Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have some form of malware.


  • This topic is locked This topic is locked
19 replies to this topic

#1 kvandertulip

kvandertulip

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 24 January 2015 - 02:30 AM

I keep seeing these three folders pop up in the AppData folder:

 

EmieBrowserModeList

EmieSiteList

EmieUserList

 

When I delete them they reappear when I reboot.  I ran Malwarebytes and McAfee and they both came back clean. I did some research and it recommended I post in a malware removal forum. Is this something you can help me with?
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Kyle (administrator) on KYLE-ACER on 24-01-2015 02:12:30
Running from C:\Users\Kyle\Desktop
Loaded Profiles: Kyle (Available profiles: Kyle & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\mcafee\AppStats\MfeASUM.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-09-04] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [362896 2014-02-11] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [PerditiongmmouseRun] => C:\Program Files (x86)\REDRAGON GAMING MOUSE\pdmon.exe [3234304 2013-11-18] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\...\MountPoints2: {c9da94f4-8f50-11e4-8014-2016d8110cd2} - "D:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Kyle\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
URLSearchHook: HKU\S-1-5-21-2245582024-4275581465-1823322728-1002 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-2245582024-4275581465-1823322728-1002 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> {461F8152-DD54-458F-BD35-E4820B5894CF} URL = 
SearchScopes: HKU\S-1-5-21-2245582024-4275581465-1823322728-1002 -> {13EA5000-005D-436A-B03A-EC4027113C10} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN21614635611790926&UM=2&SSPV=S41CIE 
SearchScopes: HKU\S-1-5-21-2245582024-4275581465-1823322728-1002 -> {461F8152-DD54-458F-BD35-E4820B5894CF} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: unnisalleS -> {a6260be2-2d94-4d07-94ef-239be383da1d} -> C:\Program Files (x86)\unnisalleS\qJg6SDKJba4uoW.x64.dll ()
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: unnisalleS -> {a6260be2-2d94-4d07-94ef-239be383da1d} -> C:\Program Files (x86)\unnisalleS\qJg6SDKJba4uoW.dll ()
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\0brsb2zr.default-1391971594311
FF DefaultSearchEngine: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=21073&r=2015/01/23&hid=16962230614180389145&lg=EN&cc=US&unqvl=74&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2245582024-4275581465-1823322728-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: youtubeadblocker - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\0brsb2zr.default-1391971594311\Extensions\9G61@b4n.org [2015-01-23]
FF Extension: uuniosales - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\0brsb2zr.default-1391971594311\Extensions\VG@EVUF.org [2015-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-09-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-09-18]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-06]
CHR Extension: (Adblock Plus) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-06]
CHR Extension: (Google Search) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-06]
CHR Extension: (Awesome Bookmarks Button) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkaehmmlnblfmmpdebmhjieffcjjjph [2013-10-06]
CHR Extension: (Google Play Music) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Gmail) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-06]
CHR Extension: (uuniosales) - C:\ProgramData\aijmnmdpiojhgcnblknhpidacnbgikjo\ [2013-10-06]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-13]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-18] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 MfeASUM; C:\Program Files\McAfee\AppStats\MfeASUM.exe [335216 2013-09-09] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1030544 2014-02-11] (Cyber Power Systems, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-09-26] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R1 MfeASKM; C:\Program Files\McAfee\AppStats\MfeASKM.sys [31408 2013-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
S3 NVFLASH; C:\WINDOWS\system32\drivers\nvflash.sys [15168 2012-03-10] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 WsAudio_Device(1); C:\Windows\system32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-24 02:12 - 2015-01-24 02:12 - 02126848 _____ (Farbar) C:\Users\Kyle\Desktop\FRST64.exe
2015-01-24 02:12 - 2015-01-24 02:12 - 00023490 _____ () C:\Users\Kyle\Desktop\FRST.txt
2015-01-24 01:40 - 2015-01-24 01:40 - 00002770 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-01-24 01:40 - 2015-01-24 01:40 - 00000838 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-24 01:40 - 2015-01-24 01:40 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-24 01:39 - 2015-01-24 01:39 - 05317104 _____ (Piriform Ltd) C:\Users\Kyle\Downloads\ccsetup501.exe
2015-01-24 00:55 - 2015-01-24 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-24 00:44 - 2015-01-24 02:12 - 00000000 ____D () C:\FRST
2015-01-24 00:21 - 2015-01-24 00:21 - 00000020 ___SH () C:\Users\Kyle\ntuser.ini
2015-01-24 00:20 - 2015-01-24 00:20 - 00000000 __SHD () C:\Users\Kyle\AppData\Local\EmieUserList
2015-01-24 00:20 - 2015-01-24 00:20 - 00000000 __SHD () C:\Users\Kyle\AppData\Local\EmieSiteList
2015-01-24 00:20 - 2015-01-24 00:20 - 00000000 __SHD () C:\Users\Kyle\AppData\Local\EmieBrowserModeList
2015-01-23 06:21 - 2015-01-23 17:16 - 00000000 ____D () C:\ProgramData\{13e83fb4-8c5f-186e-13e8-83fb48c5fed2}
2015-01-23 06:21 - 2015-01-23 06:21 - 00000000 ____D () C:\ProgramData\14099819682343247534
2015-01-23 06:21 - 2015-01-23 06:21 - 00000000 ____D () C:\Program Files (x86)\unnisalleS
2015-01-23 06:20 - 2015-01-23 06:20 - 00000000 ____D () C:\ProgramData\aijmnmdpiojhgcnblknhpidacnbgikjo
2015-01-23 06:20 - 2015-01-23 06:20 - 00000000 ____D () C:\ProgramData\{8eecb715-d6a6-3573-8eec-cb715d6adc57}
2015-01-23 06:13 - 2015-01-23 06:13 - 00000000 ____D () C:\ProgramData\APN
2015-01-23 06:12 - 2015-01-24 00:32 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\uTorrent
2015-01-22 19:12 - 2015-01-09 17:27 - 00621200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-01-22 19:11 - 2015-01-12 23:15 - 01540240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 32102544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 25459856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 24765584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 20465296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 17250776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 13295552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 13210248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 10774544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 10714488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 10274448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-01-22 19:11 - 2015-01-10 03:07 - 03607184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 03245712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434725.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 01556808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434725.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00994712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00969360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00942736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00929424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00906384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00877488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00833864 _____ () C:\WINDOWS\system32\nvmcumd.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00496456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00399688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00353040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00305320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00164568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-01-16 06:29 - 2015-01-16 06:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 23:47 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-14 23:47 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-14 23:44 - 2014-11-15 14:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-01-14 23:44 - 2014-11-15 01:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-01-14 23:44 - 2014-11-14 09:36 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-01-14 23:44 - 2014-11-14 02:10 - 03558400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-01-14 23:44 - 2014-11-14 01:58 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-01-14 23:44 - 2014-11-14 01:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-01-14 23:44 - 2014-11-14 01:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-01-14 23:44 - 2014-11-14 01:54 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-01-14 23:44 - 2014-11-14 01:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-01-14 23:44 - 2014-11-14 01:53 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-01-14 23:44 - 2014-11-14 01:52 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-01-14 23:44 - 2014-11-14 00:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-01-14 23:44 - 2014-11-14 00:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-01-14 23:44 - 2014-11-14 00:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-01-14 23:44 - 2014-11-14 00:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-01-14 23:44 - 2014-11-14 00:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-01-14 23:44 - 2014-11-10 19:39 - 22290560 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-01-14 23:44 - 2014-11-10 19:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-01-14 23:44 - 2014-11-10 13:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-01-14 23:44 - 2014-11-10 13:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-01-14 23:44 - 2014-11-10 13:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-01-14 23:44 - 2014-11-10 13:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-01-14 23:44 - 2014-11-09 21:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-01-14 23:44 - 2014-11-09 20:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-01-14 23:44 - 2014-11-09 20:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-01-14 23:44 - 2014-11-09 20:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-01-14 23:44 - 2014-11-09 20:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-01-14 23:44 - 2014-11-09 20:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-01-14 23:44 - 2014-11-09 20:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-01-14 23:44 - 2014-11-09 20:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-01-14 23:44 - 2014-11-09 19:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-01-14 23:44 - 2014-11-09 19:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-01-14 23:44 - 2014-11-08 05:42 - 01390928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-01-14 23:44 - 2014-11-08 05:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-01-14 23:44 - 2014-11-07 23:00 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-01-14 23:44 - 2014-11-07 23:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-01-14 23:44 - 2014-11-07 22:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-01-14 23:44 - 2014-11-07 22:58 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-01-14 23:44 - 2014-11-07 22:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-01-14 23:44 - 2014-11-07 22:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-01-14 23:44 - 2014-11-07 22:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-01-14 23:44 - 2014-11-07 22:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-01-14 23:44 - 2014-11-07 22:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-01-14 23:44 - 2014-11-07 22:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-01-14 23:44 - 2014-11-07 22:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-01-14 23:44 - 2014-11-07 21:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-01-14 23:44 - 2014-11-07 21:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-01-14 23:44 - 2014-11-07 21:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-01-14 23:44 - 2014-11-07 21:09 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-01-14 23:44 - 2014-11-07 21:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-01-14 23:44 - 2014-11-07 20:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-01-14 23:44 - 2014-11-07 20:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-01-14 23:44 - 2014-11-07 20:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-01-14 23:44 - 2014-11-06 22:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-01-14 23:44 - 2014-11-06 22:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-01-14 23:44 - 2014-11-04 21:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-01-14 23:44 - 2014-11-04 21:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-01-14 23:44 - 2014-11-04 21:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-01-14 23:44 - 2014-11-04 20:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-01-14 23:44 - 2014-11-04 20:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-01-14 23:44 - 2014-11-04 20:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-01-14 23:44 - 2014-11-04 20:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-01-14 23:44 - 2014-11-04 20:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-01-14 23:44 - 2014-11-04 20:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-01-14 23:44 - 2014-11-04 20:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-01-14 23:44 - 2014-11-04 20:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-01-14 23:44 - 2014-11-04 20:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-01-14 23:44 - 2014-11-04 20:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-01-14 23:44 - 2014-11-04 20:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-01-14 23:44 - 2014-11-04 14:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-01-14 23:44 - 2014-11-04 14:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-01-14 23:44 - 2014-11-04 14:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-01-14 23:44 - 2014-11-04 01:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-01-14 23:44 - 2014-11-04 01:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-01-14 23:44 - 2014-11-04 01:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-01-14 23:44 - 2014-11-04 01:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-01-14 23:44 - 2014-11-04 01:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-01-14 23:44 - 2014-11-04 00:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-01-14 23:44 - 2014-10-30 19:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-01-14 23:44 - 2014-10-30 19:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-01-14 23:44 - 2014-10-30 00:55 - 07473472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-01-14 23:44 - 2014-10-30 00:47 - 01499384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-01-14 23:44 - 2014-10-30 00:41 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-01-14 23:44 - 2014-10-28 22:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-01-14 23:44 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-01-14 23:44 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-01-14 23:44 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-01-14 23:44 - 2014-10-28 20:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-01-14 23:44 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-01-14 23:44 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-01-14 23:44 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-01-14 23:44 - 2014-10-28 20:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-01-14 23:44 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-01-14 23:44 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-01-14 23:44 - 2014-10-26 17:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-01-14 23:44 - 2014-10-20 20:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-01-14 23:44 - 2014-10-20 20:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-01-14 23:44 - 2014-10-20 19:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-01-14 23:44 - 2014-10-20 19:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-01-14 23:44 - 2014-10-20 19:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-01-14 23:44 - 2014-10-20 19:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-01-14 23:44 - 2014-10-20 19:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-01-14 23:44 - 2014-10-16 23:56 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-01-14 23:44 - 2014-10-16 23:56 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-01-14 23:44 - 2014-10-16 23:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-01-14 23:44 - 2014-10-16 22:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-01-14 23:43 - 2014-11-17 15:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-01-14 23:43 - 2014-11-17 15:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-01-14 23:43 - 2014-11-14 01:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-01-14 23:43 - 2014-11-14 01:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-01-14 23:43 - 2014-11-14 01:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-01-14 23:43 - 2014-11-14 01:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-01-14 23:43 - 2014-11-14 01:39 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-01-14 23:43 - 2014-11-13 23:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-01-13 15:35 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 15:35 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 15:35 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 15:35 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 15:35 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 15:35 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 15:35 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 15:35 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-03 17:15 - 2015-01-04 06:36 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\.minecraft
2015-01-03 17:15 - 2015-01-03 17:15 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\java
2014-12-31 19:41 - 2014-12-31 19:41 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-12-31 19:39 - 2014-12-31 19:39 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-31 19:22 - 2015-01-10 07:48 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2014-12-31 19:20 - 2014-12-31 19:39 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-31 19:20 - 2014-12-31 19:20 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-12-31 19:20 - 2014-06-16 01:01 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2014-12-31 19:20 - 2014-06-16 01:01 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2014-12-31 19:19 - 2015-01-10 07:52 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\VERIZON
2014-12-31 19:19 - 2014-12-31 19:19 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
2014-12-29 20:52 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434709.dll
2014-12-29 20:52 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434709.dll
2014-12-29 20:52 - 2014-10-09 12:02 - 00195728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2014-12-29 20:52 - 2014-10-09 12:02 - 00030536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2014-12-29 20:52 - 2014-10-09 02:17 - 01540240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco64.dll
2014-12-28 10:19 - 2014-12-28 10:19 - 00001264 _____ () C:\Users\Kyle\Desktop\Bank Balances.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-24 02:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-24 01:46 - 2012-12-13 23:54 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-24 01:46 - 2012-12-13 21:05 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2245582024-4275581465-1823322728-1002
2015-01-24 01:41 - 2014-06-07 06:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-24 01:41 - 2014-02-09 12:31 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Media Player Classic
2015-01-24 01:41 - 2013-10-29 08:37 - 02056291 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-24 01:41 - 2013-09-24 18:29 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Ventrilo
2015-01-24 01:41 - 2013-09-17 06:27 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\TS3Client
2015-01-24 01:41 - 2012-12-16 12:10 - 00000000 ____D () C:\Users\Kyle\AppData\Local\CrashDumps
2015-01-24 01:31 - 2013-10-06 17:45 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 01:25 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-24 00:59 - 2013-10-30 05:55 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Deployment
2015-01-24 00:34 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-24 00:31 - 2013-10-06 17:45 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 00:28 - 2013-09-29 23:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-24 00:26 - 2014-08-18 05:19 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-24 00:22 - 2013-10-29 18:44 - 00000000 __RDO () C:\Users\Kyle\SkyDrive
2015-01-24 00:21 - 2014-02-15 18:16 - 00000000 ____D () C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2015-01-24 00:21 - 2013-10-29 08:41 - 00000000 ____D () C:\Users\Kyle
2015-01-24 00:21 - 2013-10-29 08:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-24 00:21 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-24 00:21 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-23 23:43 - 2013-12-28 10:09 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0256FD16-B5B7-4F20-8CFC-F23364291993}
2015-01-22 19:25 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-22 19:24 - 2012-12-13 23:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 19:13 - 2013-10-29 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-22 13:46 - 2012-12-13 23:54 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-21 18:54 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-19 16:32 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 16:32 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-17 04:29 - 2012-09-18 00:32 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-16 01:41 - 2014-06-03 05:31 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-01-16 01:41 - 2014-06-03 05:31 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-01-16 01:41 - 2013-10-29 07:23 - 01514528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-01-16 01:41 - 2013-10-29 07:23 - 01278920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-01-15 01:53 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-15 00:02 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-01-15 00:01 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-01-15 00:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-01-15 00:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-01-14 23:46 - 2013-07-13 09:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 23:44 - 2012-12-13 21:18 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 23:43 - 2014-11-12 17:42 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-01-14 23:43 - 2014-11-12 17:42 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-01-14 23:43 - 2014-11-12 17:42 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-01-14 23:43 - 2014-11-12 17:42 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-01-14 10:32 - 2013-10-06 17:47 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-10 16:43 - 2014-02-15 06:50 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-01-10 15:46 - 2014-08-18 05:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-10 15:46 - 2014-08-18 05:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-10 15:46 - 2012-12-14 00:33 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 03:07 - 2014-05-30 06:15 - 16009120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-01-10 03:07 - 2013-10-29 07:20 - 18566296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-01-10 03:07 - 2013-10-29 07:20 - 14115944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-01-10 03:07 - 2013-10-29 07:20 - 03298816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-01-10 03:07 - 2013-10-29 07:20 - 02902456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-01-10 03:07 - 2013-10-29 07:20 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-01-10 03:07 - 2012-10-26 21:53 - 00073872 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-01-10 03:07 - 2012-10-26 21:53 - 00060744 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-01-09 18:30 - 2013-10-29 08:37 - 06860432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-01-09 18:30 - 2013-10-29 08:37 - 03517256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-01-09 18:29 - 2013-10-29 08:37 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-01-09 18:29 - 2013-10-29 08:37 - 00385352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-01-09 18:29 - 2013-10-29 08:37 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-01-09 18:29 - 2013-03-05 20:33 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-01-09 14:47 - 2013-10-29 08:37 - 04173527 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-01-09 05:06 - 2012-12-14 07:06 - 00000000 ____D () C:\Users\Kyle\Documents\Other
2015-01-02 01:27 - 2013-09-24 18:25 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Mumble
2014-12-31 19:39 - 2012-09-18 00:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
 
==================== Files in the root of some directories =======
2014-02-09 12:26 - 2014-02-09 12:26 - 0000042 _____ () C:\Users\Kyle\AppData\Roaming\WB.CFG
 
Some content of TEMP:
====================
C:\Users\Kyle\AppData\Local\Temp\0acb82f.exe
C:\Users\Kyle\AppData\Local\Temp\d764a7AE6Cb7.exe
C:\Users\Kyle\AppData\Local\Temp\utt82CE.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 00:58
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:16 AM

Posted 25 January 2015 - 02:21 PM

Hey, :)
What's with the Addition Log?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 kvandertulip

kvandertulip
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 25 January 2015 - 03:05 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Kyle at 2015-01-25 15:02:24
Running from C:\Users\Kyle\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.6.0 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.2.6.0 - ASUSTek COMPUTER INC.) Hidden
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.5.0 - Auslogics Labs Pty Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberPower PowerPanel Personal Edition 1.4.2 beta 2 (HKLM-x32\...\{53DEB715-D6FC-4C29-8169-A921D4809E8C}) (Version: 1.4.2 - Cyber Power Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 17.2 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Media Player Codec Pack 4.3.0 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.0 - Media Player Codec Pack)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.25 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3102 - Acer)
Parsec (HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\...\a53dc3b81e52c50e) (Version: 1.0.0.53 - Parsec)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
REDRAGON GAMING MOUSE version 1.1 (HKLM-x32\...\{6513799F-D2B9-4BEA-A76E-52249156A2B5}_is1) (Version: 1.1 - redragonzone)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{4B6F8DD1-66C7-4905-BD8A-B05562E08984}) (Version: 2.14.1212 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
20-01-2015 04:39:51 Scheduled Checkpoint
23-01-2015 06:25:56 Removed Minecraft
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0AFEAC3C-9287-4971-9E86-E65ABD4B41DD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {117164D8-121B-423C-9ECD-AEF0E92773C9} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {34CF2066-57A9-4A94-9583-FAF10B9C5271} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {43CF9398-EA92-42B0-A829-45A1DE46D668} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {4F23BF46-8801-422B-87CF-7391C987877A} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {68094291-5224-462E-8E6B-E28A35204407} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {84E46AAE-BF52-4D8C-8CED-B860520DA4F1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {9469F681-F34D-4BB6-A227-CED3A113FAAB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B728D76F-C02C-4798-9661-2F90A9B56403} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {C6BD2610-2783-483B-B7E4-1552C4184F02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {D80523BF-6046-4C22-AB76-571A34694C92} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {EACCE1B0-1E36-4EB1-9C88-07400D15A5EB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-29 08:37 - 2015-01-09 18:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2014-04-17 16:47 - 2013-11-18 16:54 - 03234304 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-25 00:19 - 2014-11-25 00:19 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-17 16:47 - 2011-01-26 23:53 - 00028160 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\uiHook.dll
2012-10-26 21:54 - 2012-07-17 22:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-14 10:32 - 2015-01-08 19:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-14 10:32 - 2015-01-08 19:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-14 10:32 - 2015-01-08 19:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-14 10:32 - 2015-01-08 19:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-14 10:32 - 2015-01-08 19:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Kyle\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "CodecPackUpdateChecker.lnk"
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "PowerPanel Personal Edition User Interaction"
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk"
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\...\StartupApproved\StartupFolder: => "Download Brooke Marks - Sluttiest Halloween Costumes Part 1 - 3 Torrent - KickassTorrents.lnk"
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\...\StartupApproved\Run: => "AudialsNotifier"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2245582024-4275581465-1823322728-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2245582024-4275581465-1823322728-501 - Limited - Disabled)
Kyle (S-1-5-21-2245582024-4275581465-1823322728-1002 - Administrator - Enabled) => C:\Users\Kyle
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/24/2015 02:12:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (01/24/2015 01:42:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 848
 
Start Time: 01d03795ade72ee2
 
Termination Time: 0
 
Application Path: C:\WINDOWS\Explorer.EXE
 
Report Id: 0be74a78-a394-11e4-8022-2016d8110cd2
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (01/22/2015 07:13:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.exe_NVIDIA Install Application, version: 2.1002.172.1359, time stamp: 0x54850bff
Faulting module name: NVI2.DLL, version: 2.1002.172.1359, time stamp: 0x54850cf2
Exception code: 0x40000015
Fault offset: 0x00129064
Faulting process id: 0x6f8
Faulting application start time: 0xsetup.exe_NVIDIA Install Application0
Faulting application path: setup.exe_NVIDIA Install Application1
Faulting module path: setup.exe_NVIDIA Install Application2
Report Id: setup.exe_NVIDIA Install Application3
Faulting package full name: setup.exe_NVIDIA Install Application4
Faulting package-relative application ID: setup.exe_NVIDIA Install Application5
 
Error: (01/22/2015 07:10:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 8.A.0.E.F.5.7.8.4.9.C.A.9.6.8.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Kyle-Acer-2.local.
 
Error: (01/22/2015 07:10:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   17 8.A.0.E.F.5.7.8.4.9.C.A.9.6.8.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Kyle-Acer.local.
 
Error: (01/22/2015 07:10:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 9.0.D.B.B.6.6.D.0.1.A.6.1.A.4.E.0.5.C.2.A.2.8.B.6.0.3.0.2.0.6.2.ip6.arpa. PTR Kyle-Acer-2.local.
 
Error: (01/22/2015 07:10:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   17 9.0.D.B.B.6.6.D.0.1.A.6.1.A.4.E.0.5.C.2.A.2.8.B.6.0.3.0.2.0.6.2.ip6.arpa. PTR Kyle-Acer.local.
 
Error: (01/22/2015 07:10:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 8.A.0.E.F.5.7.8.4.9.C.A.9.6.8.6.0.5.C.2.A.2.8.B.6.0.3.0.2.0.6.2.ip6.arpa. PTR Kyle-Acer-2.local.
 
Error: (01/22/2015 07:10:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   17 8.A.0.E.F.5.7.8.4.9.C.A.9.6.8.6.0.5.C.2.A.2.8.B.6.0.3.0.2.0.6.2.ip6.arpa. PTR Kyle-Acer.local.
 
Error: (01/22/2015 07:10:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 65.1.168.192.in-addr.arpa. PTR Kyle-Acer-2.local.
 
 
System errors:
=============
Error: (01/24/2015 00:20:50 AM) (Source: DCOM) (EventID: 10010) (User: KYLE-ACER)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (01/22/2015 07:23:58 PM) (Source: DCOM) (EventID: 10010) (User: KYLE-ACER)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (01/15/2015 00:01:37 AM) (Source: DCOM) (EventID: 10010) (User: KYLE-ACER)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (01/15/2015 00:01:37 AM) (Source: DCOM) (EventID: 10010) (User: KYLE-ACER)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (01/03/2015 11:15:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (01/03/2015 11:15:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (01/03/2015 11:06:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (01/03/2015 11:06:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (12/25/2014 05:53:20 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer VANDERTULIP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6BDB7368-C0D6-4AE0-9CD5-AB6666653E27}.
The master browser is stopping or an election is being forced.
 
Error: (11/15/2014 05:40:51 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
 
Microsoft Office Sessions:
=========================
Error: (01/24/2015 02:12:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files\CCleaner\CCleaner64.exe
 
Error: (01/24/2015 01:42:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.1741584801d03795ade72ee20C:\WINDOWS\Explorer.EXE0be74a78-a394-11e4-8022-2016d8110cd2
 
Error: (01/22/2015 07:13:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.exe_NVIDIA Install Application2.1002.172.135954850bffNVI2.DLL2.1002.172.135954850cf240000015001290646f801d036a110c3a0a8C:\Users\Kyle\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver\setup.exeC:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{B756E924-5417-4553-8F7E-725DCA79A8FC}\NVI2.DLL9f1a8b83-a294-11e4-801e-2016d8110cd2
 
Error: (01/22/2015 07:10:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 8.A.0.E.F.5.7.8.4.9.C.A.9.6.8.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Kyle-Acer-2.local.
 
Error: (01/22/2015 07:10:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   17 8.A.0.E.F.5.7.8.4.9.C.A.9.6.8.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Kyle-Acer.local.
 
Error: (01/22/2015 07:10:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 9.0.D.B.B.6.6.D.0.1.A.6.1.A.4.E.0.5.C.2.A.2.8.B.6.0.3.0.2.0.6.2.ip6.arpa. PTR Kyle-Acer-2.local.
 
Error: (01/22/2015 07:10:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   17 9.0.D.B.B.6.6.D.0.1.A.6.1.A.4.E.0.5.C.2.A.2.8.B.6.0.3.0.2.0.6.2.ip6.arpa. PTR Kyle-Acer.local.
 
Error: (01/22/2015 07:10:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 8.A.0.E.F.5.7.8.4.9.C.A.9.6.8.6.0.5.C.2.A.2.8.B.6.0.3.0.2.0.6.2.ip6.arpa. PTR Kyle-Acer-2.local.
 
Error: (01/22/2015 07:10:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   17 8.A.0.E.F.5.7.8.4.9.C.A.9.6.8.6.0.5.C.2.A.2.8.B.6.0.3.0.2.0.6.2.ip6.arpa. PTR Kyle-Acer.local.
 
Error: (01/22/2015 07:10:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 65.1.168.192.in-addr.arpa. PTR Kyle-Acer-2.local.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 12224.98 MB
Available physical RAM: 8297.91 MB
Total Pagefile: 14080.98 MB
Available Pagefile: 10543.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:1833.87 GB) (Free:1647.36 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: DEF9595F)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:16 AM

Posted 25 January 2015 - 03:09 PM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 kvandertulip

kvandertulip
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 25 January 2015 - 05:11 PM

# AdwCleaner v4.109 - Report created 25/01/2015 at 17:08:52
# Updated 24/01/2015 by Xplode
# Database : 2015-01-25.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Kyle - KYLE-ACER
# Running from : C:\Users\Kyle\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Aimersoft Video Converter Ultimate
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\14099819682343247534
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\unnisalleS
Folder Deleted : C:\Users\Kyle\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\0brsb2zr.default-1391971594311\Extensions\9G61@b4n.org
Folder Deleted : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\0brsb2zr.default-1391971594311\Extensions\VG@EVUF.org
Folder Deleted : C:\ProgramData\aijmnmdpiojhgcnblknhpidacnbgikjo
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : BackgroundContainer Startup Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Pa6260be2_2d94_4d07_94ef_239be383da1d_.Pa6260be2_2d94_4d07_94ef_239be383da1d_
Key Deleted : HKLM\SOFTWARE\Classes\Pa6260be2_2d94_4d07_94ef_239be383da1d_.Pa6260be2_2d94_4d07_94ef_239be383da1d_.9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a6260be2-2d94-4d07-94ef-239be383da1d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6260be2-2d94-4d07-94ef-239be383da1d}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a6260be2-2d94-4d07-94ef-239be383da1d}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a6260be2-2d94-4d07-94ef-239be383da1d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6260be2-2d94-4d07-94ef-239be383da1d}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{a6260be2-2d94-4d07-94ef-239be383da1d}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6260be2-2d94-4d07-94ef-239be383da1d}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{13EA5000-005D-436A-B03A-EC4027113C10}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
 
[0brsb2zr.default-1391971594311\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
[0brsb2zr.default-1391971594311\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[0brsb2zr.default-1391971594311\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.thesearchpage.info/?pid=21073&r=2015/01/23&hid=16962230614180389145&lg=EN&cc=US&unqvl=74&l=1&q=");
[0brsb2zr.default-1391971594311\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[0brsb2zr.default-1391971594311\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[0brsb2zr.default-1391971594311\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[0brsb2zr.default-1391971594311\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[0brsb2zr.default-1391971594311\prefs.js] - Line Deleted : user_pref("extensions.pINnsrqTOhUiGZUJ.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[0brsb2zr.default-1391971594311\prefs.js] - Line Deleted : user_pref("extensions.rvYEQuWQzCFTVQ9w.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
 
-\\ Google Chrome v39.0.2171.99
 
[C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : aijmnmdpiojhgcnblknhpidacnbgikjo
[C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://websearch.thesearchpage.info/?pid=21073&r=2015/01/23&hid=16962230614180389145&lg=EN&cc=US&unqvl=74
 
*************************
 
AdwCleaner[R1].txt - [4927 octets] - [25/01/2015 17:06:52]
AdwCleaner[S1].txt - [4874 octets] - [25/01/2015 17:08:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4934 octets] ##########


#6 kvandertulip

kvandertulip
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 25 January 2015 - 05:28 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/25/2015
Scan Time: 5:12:33 PM
Logfile: 112.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.25.11
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Kyle
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 410758
Time Elapsed: 11 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.TheSearchPage.A, C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://www.google.com/", "http://websearch.thesearchpage.info/?pid=21073&r=2015/01/23&hid=16962230614180389145&lg=EN&cc=US&unqvl=74" ],), Replaced,[5ff256a1d2b7082eaecd6578be47ed13]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 kvandertulip

kvandertulip
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 25 January 2015 - 05:40 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Kyle on Sun 01/25/2015 at 17:37:54.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Kyle\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Kyle\appdata\local\cre"
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Kyle\AppData\Roaming\mozilla\firefox\profiles\0brsb2zr.default-1391971594311\prefs.js
 
user_pref("extensions.rvYEQuWQzCFTVQ9w.url", "hxxp://styleuniit.com/sync2/?q=hfZ9ofV9CShEAen0rTwEqHrMg708BNmGWj8lkGhGheDUojw8rdwGrHwFrTwHrihIC7n0rjkErjsHrjwGrHsGtNhVCT94tMVKhd
Emptied folder: C:\Users\Kyle\AppData\Roaming\mozilla\firefox\profiles\0brsb2zr.default-1391971594311\minidumps [1 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/25/2015 at 17:39:56.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 kvandertulip

kvandertulip
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 25 January 2015 - 05:42 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Kyle (administrator) on KYLE-ACER on 25-01-2015 17:41:27
Running from C:\Users\Kyle\Desktop
Loaded Profiles: Kyle (Available profiles: Kyle & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\mcafee\AppStats\MfeASUM.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
() C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-09-04] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [362896 2014-02-11] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [PerditiongmmouseRun] => C:\Program Files (x86)\REDRAGON GAMING MOUSE\pdmon.exe [3234304 2013-11-18] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\...\MountPoints2: {c9da94f4-8f50-11e4-8014-2016d8110cd2} - "D:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Kyle\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
URLSearchHook: HKU\S-1-5-21-2245582024-4275581465-1823322728-1002 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-2245582024-4275581465-1823322728-1002 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {461F8152-DD54-458F-BD35-E4820B5894CF} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2245582024-4275581465-1823322728-1002 -> {461F8152-DD54-458F-BD35-E4820B5894CF} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\0brsb2zr.default-1391971594311
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2245582024-4275581465-1823322728-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-09-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-09-18]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-06]
CHR Extension: (Adblock Plus) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-06]
CHR Extension: (Google Search) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-06]
CHR Extension: (Awesome Bookmarks Button) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkaehmmlnblfmmpdebmhjieffcjjjph [2013-10-06]
CHR Extension: (Google Play Music) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Gmail) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-06]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-13]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-18] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 MfeASUM; C:\Program Files\McAfee\AppStats\MfeASUM.exe [335216 2013-09-09] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1030544 2014-02-11] (Cyber Power Systems, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-09-26] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R1 MfeASKM; C:\Program Files\McAfee\AppStats\MfeASKM.sys [31408 2013-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
S3 NVFLASH; C:\WINDOWS\system32\drivers\nvflash.sys [15168 2012-03-10] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 WsAudio_Device(1); C:\Windows\system32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-25 17:41 - 2015-01-25 17:41 - 00021496 _____ () C:\Users\Kyle\Desktop\FRST.txt
2015-01-25 17:40 - 2015-01-25 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-25 17:37 - 2015-01-25 17:37 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-25 17:33 - 2015-01-25 17:37 - 01707939 _____ (Thisisu) C:\Users\Kyle\Desktop\JRT.exe
2015-01-25 17:09 - 2015-01-25 17:27 - 00000624 _____ () C:\WINDOWS\PFRO.log
2015-01-25 17:06 - 2015-01-25 17:26 - 00000000 ____D () C:\AdwCleaner
2015-01-25 17:05 - 2015-01-25 17:06 - 02194432 _____ () C:\Users\Kyle\Desktop\AdwCleaner.exe
2015-01-25 15:01 - 2015-01-25 15:01 - 00000000 ____D () C:\Users\Kyle\FRST-OlderVersion
2015-01-24 17:21 - 2015-01-25 17:27 - 00000616 _____ () C:\WINDOWS\setupact.log
2015-01-24 17:21 - 2015-01-24 17:21 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-24 02:12 - 2015-01-25 15:01 - 02129920 _____ (Farbar) C:\Users\Kyle\Desktop\FRST64.exe
2015-01-24 00:44 - 2015-01-25 17:41 - 00000000 ____D () C:\FRST
2015-01-24 00:21 - 2015-01-24 00:21 - 00000020 ___SH () C:\Users\Kyle\ntuser.ini
2015-01-24 00:20 - 2015-01-24 00:20 - 00000000 __SHD () C:\Users\Kyle\AppData\Local\EmieUserList
2015-01-24 00:20 - 2015-01-24 00:20 - 00000000 __SHD () C:\Users\Kyle\AppData\Local\EmieSiteList
2015-01-24 00:20 - 2015-01-24 00:20 - 00000000 __SHD () C:\Users\Kyle\AppData\Local\EmieBrowserModeList
2015-01-23 06:21 - 2015-01-23 17:16 - 00000000 ____D () C:\ProgramData\{13e83fb4-8c5f-186e-13e8-83fb48c5fed2}
2015-01-23 06:20 - 2015-01-25 17:14 - 00000000 ____D () C:\ProgramData\{8eecb715-d6a6-3573-8eec-cb715d6adc57}
2015-01-23 06:12 - 2015-01-24 00:32 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\uTorrent
2015-01-22 19:12 - 2015-01-09 17:27 - 00621200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-01-22 19:11 - 2015-01-12 23:15 - 01540240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 32102544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 25459856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 24765584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 20465296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 17250776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 13295552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 13210248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 10774544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 10714488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 10274448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-01-22 19:11 - 2015-01-10 03:07 - 03607184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 03245712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434725.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 01556808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434725.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00994712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00969360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00942736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00929424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00906384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00877488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00833864 _____ () C:\WINDOWS\system32\nvmcumd.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00496456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00399688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00353040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00305320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00164568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-01-16 06:29 - 2015-01-16 06:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 23:47 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-14 23:47 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-14 23:44 - 2014-11-15 14:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-01-14 23:44 - 2014-11-15 01:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-01-14 23:44 - 2014-11-14 09:36 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-01-14 23:44 - 2014-11-14 02:10 - 03558400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-01-14 23:44 - 2014-11-14 01:58 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-01-14 23:44 - 2014-11-14 01:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-01-14 23:44 - 2014-11-14 01:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-01-14 23:44 - 2014-11-14 01:54 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-01-14 23:44 - 2014-11-14 01:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-01-14 23:44 - 2014-11-14 01:53 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-01-14 23:44 - 2014-11-14 01:52 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-01-14 23:44 - 2014-11-14 00:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-01-14 23:44 - 2014-11-14 00:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-01-14 23:44 - 2014-11-14 00:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-01-14 23:44 - 2014-11-14 00:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-01-14 23:44 - 2014-11-14 00:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-01-14 23:44 - 2014-11-10 19:39 - 22290560 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-01-14 23:44 - 2014-11-10 19:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-01-14 23:44 - 2014-11-10 13:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-01-14 23:44 - 2014-11-10 13:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-01-14 23:44 - 2014-11-10 13:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-01-14 23:44 - 2014-11-10 13:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-01-14 23:44 - 2014-11-09 21:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-01-14 23:44 - 2014-11-09 20:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-01-14 23:44 - 2014-11-09 20:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-01-14 23:44 - 2014-11-09 20:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-01-14 23:44 - 2014-11-09 20:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-01-14 23:44 - 2014-11-09 20:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-01-14 23:44 - 2014-11-09 20:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-01-14 23:44 - 2014-11-09 20:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-01-14 23:44 - 2014-11-09 19:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-01-14 23:44 - 2014-11-09 19:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-01-14 23:44 - 2014-11-08 05:42 - 01390928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-01-14 23:44 - 2014-11-08 05:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-01-14 23:44 - 2014-11-07 23:00 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-01-14 23:44 - 2014-11-07 23:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-01-14 23:44 - 2014-11-07 22:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-01-14 23:44 - 2014-11-07 22:58 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-01-14 23:44 - 2014-11-07 22:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-01-14 23:44 - 2014-11-07 22:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-01-14 23:44 - 2014-11-07 22:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-01-14 23:44 - 2014-11-07 22:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-01-14 23:44 - 2014-11-07 22:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-01-14 23:44 - 2014-11-07 22:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-01-14 23:44 - 2014-11-07 22:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-01-14 23:44 - 2014-11-07 21:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-01-14 23:44 - 2014-11-07 21:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-01-14 23:44 - 2014-11-07 21:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-01-14 23:44 - 2014-11-07 21:09 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-01-14 23:44 - 2014-11-07 21:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-01-14 23:44 - 2014-11-07 20:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-01-14 23:44 - 2014-11-07 20:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-01-14 23:44 - 2014-11-07 20:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-01-14 23:44 - 2014-11-06 22:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-01-14 23:44 - 2014-11-06 22:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-01-14 23:44 - 2014-11-04 21:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-01-14 23:44 - 2014-11-04 21:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-01-14 23:44 - 2014-11-04 21:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-01-14 23:44 - 2014-11-04 20:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-01-14 23:44 - 2014-11-04 20:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-01-14 23:44 - 2014-11-04 20:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-01-14 23:44 - 2014-11-04 20:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-01-14 23:44 - 2014-11-04 20:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-01-14 23:44 - 2014-11-04 20:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-01-14 23:44 - 2014-11-04 20:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-01-14 23:44 - 2014-11-04 20:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-01-14 23:44 - 2014-11-04 20:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-01-14 23:44 - 2014-11-04 20:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-01-14 23:44 - 2014-11-04 20:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-01-14 23:44 - 2014-11-04 14:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-01-14 23:44 - 2014-11-04 14:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-01-14 23:44 - 2014-11-04 14:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-01-14 23:44 - 2014-11-04 01:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-01-14 23:44 - 2014-11-04 01:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-01-14 23:44 - 2014-11-04 01:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-01-14 23:44 - 2014-11-04 01:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-01-14 23:44 - 2014-11-04 01:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-01-14 23:44 - 2014-11-04 00:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-01-14 23:44 - 2014-10-30 19:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-01-14 23:44 - 2014-10-30 19:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-01-14 23:44 - 2014-10-30 00:55 - 07473472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-01-14 23:44 - 2014-10-30 00:47 - 01499384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-01-14 23:44 - 2014-10-30 00:41 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-01-14 23:44 - 2014-10-28 22:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-01-14 23:44 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-01-14 23:44 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-01-14 23:44 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-01-14 23:44 - 2014-10-28 20:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-01-14 23:44 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-01-14 23:44 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-01-14 23:44 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-01-14 23:44 - 2014-10-28 20:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-01-14 23:44 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-01-14 23:44 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-01-14 23:44 - 2014-10-26 17:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-01-14 23:44 - 2014-10-20 20:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-01-14 23:44 - 2014-10-20 20:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-01-14 23:44 - 2014-10-20 19:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-01-14 23:44 - 2014-10-20 19:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-01-14 23:44 - 2014-10-20 19:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-01-14 23:44 - 2014-10-20 19:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-01-14 23:44 - 2014-10-20 19:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-01-14 23:44 - 2014-10-16 23:56 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-01-14 23:44 - 2014-10-16 23:56 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-01-14 23:44 - 2014-10-16 23:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-01-14 23:44 - 2014-10-16 22:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-01-14 23:43 - 2014-11-17 15:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-01-14 23:43 - 2014-11-17 15:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-01-14 23:43 - 2014-11-14 01:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-01-14 23:43 - 2014-11-14 01:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-01-14 23:43 - 2014-11-14 01:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-01-14 23:43 - 2014-11-14 01:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-01-14 23:43 - 2014-11-14 01:39 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-01-14 23:43 - 2014-11-13 23:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-01-13 15:35 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 15:35 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 15:35 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 15:35 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 15:35 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 15:35 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 15:35 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 15:35 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-03 17:15 - 2015-01-04 06:36 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\.minecraft
2015-01-03 17:15 - 2015-01-03 17:15 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\java
2014-12-31 19:41 - 2014-12-31 19:41 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-12-31 19:39 - 2014-12-31 19:39 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-31 19:22 - 2015-01-10 07:48 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2014-12-31 19:20 - 2014-12-31 19:39 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-31 19:20 - 2014-12-31 19:20 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-12-31 19:20 - 2014-06-16 01:01 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2014-12-31 19:20 - 2014-06-16 01:01 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2014-12-31 19:19 - 2015-01-10 07:52 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\VERIZON
2014-12-31 19:19 - 2014-12-31 19:19 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
2014-12-29 20:52 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434709.dll
2014-12-29 20:52 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434709.dll
2014-12-29 20:52 - 2014-10-09 12:02 - 00195728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2014-12-29 20:52 - 2014-10-09 12:02 - 00030536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2014-12-29 20:52 - 2014-10-09 02:17 - 01540240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco64.dll
2014-12-28 10:19 - 2014-12-28 10:19 - 00001264 _____ () C:\Users\Kyle\Desktop\Bank Balances.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-25 17:36 - 2012-12-13 21:05 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2245582024-4275581465-1823322728-1002
2015-01-25 17:33 - 2013-09-29 23:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-25 17:31 - 2013-10-06 17:45 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 17:28 - 2013-10-29 18:44 - 00000000 __RDO () C:\Users\Kyle\SkyDrive
2015-01-25 17:27 - 2014-02-15 18:16 - 00000000 ____D () C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2015-01-25 17:27 - 2013-10-29 08:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-25 17:27 - 2013-10-06 17:45 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 17:27 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-25 17:26 - 2013-10-29 08:37 - 01196022 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-25 17:26 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-25 17:12 - 2014-08-18 05:19 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 17:06 - 2013-10-29 08:41 - 00000000 ____D () C:\Users\Kyle
2015-01-25 17:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-25 16:46 - 2012-12-13 23:54 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-25 14:08 - 2013-12-28 10:09 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0256FD16-B5B7-4F20-8CFC-F23364291993}
2015-01-24 15:46 - 2012-12-13 23:54 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-24 13:59 - 2013-09-17 06:27 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\TS3Client
2015-01-24 12:52 - 2013-10-30 05:55 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Deployment
2015-01-24 01:41 - 2014-06-07 06:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-24 01:41 - 2014-02-09 12:31 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Media Player Classic
2015-01-24 01:41 - 2013-09-24 18:29 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Ventrilo
2015-01-24 01:41 - 2012-12-16 12:10 - 00000000 ____D () C:\Users\Kyle\AppData\Local\CrashDumps
2015-01-24 01:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-24 00:34 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-22 19:25 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-22 19:24 - 2012-12-13 23:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 19:13 - 2013-10-29 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-21 18:54 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-19 16:32 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 16:32 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-17 04:29 - 2012-09-18 00:32 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-16 01:41 - 2014-06-03 05:31 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-01-16 01:41 - 2014-06-03 05:31 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-01-16 01:41 - 2013-10-29 07:23 - 01514528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-01-16 01:41 - 2013-10-29 07:23 - 01278920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-01-15 01:53 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-15 00:02 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-01-15 00:01 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-01-15 00:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-01-15 00:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-01-14 23:46 - 2013-07-13 09:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 23:44 - 2012-12-13 21:18 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 23:43 - 2014-11-12 17:42 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-01-14 23:43 - 2014-11-12 17:42 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-01-14 23:43 - 2014-11-12 17:42 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-01-14 23:43 - 2014-11-12 17:42 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-01-14 10:32 - 2013-10-06 17:47 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-10 15:46 - 2014-08-18 05:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-10 15:46 - 2014-08-18 05:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-10 15:46 - 2012-12-14 00:33 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 03:07 - 2014-05-30 06:15 - 16009120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-01-10 03:07 - 2013-10-29 07:20 - 18566296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-01-10 03:07 - 2013-10-29 07:20 - 14115944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-01-10 03:07 - 2013-10-29 07:20 - 03298816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-01-10 03:07 - 2013-10-29 07:20 - 02902456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-01-10 03:07 - 2013-10-29 07:20 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-01-10 03:07 - 2012-10-26 21:53 - 00073872 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-01-10 03:07 - 2012-10-26 21:53 - 00060744 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-01-09 18:30 - 2013-10-29 08:37 - 06860432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-01-09 18:30 - 2013-10-29 08:37 - 03517256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-01-09 18:29 - 2013-10-29 08:37 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-01-09 18:29 - 2013-10-29 08:37 - 00385352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-01-09 18:29 - 2013-10-29 08:37 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-01-09 18:29 - 2013-03-05 20:33 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-01-09 14:47 - 2013-10-29 08:37 - 04173527 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-01-09 05:06 - 2012-12-14 07:06 - 00000000 ____D () C:\Users\Kyle\Documents\Other
2015-01-02 01:27 - 2013-09-24 18:25 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Mumble
2014-12-31 19:39 - 2012-09-18 00:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
 
==================== Files in the root of some directories =======
 
2014-02-09 12:26 - 2014-02-09 12:26 - 0000042 _____ () C:\Users\Kyle\AppData\Roaming\WB.CFG
 
Some content of TEMP:
====================
C:\Users\Kyle\AppData\Local\Temp\Quarantine.exe
C:\Users\Kyle\AppData\Local\Temp\sqlite3.dll
C:\Users\Kyle\AppData\Local\Temp\utt82CE.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 00:58
 
==================== End Of Log ============================


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:16 AM

Posted 26 January 2015 - 10:41 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\...\MountPoints2: {c9da94f4-8f50-11e4-8014-2016d8110cd2} - "D:\VZW_Software_upgrade_assistant.exe" 
    HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
    ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\.DEFAULT -> {461F8152-DD54-458F-BD35-E4820B5894CF} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-2245582024-4275581465-1823322728-1002 -> {461F8152-DD54-458F-BD35-E4820B5894CF} URL = 
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 kvandertulip

kvandertulip
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 26 January 2015 - 06:39 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Kyle at 2015-01-26 18:35:13 Run:1
Running from C:\Users\Kyle\Desktop
Loaded Profiles: Kyle (Available profiles: Kyle & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\...\MountPoints2: {c9da94f4-8f50-11e4-8014-2016d8110cd2} - "D:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {461F8152-DD54-458F-BD35-E4820B5894CF} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2245582024-4275581465-1823322728-1002 -> {461F8152-DD54-458F-BD35-E4820B5894CF} URL = 
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
EmptyTemp:
*****************
 
"HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9da94f4-8f50-11e4-8014-2016d8110cd2}" => Key deleted successfully.
HKCR\CLSID\{c9da94f4-8f50-11e4-8014-2016d8110cd2} => Key not found. 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
"C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL" => Value Data removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk => Moved successfully.
C:\Windows\SysWOW64\C2MP\UpdateChecker.exe => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{461F8152-DD54-458F-BD35-E4820B5894CF}" => Key deleted successfully.
HKCR\CLSID\{461F8152-DD54-458F-BD35-E4820B5894CF} => Key not found. 
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{461F8152-DD54-458F-BD35-E4820B5894CF}" => Key deleted successfully.
HKCR\CLSID\{461F8152-DD54-458F-BD35-E4820B5894CF} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully.
EmptyTemp: => Removed 846.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:35:24 ====


#11 kvandertulip

kvandertulip
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 26 January 2015 - 06:41 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Kyle (administrator) on KYLE-ACER on 26-01-2015 18:39:57
Running from C:\Users\Kyle\Desktop
Loaded Profiles: Kyle (Available profiles: Kyle & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\mcafee\AppStats\MfeASUM.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Kyle\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
() C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-09-04] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [362896 2014-02-11] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [PerditiongmmouseRun] => C:\Program Files (x86)\REDRAGON GAMING MOUSE\pdmon.exe [3234304 2013-11-18] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe
Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Kyle\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2245582024-4275581465-1823322728-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
URLSearchHook: HKU\S-1-5-21-2245582024-4275581465-1823322728-1002 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-2245582024-4275581465-1823322728-1002 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\0brsb2zr.default-1391971594311
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2245582024-4275581465-1823322728-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-09-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-09-18]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-06]
CHR Extension: (Adblock Plus) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-06]
CHR Extension: (Google Search) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-06]
CHR Extension: (Awesome Bookmarks Button) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkaehmmlnblfmmpdebmhjieffcjjjph [2013-10-06]
CHR Extension: (Google Play Music) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Gmail) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-06]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-18] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 MfeASUM; C:\Program Files\McAfee\AppStats\MfeASUM.exe [335216 2013-09-09] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1030544 2014-02-11] (Cyber Power Systems, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-09-26] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R1 MfeASKM; C:\Program Files\McAfee\AppStats\MfeASKM.sys [31408 2013-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
S3 NVFLASH; C:\WINDOWS\system32\drivers\nvflash.sys [15168 2012-03-10] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 WsAudio_Device(1); C:\Windows\system32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 18:39 - 2015-01-26 18:40 - 00020808 _____ () C:\Users\Kyle\Desktop\FRST.txt
2015-01-26 18:32 - 2015-01-26 18:32 - 00000000 _____ () C:\Users\Kyle\Desktop\New Text Document.txt
2015-01-26 17:40 - 2015-01-26 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-25 17:37 - 2015-01-25 17:37 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-25 17:33 - 2015-01-25 17:37 - 01707939 _____ (Thisisu) C:\Users\Kyle\Desktop\JRT.exe
2015-01-25 17:09 - 2015-01-25 17:27 - 00000624 _____ () C:\WINDOWS\PFRO.log
2015-01-25 17:06 - 2015-01-25 17:26 - 00000000 ____D () C:\AdwCleaner
2015-01-25 17:05 - 2015-01-25 17:06 - 02194432 _____ () C:\Users\Kyle\Desktop\AdwCleaner.exe
2015-01-24 17:21 - 2015-01-26 18:36 - 00001232 _____ () C:\WINDOWS\setupact.log
2015-01-24 17:21 - 2015-01-24 17:21 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-24 02:12 - 2015-01-25 15:01 - 02129920 _____ (Farbar) C:\Users\Kyle\Desktop\FRST64.exe
2015-01-24 00:44 - 2015-01-26 18:39 - 00000000 ____D () C:\FRST
2015-01-24 00:21 - 2015-01-24 00:21 - 00000020 ___SH () C:\Users\Kyle\ntuser.ini
2015-01-24 00:20 - 2015-01-24 00:20 - 00000000 __SHD () C:\Users\Kyle\AppData\Local\EmieUserList
2015-01-24 00:20 - 2015-01-24 00:20 - 00000000 __SHD () C:\Users\Kyle\AppData\Local\EmieSiteList
2015-01-24 00:20 - 2015-01-24 00:20 - 00000000 __SHD () C:\Users\Kyle\AppData\Local\EmieBrowserModeList
2015-01-23 06:21 - 2015-01-23 17:16 - 00000000 ____D () C:\ProgramData\{13e83fb4-8c5f-186e-13e8-83fb48c5fed2}
2015-01-23 06:20 - 2015-01-25 17:14 - 00000000 ____D () C:\ProgramData\{8eecb715-d6a6-3573-8eec-cb715d6adc57}
2015-01-23 06:12 - 2015-01-24 00:32 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\uTorrent
2015-01-22 19:12 - 2015-01-09 17:27 - 00621200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-01-22 19:11 - 2015-01-12 23:15 - 01540240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 32102544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 25459856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 24765584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 20465296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 17250776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 13295552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 13210248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 10774544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 10714488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 10274448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-01-22 19:11 - 2015-01-10 03:07 - 03607184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 03245712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434725.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 01556808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434725.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00994712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00969360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00942736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00929424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00906384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00877488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00833864 _____ () C:\WINDOWS\system32\nvmcumd.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00496456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00399688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00353040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00305320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-01-22 19:11 - 2015-01-10 03:07 - 00164568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-01-16 06:29 - 2015-01-16 06:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 23:47 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-14 23:47 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-14 23:44 - 2014-11-15 14:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-01-14 23:44 - 2014-11-15 01:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-01-14 23:44 - 2014-11-14 09:36 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-01-14 23:44 - 2014-11-14 02:10 - 03558400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-01-14 23:44 - 2014-11-14 01:58 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-01-14 23:44 - 2014-11-14 01:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-01-14 23:44 - 2014-11-14 01:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-01-14 23:44 - 2014-11-14 01:54 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-01-14 23:44 - 2014-11-14 01:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-01-14 23:44 - 2014-11-14 01:53 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-01-14 23:44 - 2014-11-14 01:52 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-01-14 23:44 - 2014-11-14 00:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-01-14 23:44 - 2014-11-14 00:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-01-14 23:44 - 2014-11-14 00:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-01-14 23:44 - 2014-11-14 00:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-01-14 23:44 - 2014-11-14 00:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-01-14 23:44 - 2014-11-10 19:39 - 22290560 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-01-14 23:44 - 2014-11-10 19:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-01-14 23:44 - 2014-11-10 13:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-01-14 23:44 - 2014-11-10 13:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-01-14 23:44 - 2014-11-10 13:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-01-14 23:44 - 2014-11-10 13:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-01-14 23:44 - 2014-11-09 21:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-01-14 23:44 - 2014-11-09 20:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-01-14 23:44 - 2014-11-09 20:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-01-14 23:44 - 2014-11-09 20:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-01-14 23:44 - 2014-11-09 20:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-01-14 23:44 - 2014-11-09 20:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-01-14 23:44 - 2014-11-09 20:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-01-14 23:44 - 2014-11-09 20:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-01-14 23:44 - 2014-11-09 19:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-01-14 23:44 - 2014-11-09 19:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-01-14 23:44 - 2014-11-08 05:42 - 01390928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-01-14 23:44 - 2014-11-08 05:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-01-14 23:44 - 2014-11-07 23:00 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-01-14 23:44 - 2014-11-07 23:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-01-14 23:44 - 2014-11-07 22:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-01-14 23:44 - 2014-11-07 22:58 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-01-14 23:44 - 2014-11-07 22:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-01-14 23:44 - 2014-11-07 22:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-01-14 23:44 - 2014-11-07 22:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-01-14 23:44 - 2014-11-07 22:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-01-14 23:44 - 2014-11-07 22:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-01-14 23:44 - 2014-11-07 22:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-01-14 23:44 - 2014-11-07 22:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-01-14 23:44 - 2014-11-07 21:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-01-14 23:44 - 2014-11-07 21:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-01-14 23:44 - 2014-11-07 21:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-01-14 23:44 - 2014-11-07 21:09 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-01-14 23:44 - 2014-11-07 21:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-01-14 23:44 - 2014-11-07 20:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-01-14 23:44 - 2014-11-07 20:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-01-14 23:44 - 2014-11-07 20:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-01-14 23:44 - 2014-11-06 22:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-01-14 23:44 - 2014-11-06 22:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-01-14 23:44 - 2014-11-04 21:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-01-14 23:44 - 2014-11-04 21:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-01-14 23:44 - 2014-11-04 21:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-01-14 23:44 - 2014-11-04 20:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-01-14 23:44 - 2014-11-04 20:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-01-14 23:44 - 2014-11-04 20:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-01-14 23:44 - 2014-11-04 20:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-01-14 23:44 - 2014-11-04 20:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-01-14 23:44 - 2014-11-04 20:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-01-14 23:44 - 2014-11-04 20:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-01-14 23:44 - 2014-11-04 20:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-01-14 23:44 - 2014-11-04 20:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-01-14 23:44 - 2014-11-04 20:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-01-14 23:44 - 2014-11-04 20:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-01-14 23:44 - 2014-11-04 14:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-01-14 23:44 - 2014-11-04 14:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-01-14 23:44 - 2014-11-04 14:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-01-14 23:44 - 2014-11-04 01:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-01-14 23:44 - 2014-11-04 01:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-01-14 23:44 - 2014-11-04 01:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-01-14 23:44 - 2014-11-04 01:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-01-14 23:44 - 2014-11-04 01:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-01-14 23:44 - 2014-11-04 00:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-01-14 23:44 - 2014-10-30 19:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-01-14 23:44 - 2014-10-30 19:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-01-14 23:44 - 2014-10-30 00:55 - 07473472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-01-14 23:44 - 2014-10-30 00:47 - 01499384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-01-14 23:44 - 2014-10-30 00:41 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-01-14 23:44 - 2014-10-28 22:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-01-14 23:44 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-01-14 23:44 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-01-14 23:44 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-01-14 23:44 - 2014-10-28 20:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-01-14 23:44 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-01-14 23:44 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-01-14 23:44 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-01-14 23:44 - 2014-10-28 20:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-01-14 23:44 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-01-14 23:44 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-01-14 23:44 - 2014-10-26 17:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-01-14 23:44 - 2014-10-20 20:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-01-14 23:44 - 2014-10-20 20:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-01-14 23:44 - 2014-10-20 19:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-01-14 23:44 - 2014-10-20 19:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-01-14 23:44 - 2014-10-20 19:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-01-14 23:44 - 2014-10-20 19:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-01-14 23:44 - 2014-10-20 19:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-01-14 23:44 - 2014-10-16 23:56 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-01-14 23:44 - 2014-10-16 23:56 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-01-14 23:44 - 2014-10-16 23:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-01-14 23:44 - 2014-10-16 22:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-01-14 23:43 - 2014-11-17 15:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-01-14 23:43 - 2014-11-17 15:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-01-14 23:43 - 2014-11-14 01:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-01-14 23:43 - 2014-11-14 01:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-01-14 23:43 - 2014-11-14 01:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-01-14 23:43 - 2014-11-14 01:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-01-14 23:43 - 2014-11-14 01:39 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-01-14 23:43 - 2014-11-13 23:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-01-13 15:35 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 15:35 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 15:35 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 15:35 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 15:35 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 15:35 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 15:35 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 15:35 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 15:35 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-03 17:15 - 2015-01-04 06:36 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\.minecraft
2015-01-03 17:15 - 2015-01-03 17:15 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\java
2014-12-31 19:41 - 2014-12-31 19:41 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-12-31 19:39 - 2014-12-31 19:39 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-31 19:22 - 2015-01-10 07:48 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2014-12-31 19:20 - 2014-12-31 19:39 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-31 19:20 - 2014-12-31 19:20 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-12-31 19:20 - 2014-06-16 01:01 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2014-12-31 19:20 - 2014-06-16 01:01 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2014-12-31 19:19 - 2015-01-10 07:52 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\VERIZON
2014-12-31 19:19 - 2014-12-31 19:19 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
2014-12-29 20:52 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434709.dll
2014-12-29 20:52 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434709.dll
2014-12-29 20:52 - 2014-10-09 12:02 - 00195728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2014-12-29 20:52 - 2014-10-09 12:02 - 00030536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2014-12-29 20:52 - 2014-10-09 02:17 - 01540240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco64.dll
2014-12-28 10:19 - 2014-12-28 10:19 - 00001264 _____ () C:\Users\Kyle\Desktop\Bank Balances.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 18:37 - 2013-10-29 08:41 - 00000000 ____D () C:\Users\Kyle
2015-01-26 18:36 - 2014-02-15 18:16 - 00000000 ____D () C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2015-01-26 18:36 - 2013-10-29 18:44 - 00000000 __RDO () C:\Users\Kyle\SkyDrive
2015-01-26 18:36 - 2013-10-29 08:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-26 18:36 - 2013-10-06 17:45 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 18:36 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-26 18:35 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-26 18:35 - 2012-12-14 00:41 - 00000000 ____D () C:\WINDOWS\SysWOW64\C2MP
2015-01-26 18:31 - 2013-12-28 10:09 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0256FD16-B5B7-4F20-8CFC-F23364291993}
2015-01-26 18:31 - 2013-10-06 17:45 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 18:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-26 17:46 - 2012-12-13 23:54 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-26 17:45 - 2012-12-13 21:05 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2245582024-4275581465-1823322728-1002
2015-01-26 10:04 - 2013-10-29 08:37 - 01288050 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-26 05:39 - 2013-09-29 23:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-25 23:32 - 2012-12-14 07:06 - 00000000 ____D () C:\Users\Kyle\Documents\Other
2015-01-25 23:24 - 2013-10-30 05:55 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Deployment
2015-01-25 22:45 - 2013-09-17 06:27 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\TS3Client
2015-01-25 17:12 - 2014-08-18 05:19 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-24 15:46 - 2012-12-13 23:54 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-24 01:41 - 2014-06-07 06:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-24 01:41 - 2014-02-09 12:31 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Media Player Classic
2015-01-24 01:41 - 2013-09-24 18:29 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Ventrilo
2015-01-24 01:41 - 2012-12-16 12:10 - 00000000 ____D () C:\Users\Kyle\AppData\Local\CrashDumps
2015-01-24 01:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-24 00:34 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-22 19:25 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-22 19:24 - 2012-12-13 23:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 19:13 - 2013-10-29 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-21 18:54 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-19 16:32 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 16:32 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-17 04:29 - 2012-09-18 00:32 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-16 01:41 - 2014-06-03 05:31 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-01-16 01:41 - 2014-06-03 05:31 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-01-16 01:41 - 2013-10-29 07:23 - 01514528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-01-16 01:41 - 2013-10-29 07:23 - 01278920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-01-15 01:53 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-15 00:02 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-01-15 00:01 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-01-15 00:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-01-15 00:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-01-14 23:46 - 2013-07-13 09:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 23:44 - 2012-12-13 21:18 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 23:43 - 2014-11-12 17:42 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-01-14 23:43 - 2014-11-12 17:42 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-01-14 23:43 - 2014-11-12 17:42 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-01-14 23:43 - 2014-11-12 17:42 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-01-14 10:32 - 2013-10-06 17:47 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-10 15:46 - 2014-08-18 05:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-10 15:46 - 2014-08-18 05:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-10 15:46 - 2012-12-14 00:33 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 03:07 - 2014-05-30 06:15 - 16009120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-01-10 03:07 - 2013-10-29 07:20 - 18566296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-01-10 03:07 - 2013-10-29 07:20 - 14115944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-01-10 03:07 - 2013-10-29 07:20 - 03298816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-01-10 03:07 - 2013-10-29 07:20 - 02902456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-01-10 03:07 - 2013-10-29 07:20 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-01-10 03:07 - 2012-10-26 21:53 - 00073872 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-01-10 03:07 - 2012-10-26 21:53 - 00060744 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-01-09 18:30 - 2013-10-29 08:37 - 06860432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-01-09 18:30 - 2013-10-29 08:37 - 03517256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-01-09 18:29 - 2013-10-29 08:37 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-01-09 18:29 - 2013-10-29 08:37 - 00385352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-01-09 18:29 - 2013-10-29 08:37 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-01-09 18:29 - 2013-03-05 20:33 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-01-09 14:47 - 2013-10-29 08:37 - 04173527 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-01-02 01:27 - 2013-09-24 18:25 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Mumble
2014-12-31 19:39 - 2012-09-18 00:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
 
==================== Files in the root of some directories =======
 
2014-02-09 12:26 - 2014-02-09 12:26 - 0000042 _____ () C:\Users\Kyle\AppData\Roaming\WB.CFG
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-26 06:38
 
==================== End Of Log ============================


#12 kvandertulip

kvandertulip
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 26 January 2015 - 08:19 PM

C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll Win32/Patched.NFQ trojan
C:\AdwCleaner\Quarantine\C\Program Files (x86)\unnisalleS\qJg6SDKJba4uoW.dll.vir a variant of Win32/Adware.MultiPlug.EG application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\aijmnmdpiojhgcnblknhpidacnbgikjo\lG.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\0brsb2zr.default-1391971594311\Extensions\9G61@b4n.org\content\bg.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\0brsb2zr.default-1391971594311\Extensions\VG@EVUF.org\content\bg.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\194\z0.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

Edited by kvandertulip, 26 January 2015 - 08:42 PM.


#13 kvandertulip

kvandertulip
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 26 January 2015 - 08:45 PM

It is not running slower surprisingly, but I am still seeing those folders reappear after I restart. I am also seeing 5 extra chrome processes in Task Manager when I open chrome.


Edited by kvandertulip, 26 January 2015 - 09:05 PM.


#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:16 AM

Posted 27 January 2015 - 11:39 AM

EmieBrowserModeList
EmieSiteList
EmieUserList

These are legit folders. ;)

The multiple chrome processes are also normal.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 kvandertulip

kvandertulip
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 27 January 2015 - 06:59 PM

I think I'm good then. I appreciate your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users