-16 01:28 - 2014-11-16 01:28 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 05730488 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 00442040 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 30961336 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 00418488 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 00307384 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 12115640 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 00266936 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 02047672 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 00183992 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.2.4.78888.dll

2015-02-17 07:48 - 2015-02-17 07:48 - 06726840 _____ () C:\Users\Pat\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.2.4.78888.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Pat\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\Pat\Desktop\ImgBurn.exe:BDU

AlternateDataStreams: C:\Users\Pat\Desktop\JRT.exe:BDU

AlternateDataStreams: C:\Users\Pat\Desktop\RogueKillerX64.exe:BDU

AlternateDataStreams: C:\Users\Pat\Downloads\Windows8-Setup.exe:BDU

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3951261367-891674079-5071855-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pat\Pictures\2014-04-11\Punkin\IMG_0219.JPG

DNS Servers: 192.168.1.254

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "WinZip Quick Pick.lnk"

HKLM\...\StartupApproved\Run32: => "WD Quick View"

HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

HKU\S-1-5-21-3951261367-891674079-5071855-1001\...\StartupApproved\Run: => "Amazon Cloud Player"

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3951261367-891674079-5071855-500 - Administrator - Disabled)

Guest (S-1-5-21-3951261367-891674079-5071855-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3951261367-891674079-5071855-1003 - Limited - Enabled)

Pat (S-1-5-21-3951261367-891674079-5071855-1001 - Administrator - Enabled) => C:\Users\Pat

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/12/2015 08:49:15 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)

Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.

 

Error: (03/12/2015 08:49:15 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)

Description: Event provider  attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.

 

Error: (03/12/2015 08:44:40 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5

Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b

Exception code: 0xc0000005

Fault offset: 0x00000000000033c1

Faulting process id: 0x7cc

Faulting application start time: 0xFuel.Service.exe0

Faulting application path: Fuel.Service.exe1

Faulting module path: Fuel.Service.exe2

Report Id: Fuel.Service.exe3

Faulting package full name: Fuel.Service.exe4

Faulting package-relative application ID: Fuel.Service.exe5

 

Error: (03/12/2015 11:34:15 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5

Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b

Exception code: 0xc0000005

Fault offset: 0x00000000000033c1

Faulting process id: 0x7f4

Faulting application start time: 0xFuel.Service.exe0

Faulting application path: Fuel.Service.exe1

Faulting module path: Fuel.Service.exe2

Report Id: Fuel.Service.exe3

Faulting package full name: Fuel.Service.exe4

Faulting package-relative application ID: Fuel.Service.exe5

 

 

System errors:

=============

Error: (03/12/2015 11:57:56 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

 

Error: (03/12/2015 08:56:23 PM) (Source: volsnap) (EventID: 14) (User: )

Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

 

Error: (03/12/2015 08:47:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Bitdefender Virus Shield service hung on starting.

 

Error: (03/12/2015 08:45:23 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \SystemRoot\SysWow64\Drivers\UdfReadr.SYS

 

Error: (03/12/2015 08:44:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (03/12/2015 02:57:50 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

 

Error: (03/12/2015 11:34:48 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \SystemRoot\SysWow64\Drivers\UdfReadr.SYS

 

Error: (03/12/2015 11:34:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (03/12/2015 11:31:34 AM) (Source: DCOM) (EventID: 10010) (User: BOOKJUNKYSDREAM)

Description: {9AA46009-3CE0-458A-A354-715610A075E6}

 

Error: (03/12/2015 11:31:04 AM) (Source: DCOM) (EventID: 10010) (User: BOOKJUNKYSDREAM)

Description: {9AA46009-3CE0-458A-A354-715610A075E6}

 

 

Microsoft Office Sessions:

=========================

Error: (03/12/2015 08:49:15 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)

Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

 

Error: (03/12/2015 08:49:15 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)

Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

 

Error: (03/12/2015 08:44:40 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c17cc01d05cda2c2e084cC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll219d6f48-c91a-11e4-832a-74d4359309c7

 

Error: (03/12/2015 11:34:15 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c17f401d05cd4e3e5f0f8C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll3d359e75-c8cd-11e4-8329-74d4359309c7

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-03-04 00:55:44.518

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements.

 

  Date: 2015-03-04 00:55:44.516

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements.

 

  Date: 2015-03-03 19:42:58.658

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements.

 

  Date: 2015-03-03 19:42:58.547

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements.

 

  Date: 2015-03-03 18:08:38.534

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements.

 

  Date: 2014-06-24 11:27:38.555

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-06-24 11:27:38.452

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-06-24 11:27:38.265

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-06-24 09:09:45.615

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-06-24 09:09:45.510

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: AMD FX-4130 Quad-Core Processor 

Percentage of memory in use: 37%

Total physical RAM: 8173.53 MB

Available physical RAM: 5145.49 MB

Total Pagefile: 9453.53 MB

Available Pagefile: 5079.37 MB

Total Virtual: 131072 MB

Available Virtual: 131071.83 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.17 GB) (Free:517.76 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5F28E748)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================


Link to post
Share on other sites

You ran a scan with FRST, not a "Fix"  Go back to reply #8 download the attached file "fixlist.txt" save that to the same folder as the tool "FRST" do not open the saved file.

 

Double click on FRST to run, when opened select "Fix" tab. FRST will then run to the commands in the file fixlist.txt. When finished FRST will produce a log "fixlog.txt" Post that log in your reply...

Link to post
Share on other sites

You ran a scan with FRST, not a "Fix"  Go back to reply #8 download the attached file "fixlist.txt" save that to the same folder as the tool "FRST" do not open the saved file.

 

Double click on FRST to run, when opened select "Fix" tab. FRST will then run to the commands in the file fixlist.txt. When finished FRST will produce a log "fixlog.txt" Post that log in your reply...

I may be too tired to be doing this but i cannot find a fixlisttxt file.

Link to post
Share on other sites

Gave up on the FRST here is what JRT came out with

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by Pat on Thu 03/12/2015 at 11:12:20.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Pat\AppData\Roaming\mozilla\firefox\profiles\upvm70ad.default\extensions\staged
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/12/2015 at 11:24:03.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

So far no more tabs popping open, I will report back tomorrow and let you know if things stay fixed. Right now it looks good and I am grateful for your assistance. You have no idea how annoying it got getting interrupted in the middle of a fight in a raid when I forgot to close chrome to prevent tabs popping open. This morning I had 22 stray garbage tabs that had opened overnight and I am expecting not to see any stray trash tomorrow the way it is going now. :):D

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.