Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Amazon Account Hacked AFTER Password Change


  • This topic is locked This topic is locked
13 replies to this topic

#1 bdmi

bdmi

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 11 February 2015 - 02:17 AM

One week ago, I received a message from Amazon.com that an order had been returned and refunded. I thought that was strange since I hadn't returned anything...

 

I then got a message from Amazon that "my" request to have this balance transferred to another account would shortly be fulfilled.

 

I contacted Amazon, they obviously said my account had been compromised, so I changed my email.

 

Fast forward to today: Amazon contacted me saying that my account had been compromised today, and I needed to change my password. So I'm wondering whether there's something on my computer that's giving away my Amazon password!

 

Also: I've noticed lately that occasionally my internet connection stops working, and I have to restart my computer for it to work. 

 

As well, sometimes the fan goes unnaturally high, as if I were playing a graphically intensive game, and the system slows down... but I'm just browsing a few websites... when I reboot it goes back to normal.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Benj (administrator) on ENTERPRISE-D on 10-02-2015 23:10:25
Running from C:\Users\Benj\Downloads
Loaded Profiles: Benj (Available profiles: Benj)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe
(Examsoft Worldwide Inc.) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.SoftShield.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Flux Software LLC) C:\Users\Benj\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-08-11] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893104 2014-08-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-01-02] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [407720 2014-01-02] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\...\Run: [GoogleChromeAutoLaunch_E86E8D5B474A13764BA96227EA1A4709] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\...\Run: [f.lux] => C:\Users\Benj\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\...\MountPoints2: {a2dc17ca-54ad-11e4-8271-303a6483107f} - "H:\WD Drive Unlock.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKU\S-1-5-21-3033371514-2614738754-950436685-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://msi13.msn.com
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 137.82.1.2 142.103.1.42
Tcpip\..\Interfaces\{84281C0B-1CEB-4059-A498-E4512980FEC7}: [NameServer] 208.67.222.222,208.67.220.220
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-10]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR Profile: C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-10]
CHR Extension: (Mario World Theme) - C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjpbjidbdfecpoibhjkjahjnbpnchcfb [2014-10-15]
CHR Extension: (Avast Online Security) - C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-10]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-10-10]
CHR Extension: (SpaceVenture Living Concept Art: Phase 4) - C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgniikfooeahbodhemoclicbjeimkana [2014-10-10]
CHR Extension: (Hangouts) - C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-10-10]
CHR Extension: (Google Wallet) - C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-27] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-27] (Avast Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2014-08-11] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-15] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [130008 2014-08-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-01-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-15] (NVIDIA Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67848 2015-01-23] (Hewlett-Packard)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-27] ()
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-10-10] (Disc Soft Ltd)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2014-08-11] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2014-08-11] (Realsil Semiconductor Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-27] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 23:10 - 2015-02-10 23:10 - 02132992 _____ (Farbar) C:\Users\Benj\Downloads\FRST64.exe
2015-02-10 23:10 - 2015-02-10 23:10 - 00024094 _____ () C:\Users\Benj\Downloads\FRST.txt
2015-02-10 23:10 - 2015-02-10 23:10 - 00000000 ____D () C:\FRST
2015-02-10 22:59 - 2015-02-10 22:59 - 00000197 _____ () C:\Windows\system32\2015-02-11-06-59-52.030-AvastVBoxSVC.exe-4036.log
2015-02-10 22:57 - 2015-02-10 22:57 - 00000000 ____D () C:\Users\Benj\Downloads\backups
2015-02-10 22:49 - 2015-02-10 22:49 - 00014340 _____ () C:\Users\Benj\Downloads\hijackthis.log
2015-02-10 22:48 - 2015-02-10 22:48 - 00388608 _____ (Trend Micro Inc.) C:\Users\Benj\Downloads\HijackThis.exe
2015-02-10 01:31 - 2015-02-10 01:32 - 00000197 _____ () C:\Windows\system32\2015-02-10-09-31-55.070-AvastVBoxSVC.exe-3352.log
2015-02-08 12:11 - 2015-02-08 12:11 - 00000197 _____ () C:\Windows\system32\2015-02-08-20-11-15.039-AvastVBoxSVC.exe-3444.log
2015-02-07 21:15 - 2015-02-07 21:15 - 00001773 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-07 21:15 - 2015-02-07 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-07 21:15 - 2015-02-07 21:15 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-07 21:15 - 2015-02-07 21:15 - 00000000 ____D () C:\Program Files\iTunes
2015-02-07 21:15 - 2015-02-07 21:15 - 00000000 ____D () C:\Program Files\iPod
2015-02-07 21:15 - 2015-02-07 21:15 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-07 02:40 - 2015-02-07 02:40 - 00000197 _____ () C:\Windows\system32\2015-02-07-10-40-31.007-AvastVBoxSVC.exe-3548.log
2015-02-07 02:39 - 2015-02-07 02:39 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\ControlCenter4
2015-02-07 02:37 - 2015-02-07 02:37 - 00002164 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2015-02-07 02:37 - 2015-02-07 02:37 - 00002079 _____ () C:\Users\Public\Desktop\Brother Utilities.lnk
2015-02-07 02:37 - 2015-02-07 02:37 - 00000066 _____ () C:\Windows\Brfaxrx.ini
2015-02-07 02:37 - 2015-02-07 02:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-02-07 02:37 - 2015-02-07 02:37 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2015-02-07 02:37 - 2015-02-07 02:37 - 00000000 ____D () C:\Brother
2015-02-07 02:36 - 2015-02-07 02:36 - 00000197 _____ () C:\Windows\system32\2015-02-07-10-36-52.005-AvastVBoxSVC.exe-3824.log
2015-02-07 02:36 - 2014-06-25 16:37 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2015-02-07 02:36 - 2014-06-25 08:06 - 00227840 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRCOM13A.DLL
2015-02-07 02:36 - 2013-07-12 14:03 - 00214016 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2015-02-07 02:36 - 2012-12-03 13:39 - 00002560 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2015-02-07 02:36 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2015-02-07 02:36 - 2007-12-13 22:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2015-02-07 02:35 - 2015-02-07 02:35 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\InstallShield
2015-02-07 02:29 - 2015-02-07 02:29 - 00459912 _____ (A.I.SOFT,INC.) C:\Users\Benj\Downloads\delinf_10210.EXE
2015-02-07 02:29 - 2015-02-07 02:29 - 00000000 ____D () C:\Users\Benj\Downloads\rempnp
2015-02-07 02:28 - 2015-02-07 02:30 - 173203504 _____ (A.I.SOFT,INC.) C:\Users\Benj\Downloads\MFC-L2700DW-inst-B1-US2.EXE
2015-02-07 02:16 - 2015-02-07 02:18 - 00001584 _____ () C:\Users\Benj\Desktop\BrCcBoot.exe.lnk
2015-02-07 02:06 - 2014-06-16 17:00 - 65187899 _____ (Macrovision Corporation) C:\Users\Benj\Downloads\ControlCenter4 Updater.exe
2015-02-07 02:05 - 2015-02-07 02:06 - 64084564 _____ (A.I.SOFT,INC.) C:\Users\Benj\Downloads\CC4updater_424201.EXE
2015-02-05 11:44 - 2015-02-05 11:44 - 00000197 _____ () C:\Windows\system32\2015-02-05-19-44-00.086-AvastVBoxSVC.exe-4228.log
2015-02-04 21:43 - 2015-02-04 21:46 - 09483904 _____ (A.I.SOFT,INC.) C:\Users\Benj\Downloads\Unconfirmed 111660.crdownload
2015-02-04 18:22 - 2015-02-04 18:22 - 00000302 _____ () C:\Users\Benj\Documents\amzn-txt.axx
2015-02-04 11:53 - 2015-02-04 11:53 - 00000197 _____ () C:\Windows\system32\2015-02-04-19-53-21.075-AvastVBoxSVC.exe-4020.log
2015-02-04 11:40 - 2015-02-10 22:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 11:40 - 2015-02-04 11:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Benj\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 11:40 - 2015-02-04 11:40 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 11:40 - 2015-02-04 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 11:40 - 2015-02-04 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-04 11:40 - 2015-02-04 11:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 11:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 11:40 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-04 11:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-04 03:16 - 2015-02-04 03:16 - 00000197 _____ () C:\Windows\system32\2015-02-04-11-16-09.006-AvastVBoxSVC.exe-3788.log
2015-01-30 10:03 - 2015-01-30 10:26 - 00000021 _____ () C:\Users\Benj\Documents\blood.ca.txt
2015-01-29 15:04 - 2015-01-29 15:04 - 00018774 _____ () C:\Users\Benj\Downloads\chessmaster.rar.torrent
2015-01-29 14:36 - 2015-01-29 14:36 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-29 14:35 - 2015-01-29 14:35 - 00639400 _____ (Oracle Corporation) C:\Users\Benj\Downloads\chromeinstall-8u31.exe
2015-01-29 14:34 - 2015-01-29 14:34 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-29 14:34 - 2015-01-29 14:34 - 00000000 ____D () C:\Program Files\Java
2015-01-29 14:33 - 2015-01-29 14:34 - 93427112 _____ (Oracle Corporation) C:\Users\Benj\Downloads\jre-8u31-windows-x64.exe
2015-01-29 09:36 - 2015-01-29 10:08 - 00000000 ____D () C:\Users\Benj\Documents\Steph Resume
2015-01-28 08:44 - 2015-01-28 08:44 - 00000197 _____ () C:\Windows\system32\2015-01-28-16-44-03.072-AvastVBoxSVC.exe-3772.log
2015-01-27 12:11 - 2015-02-04 11:37 - 00008989 _____ () C:\Users\Benj\Documents\sushi owings.xlsx
2015-01-26 18:48 - 2015-01-26 19:01 - 00000000 ____D () C:\Users\Benj\Documents\n1
2015-01-26 18:21 - 2015-01-26 18:21 - 00035146 _____ () C:\Users\Benj\Downloads\[kickass.so]accepted.2006.720p.brrip.x264.gsftx.torrent
2015-01-26 16:57 - 2015-01-26 17:05 - 00000122 ____H () C:\Users\Benj\Downloads\.picasa.ini
2015-01-24 01:21 - 2015-01-10 00:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-24 01:21 - 2015-01-10 00:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-24 01:21 - 2015-01-10 00:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-22 23:00 - 2015-01-22 23:00 - 00000197 _____ () C:\Windows\system32\2015-01-23-07-00-30.085-AvastVBoxSVC.exe-3724.log
2015-01-22 14:40 - 2015-01-22 14:43 - 00000000 ____D () C:\Users\Benj\Documents\Gina Headshot
2015-01-21 21:16 - 2015-01-21 21:16 - 00000015 _____ () C:\Users\Benj\Documents\timtangtest.txt
2015-01-20 17:38 - 2015-01-20 17:38 - 00000136 _____ () C:\Users\Benj\Documents\parking advice from reynolds.txt
2015-01-19 16:20 - 2015-01-21 00:21 - 00131085 _____ () C:\Users\Benj\Documents\try.html
2015-01-19 16:20 - 2015-01-21 00:21 - 00000000 ____D () C:\Users\Benj\Documents\try_files
2015-01-19 01:42 - 2015-01-19 01:42 - 00573665 _____ () C:\Users\Benj\Downloads\temp.3gp
2015-01-18 13:08 - 2015-01-18 13:08 - 00000000 ____D () C:\Users\Benj\Desktop\Media
2015-01-18 13:08 - 2015-01-14 04:00 - 01126483 ____N () C:\Users\Benj\Desktop\msgstore-2015-01-15.1.db.crypt7
2015-01-18 13:06 - 2015-01-18 13:06 - 00000000 ____D () C:\Users\Benj\Documents\WhatsApp
2015-01-18 13:05 - 2015-01-18 13:05 - 00000000 ____D () C:\Users\Benj\Desktop\WhatsApp
2015-01-17 21:04 - 2015-01-17 21:04 - 00104562 _____ () C:\Users\Benj\Downloads\[kickass.so]the.hobbit.the.desolation.of.smaug.2013.bdrip.x264.sparks.torrent
2015-01-17 20:57 - 2015-01-17 20:57 - 00075125 _____ () C:\Users\Benj\Downloads\[kickass.so]the.hobbit.the.desolation.of.smaug.2013.extended.1080p.bluray.h2.torrent
2015-01-17 15:53 - 2015-01-17 15:53 - 00000197 _____ () C:\Windows\system32\2015-01-17-23-53-05.022-AvastVBoxSVC.exe-3740.log
2015-01-15 21:42 - 2015-01-15 21:42 - 00000025 _____ () C:\Users\Benj\Documents\s strat.txt
2015-01-15 09:08 - 2015-01-15 09:08 - 00000197 _____ () C:\Windows\system32\2015-01-15-17-08-28.005-AvastVBoxSVC.exe-3776.log
2015-01-15 01:00 - 2015-01-15 01:00 - 00000197 _____ () C:\Windows\system32\2015-01-15-09-00-04.036-AvastVBoxSVC.exe-3916.log
2015-01-14 19:04 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 19:04 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 19:04 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 19:04 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 19:04 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 19:04 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 19:04 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 19:04 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 19:04 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 19:04 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 19:04 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 19:04 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 19:04 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 19:04 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 19:04 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 19:04 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 19:04 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 19:04 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 19:04 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 19:04 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 19:04 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 19:04 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 19:04 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 19:04 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 19:04 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 19:04 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 19:04 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 19:04 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 19:04 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 19:04 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 19:04 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 14:39 - 2015-01-14 14:39 - 00000000 ____D () C:\Users\Benj\AppData\Local\My Games
2015-01-14 14:37 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-01-14 14:37 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-01-14 14:37 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-01-14 14:37 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-01-14 14:37 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-01-14 14:37 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-01-14 14:37 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-01-14 14:37 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-01-14 14:37 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-01-14 14:37 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-01-14 14:37 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-01-14 14:37 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-14 14:37 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-01-14 14:37 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-01-14 14:37 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-01-14 14:37 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-01-14 14:37 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-01-14 14:37 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-01-14 14:37 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-01-14 14:37 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-01-14 14:37 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-01-14 14:37 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-01-14 14:37 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-01-14 14:37 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-01-14 14:37 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-01-14 14:37 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-01-14 14:37 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-01-14 14:37 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-01-14 14:37 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-01-14 14:37 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-01-14 14:37 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-01-14 14:37 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-01-14 14:37 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-01-14 14:37 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-01-14 14:37 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-01-14 14:37 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-01-14 14:37 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-01-14 14:37 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-01-14 14:37 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-01-14 14:37 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-01-14 14:37 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-01-14 14:37 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-01-14 14:37 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-01-14 14:37 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-01-14 14:37 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-01-14 14:37 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-01-14 14:37 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-01-14 14:37 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-01-14 14:37 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-01-14 14:37 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-01-14 14:37 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-01-14 14:37 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-01-14 14:37 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-01-14 14:37 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-01-14 14:37 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-01-14 14:37 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-01-14 14:37 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-01-14 14:37 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-01-14 14:37 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-01-14 14:37 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-01-14 14:37 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-01-14 14:37 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-01-14 14:37 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-01-14 14:37 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-01-14 14:37 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-01-14 14:37 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-01-14 14:37 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-01-14 14:37 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-01-14 14:37 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-01-14 14:37 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-01-14 14:37 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-01-14 14:37 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-01-14 14:37 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-01-14 14:37 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-01-14 14:37 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-01-14 14:37 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-01-14 14:37 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-01-14 14:37 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-01-14 14:37 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-01-14 14:37 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-01-14 14:37 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-01-14 14:37 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-01-14 14:37 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-01-14 14:37 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-01-14 14:37 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-01-14 14:37 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-01-14 14:37 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-01-14 14:37 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-01-14 14:37 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-01-14 14:37 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-01-14 14:37 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-01-14 14:37 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-01-14 14:37 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-01-14 14:37 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-01-14 14:37 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-01-14 14:37 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-01-14 14:37 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-01-14 14:37 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-01-14 14:37 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-14 14:37 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-01-14 14:37 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-14 14:37 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-01-14 14:37 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-14 14:37 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-01-14 14:37 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-14 14:37 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-01-14 14:37 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-14 14:37 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-01-14 14:37 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-14 14:37 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-01-14 14:37 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-14 14:37 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-01-14 14:37 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-14 14:37 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-01-14 14:37 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-14 14:37 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-01-14 14:37 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-14 14:37 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-01-14 14:37 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-01-14 14:37 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-14 14:37 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-01-14 14:37 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-01-14 14:37 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-14 14:37 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-01-14 14:37 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-14 14:37 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-01-14 14:37 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-01-14 14:37 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-14 14:37 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-14 14:37 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-14 14:37 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-01-14 14:37 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-01-14 14:37 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-01-14 14:37 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-14 14:37 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-14 14:37 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-01-14 14:37 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-14 14:37 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-01-14 14:37 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-14 14:37 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-01-14 14:37 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-14 14:37 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-01-14 14:37 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-14 14:37 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-01-14 14:37 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-14 14:37 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-01-14 14:37 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-14 14:37 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-01-14 14:37 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-14 14:37 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-01-14 14:37 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-14 14:37 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-01-14 14:37 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-14 14:37 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-01-14 14:37 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-14 14:37 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-01-14 14:32 - 2015-01-14 14:32 - 00000202 _____ () C:\Users\Benj\Desktop\Hack, Slash, Loot.url
2015-01-14 14:31 - 2015-01-14 14:31 - 00000202 _____ () C:\Users\Benj\Desktop\Kerbal Space Program.url
2015-01-14 14:16 - 2015-01-14 14:32 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-14 14:16 - 2015-01-14 14:16 - 00000200 _____ () C:\Users\Benj\Desktop\Sid Meier's Civilization V.url
2015-01-14 14:16 - 2015-01-14 14:16 - 00000169 _____ () C:\Users\Benj\Desktop\Evoland.url
2015-01-14 14:13 - 2015-01-14 14:13 - 01142128 _____ () C:\Users\Benj\Downloads\SteamSetup.exe
2015-01-14 14:13 - 2015-01-14 14:13 - 00000528 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-01-14 14:13 - 2015-01-14 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-13 13:57 - 2015-01-13 13:58 - 00000000 ____D () C:\Users\Benj\Documents\Jasmina Nexus
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 23:10 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-10 23:09 - 2014-10-10 04:43 - 01373325 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 23:04 - 2014-03-18 02:03 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-10 23:02 - 2014-10-10 19:58 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3033371514-2614738754-950436685-1001
2015-02-10 23:00 - 2014-10-10 20:00 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\ClassicShell
2015-02-10 23:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-10 22:58 - 2014-10-10 20:48 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\Skype
2015-02-10 22:58 - 2014-10-10 20:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-10 22:57 - 2014-10-10 19:53 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-10 22:57 - 2014-10-10 19:53 - 00000000 ___DO () C:\Users\Benj\OneDrive
2015-02-10 22:57 - 2013-08-22 06:46 - 00078804 _____ () C:\Windows\setupact.log
2015-02-10 22:57 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 22:57 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-10 22:46 - 2014-12-13 16:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 22:22 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-10 19:28 - 2014-10-10 00:39 - 00000000 ____D () C:\Users\Benj\Documents\LSLAP
2015-02-10 19:18 - 2014-10-10 19:53 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 09:12 - 2014-10-23 17:53 - 00054784 ___SH () C:\Users\Benj\Desktop\Thumbs.db
2015-02-08 12:08 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-07 21:15 - 2014-10-12 01:00 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-07 02:37 - 2014-12-03 01:34 - 00000092 _____ () C:\Windows\brpcfx.ini
2015-02-07 02:37 - 2014-12-03 01:33 - 00000000 ____D () C:\Program Files (x86)\Browny02
2015-02-07 02:37 - 2014-12-03 01:33 - 00000000 ____D () C:\Program Files (x86)\Brother
2015-02-07 02:36 - 2014-08-11 16:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-07 02:34 - 2014-03-18 01:54 - 00750366 _____ () C:\Windows\PFRO.log
2015-02-05 14:51 - 2014-10-10 20:34 - 00000000 ____D () C:\Users\Benj\AppData\Local\Battle.net
2015-02-05 12:12 - 2014-12-17 21:11 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-02-04 18:13 - 2014-10-10 19:53 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 18:13 - 2014-10-10 19:53 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 11:51 - 2014-04-29 10:50 - 00000000 ____D () C:\Windows\ko
2015-02-04 11:46 - 2014-12-13 16:23 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 11:31 - 2013-08-22 07:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2013-08-22 07:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 00:51 - 2014-10-10 20:00 - 00615424 ___SH () C:\Users\Benj\Downloads\Thumbs.db
2015-01-30 10:26 - 2014-10-11 11:18 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\uTorrent
2015-01-29 14:36 - 2014-10-22 17:51 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-29 13:20 - 2014-10-11 13:41 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\vlc
2015-01-29 11:15 - 2014-10-10 00:40 - 00000000 ____D () C:\Users\Benj\Documents\Tax Year 2014
2015-01-24 01:22 - 2014-08-11 16:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-23 20:32 - 2014-11-17 17:18 - 00000000 ____D () C:\ProgramData\SofTest
2015-01-23 20:32 - 2014-11-17 17:18 - 00000000 ____D () C:\Program Files (x86)\Examsoft
2015-01-22 09:12 - 2014-11-03 19:31 - 00000000 ____D () C:\Users\Benj\AppData\Local\CrashDumps
2015-01-22 00:36 - 2014-10-10 00:39 - 00000000 ____D () C:\Users\Benj\Documents\Law School
2015-01-21 09:52 - 2014-10-23 01:38 - 00000000 ____D () C:\Users\Benj\Documents\Coupons
2015-01-19 16:14 - 2014-10-15 23:40 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\Notepad++
2015-01-15 22:41 - 2014-10-10 19:55 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-15 22:41 - 2014-10-10 19:55 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-15 22:41 - 2014-08-11 16:31 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-15 22:41 - 2014-08-11 16:31 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-14 21:54 - 2014-10-12 01:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:51 - 2014-10-12 01:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 14:39 - 2014-10-30 10:54 - 00000000 ____D () C:\Users\Benj\Documents\My Games
2015-01-14 14:37 - 2014-04-29 10:48 - 00027182 _____ () C:\Windows\DirectX.log
2015-01-11 21:23 - 2015-01-06 11:30 - 00000000 ____D () C:\Users\Benj\Documents\Natchar Tenancy Dispute
 
Some content of TEMP:
====================
C:\Users\Benj\AppData\Local\Temp\COMAP.EXE
C:\Users\Benj\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Benj\AppData\Local\Temp\Gw2.exe
C:\Users\Benj\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\Benj\AppData\Local\Temp\ose00000.exe
C:\Users\Benj\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Benj\AppData\Local\Temp\_is9459.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-06 12:39
 
==================== End Of Log ============================

Attached Files


Edited by bdmi, 11 February 2015 - 02:40 AM.


BC AdBot (Login to Remove)

 


#2 bdmi

bdmi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 12 February 2015 - 09:16 PM

UPDATE: I just paid a phone bill online, and the thing I described with the fan going to full happened. I did Ctrl-Alt-Delete and saw that Avast Service (32 Bit) was using 98.2% CPU!

 

I don't know what was wrong with Avast, but I've now switched to Avira.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 AM

Posted 16 February 2015 - 02:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/566636 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 bdmi

bdmi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 16 February 2015 - 02:37 AM

1. As above.
2. See below
3. No, but my computer does have a recovery partition.
 
---
 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Benj (administrator) on ENTERPRISE-D on 16-02-2015 02:35:37
Running from C:\Users\Benj\Downloads
Loaded Profiles: Benj (Available profiles: Benj)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe
(Examsoft Worldwide Inc.) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.SoftShield.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\ws.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Flux Software LLC) C:\Users\Benj\AppData\Local\FluxSoftware\Flux\flux.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-08-11] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893104 2014-08-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-01-02] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [407720 2014-01-02] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-18] (Oracle Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\...\Run: [GoogleChromeAutoLaunch_E86E8D5B474A13764BA96227EA1A4709] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\...\Run: [f.lux] => C:\Users\Benj\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\...\MountPoints2: {a2dc17ca-54ad-11e4-8271-303a6483107f} - "H:\WD Drive Unlock.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKU\S-1-5-21-3033371514-2614738754-950436685-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://msi13.msn.com
HKU\S-1-5-21-3033371514-2614738754-950436685-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{84281C0B-1CEB-4059-A498-E4512980FEC7}: [NameServer] 208.67.222.222,208.67.220.220
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR Profile: C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-10]
CHR Extension: (Mario World Theme) - C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjpbjidbdfecpoibhjkjahjnbpnchcfb [2014-10-15]
CHR Extension: (Avira Browser Safety) - C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-12]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-10-10]
CHR Extension: (SpaceVenture Living Concept Art: Phase 4) - C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgniikfooeahbodhemoclicbjeimkana [2014-10-10]
CHR Extension: (Hangouts) - C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-10-10]
CHR Extension: (Google Wallet) - C:\Users\Benj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-02-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-04] (Avira Operations GmbH & Co. KG)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2014-08-11] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [130008 2014-08-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-01-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67848 2015-01-23] (Hewlett-Packard)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-10-10] (Disc Soft Ltd)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2014-08-11] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2014-08-11] (Realsil Semiconductor Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 02:32 - 2015-02-16 02:32 - 00000000 ____D () C:\Users\Benj\Downloads\FRST-OlderVersion
2015-02-14 03:46 - 2015-02-14 03:46 - 00152298 _____ () C:\Users\Benj\Downloads\mod06_e01.swf
2015-02-14 03:41 - 2015-02-14 03:41 - 00166398 _____ () C:\Users\Benj\Downloads\mod05_e06b.swf
2015-02-14 03:41 - 2015-02-14 03:41 - 00150334 _____ () C:\Users\Benj\Downloads\mod05_e06a.swf
2015-02-14 03:34 - 2015-02-14 03:34 - 00437246 _____ () C:\Users\Benj\Downloads\mod04_e11-1.swf
2015-02-14 03:33 - 2015-02-14 03:33 - 00029911 _____ () C:\Users\Benj\Downloads\mod04_e10_consider.swf
2015-02-14 03:32 - 2015-02-14 03:32 - 00278923 _____ () C:\Users\Benj\Downloads\mod04_e10.swf
2015-02-14 03:30 - 2015-02-14 03:30 - 00309407 _____ () C:\Users\Benj\Downloads\mod04_e01.swf
2015-02-14 03:26 - 2015-02-14 03:26 - 00656651 _____ () C:\Users\Benj\Downloads\mod03_e16.swf
2015-02-14 03:19 - 2015-02-14 03:19 - 00197625 _____ () C:\Users\Benj\Downloads\mod03_e01.swf
2015-02-14 03:15 - 2015-02-14 03:15 - 03268846 _____ () C:\Users\Benj\Downloads\mod02_e01.swf
2015-02-14 03:13 - 2015-02-14 03:13 - 00013956 _____ () C:\Users\Benj\Downloads\mod01_e05.swf
2015-02-14 03:11 - 2015-02-14 03:11 - 00375445 _____ () C:\Users\Benj\Downloads\mod01_e01.swf
2015-02-12 18:44 - 2015-02-12 18:44 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\Avira
2015-02-12 18:44 - 2015-02-12 18:43 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-02-12 18:42 - 2015-02-04 20:51 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-02-12 18:42 - 2015-02-04 20:51 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-12 18:42 - 2015-02-04 20:51 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-02-12 18:41 - 2015-02-12 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-12 18:41 - 2015-02-12 18:42 - 00000000 ____D () C:\ProgramData\Avira
2015-02-12 18:41 - 2015-02-12 18:42 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-12 18:41 - 2015-02-12 18:41 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-12 18:39 - 2015-02-12 18:39 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Benj\Downloads\avira_en_av_5847543361__ws.exe
2015-02-12 18:14 - 2015-02-12 18:14 - 00000714 _____ () C:\Users\Benj\Downloads\fixlist.txt
2015-02-12 18:04 - 2015-02-12 18:04 - 00000197 _____ () C:\Windows\system32\2015-02-12-23-04-18.035-AvastVBoxSVC.exe-3728.log
2015-02-12 14:07 - 2015-02-12 14:07 - 00000010 _____ () C:\Users\Benj\Documents\amzn.txt
2015-02-12 14:06 - 2015-02-12 14:06 - 00000247 _____ () C:\Windows\system32\2015-02-12-19-06-48.080-aswFe.exe-4784.log
2015-02-12 14:04 - 2015-02-12 14:06 - 00000247 _____ () C:\Windows\system32\2015-02-12-19-04-06.049-aswFe.exe-7460.log
2015-02-12 14:04 - 2015-02-12 14:04 - 00000197 _____ () C:\Windows\system32\2015-02-12-19-04-03.066-AvastVBoxSVC.exe-2216.log
2015-02-12 12:07 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 12:07 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 04:22 - 2015-02-12 04:22 - 00000197 _____ () C:\Windows\system32\2015-02-12-09-22-19.067-AvastVBoxSVC.exe-4512.log
2015-02-11 16:49 - 2015-02-11 16:49 - 00000197 _____ () C:\Windows\system32\2015-02-11-21-49-23.063-AvastVBoxSVC.exe-3616.log
2015-02-11 14:17 - 2015-02-11 14:17 - 00000197 _____ () C:\Windows\system32\2015-02-11-19-17-23.092-AvastVBoxSVC.exe-3728.log
2015-02-11 03:22 - 2015-02-05 16:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-11 03:22 - 2015-02-05 16:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-11 03:22 - 2015-02-05 16:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-11 02:10 - 2015-02-16 02:35 - 00023821 _____ () C:\Users\Benj\Downloads\FRST.txt
2015-02-11 02:10 - 2015-02-16 02:35 - 00000000 ____D () C:\FRST
2015-02-11 02:10 - 2015-02-16 02:32 - 02085888 _____ (Farbar) C:\Users\Benj\Downloads\FRST64.exe
2015-02-11 01:59 - 2015-02-11 01:59 - 00000197 _____ () C:\Windows\system32\2015-02-11-06-59-52.030-AvastVBoxSVC.exe-4036.log
2015-02-11 01:57 - 2015-02-11 01:57 - 00000000 ____D () C:\Users\Benj\Downloads\backups
2015-02-11 01:49 - 2015-02-11 01:49 - 00014340 _____ () C:\Users\Benj\Downloads\hijackthis.log
2015-02-11 01:48 - 2015-02-11 01:48 - 00388608 _____ (Trend Micro Inc.) C:\Users\Benj\Downloads\HijackThis.exe
2015-02-11 01:23 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 01:23 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 01:23 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 01:23 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 01:23 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 01:23 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 01:23 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 01:23 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 01:23 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 01:23 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 01:23 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 01:23 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 01:23 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 01:23 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 01:23 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 01:23 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 01:23 - 2014-12-08 18:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 01:23 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 01:23 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 01:23 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 01:23 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 01:23 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 01:23 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 01:23 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 01:23 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 01:23 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 01:23 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 01:23 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 01:23 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 01:23 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 01:22 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 01:22 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 01:22 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 01:22 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 01:22 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 01:22 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 01:22 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 01:22 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 01:22 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 01:22 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 01:22 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 01:22 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 01:22 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 01:22 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 01:22 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 01:22 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 01:22 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 01:22 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 01:22 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 01:22 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 01:22 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 01:22 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 01:22 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 01:22 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 01:22 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 01:22 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 01:22 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 01:22 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 01:22 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 01:22 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 01:22 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 01:22 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 01:22 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 01:22 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 01:22 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 04:31 - 2015-02-10 04:32 - 00000197 _____ () C:\Windows\system32\2015-02-10-09-31-55.070-AvastVBoxSVC.exe-3352.log
2015-02-08 15:11 - 2015-02-08 15:11 - 00000197 _____ () C:\Windows\system32\2015-02-08-20-11-15.039-AvastVBoxSVC.exe-3444.log
2015-02-08 00:15 - 2015-02-08 00:15 - 00001773 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-08 00:15 - 2015-02-08 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-08 00:15 - 2015-02-08 00:15 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-08 00:15 - 2015-02-08 00:15 - 00000000 ____D () C:\Program Files\iTunes
2015-02-08 00:15 - 2015-02-08 00:15 - 00000000 ____D () C:\Program Files\iPod
2015-02-08 00:15 - 2015-02-08 00:15 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-07 05:40 - 2015-02-07 05:40 - 00000197 _____ () C:\Windows\system32\2015-02-07-10-40-31.007-AvastVBoxSVC.exe-3548.log
2015-02-07 05:39 - 2015-02-07 05:39 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\ControlCenter4
2015-02-07 05:37 - 2015-02-07 05:37 - 00002164 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2015-02-07 05:37 - 2015-02-07 05:37 - 00002079 _____ () C:\Users\Public\Desktop\Brother Utilities.lnk
2015-02-07 05:37 - 2015-02-07 05:37 - 00000066 _____ () C:\Windows\Brfaxrx.ini
2015-02-07 05:37 - 2015-02-07 05:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-02-07 05:37 - 2015-02-07 05:37 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2015-02-07 05:37 - 2015-02-07 05:37 - 00000000 ____D () C:\Brother
2015-02-07 05:36 - 2015-02-07 05:36 - 00000197 _____ () C:\Windows\system32\2015-02-07-10-36-52.005-AvastVBoxSVC.exe-3824.log
2015-02-07 05:36 - 2014-06-25 19:37 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2015-02-07 05:36 - 2014-06-25 11:06 - 00227840 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRCOM13A.DLL
2015-02-07 05:36 - 2013-07-12 17:03 - 00214016 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2015-02-07 05:36 - 2012-12-03 16:39 - 00002560 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2015-02-07 05:36 - 2010-03-15 22:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2015-02-07 05:36 - 2007-12-14 01:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2015-02-07 05:35 - 2015-02-07 05:35 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\InstallShield
2015-02-07 05:29 - 2015-02-07 05:29 - 00459912 _____ (A.I.SOFT,INC.) C:\Users\Benj\Downloads\delinf_10210.EXE
2015-02-07 05:29 - 2015-02-07 05:29 - 00000000 ____D () C:\Users\Benj\Downloads\rempnp
2015-02-07 05:28 - 2015-02-07 05:30 - 173203504 _____ (A.I.SOFT,INC.) C:\Users\Benj\Downloads\MFC-L2700DW-inst-B1-US2.EXE
2015-02-07 05:16 - 2015-02-07 05:18 - 00001584 _____ () C:\Users\Benj\Desktop\BrCcBoot.exe.lnk
2015-02-07 05:06 - 2014-06-16 20:00 - 65187899 _____ (Macrovision Corporation) C:\Users\Benj\Downloads\ControlCenter4 Updater.exe
2015-02-07 05:05 - 2015-02-07 05:06 - 64084564 _____ (A.I.SOFT,INC.) C:\Users\Benj\Downloads\CC4updater_424201.EXE
2015-02-05 14:44 - 2015-02-05 14:44 - 00000197 _____ () C:\Windows\system32\2015-02-05-19-44-00.086-AvastVBoxSVC.exe-4228.log
2015-02-05 00:43 - 2015-02-05 00:46 - 09483904 _____ (A.I.SOFT,INC.) C:\Users\Benj\Downloads\Unconfirmed 111660.crdownload
2015-02-04 21:22 - 2015-02-04 21:22 - 00000302 _____ () C:\Users\Benj\Documents\amzn-txt.axx
2015-02-04 14:53 - 2015-02-04 14:53 - 00000197 _____ () C:\Windows\system32\2015-02-04-19-53-21.075-AvastVBoxSVC.exe-4020.log
2015-02-04 14:40 - 2015-02-13 01:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 14:40 - 2015-02-04 14:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Benj\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 14:40 - 2015-02-04 14:40 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 14:40 - 2015-02-04 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 14:40 - 2015-02-04 14:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-04 14:40 - 2015-02-04 14:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 14:40 - 2014-11-21 09:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 14:40 - 2014-11-21 09:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-04 14:40 - 2014-11-21 09:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-04 06:16 - 2015-02-04 06:16 - 00000197 _____ () C:\Windows\system32\2015-02-04-11-16-09.006-AvastVBoxSVC.exe-3788.log
2015-01-30 13:03 - 2015-01-30 13:26 - 00000021 _____ () C:\Users\Benj\Documents\blood.ca.txt
2015-01-29 18:04 - 2015-01-29 18:04 - 00018774 _____ () C:\Users\Benj\Downloads\chessmaster.rar.torrent
2015-01-29 17:36 - 2015-01-29 17:36 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-29 17:35 - 2015-01-29 17:35 - 00639400 _____ (Oracle Corporation) C:\Users\Benj\Downloads\chromeinstall-8u31.exe
2015-01-29 17:34 - 2015-01-29 17:34 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-29 17:34 - 2015-01-29 17:34 - 00000000 ____D () C:\Program Files\Java
2015-01-29 17:33 - 2015-01-29 17:34 - 93427112 _____ (Oracle Corporation) C:\Users\Benj\Downloads\jre-8u31-windows-x64.exe
2015-01-29 12:36 - 2015-01-29 13:08 - 00000000 ____D () C:\Users\Benj\Documents\Steph Resume
2015-01-28 11:44 - 2015-01-28 11:44 - 00000197 _____ () C:\Windows\system32\2015-01-28-16-44-03.072-AvastVBoxSVC.exe-3772.log
2015-01-27 15:11 - 2015-02-04 14:37 - 00008989 _____ () C:\Users\Benj\Documents\sushi owings.xlsx
2015-01-26 21:21 - 2015-01-26 21:21 - 00035146 _____ () C:\Users\Benj\Downloads\[kickass.so]accepted.2006.720p.brrip.x264.gsftx.torrent
2015-01-26 19:57 - 2015-01-26 20:05 - 00000122 ____H () C:\Users\Benj\Downloads\.picasa.ini
2015-01-24 04:21 - 2015-01-10 03:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-24 04:21 - 2015-01-10 03:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 02:00 - 2015-01-23 02:00 - 00000197 _____ () C:\Windows\system32\2015-01-23-07-00-30.085-AvastVBoxSVC.exe-3724.log
2015-01-22 17:40 - 2015-01-22 17:43 - 00000000 ____D () C:\Users\Benj\Documents\Gina Headshot
2015-01-22 00:16 - 2015-01-22 00:16 - 00000015 _____ () C:\Users\Benj\Documents\timtangtest.txt
2015-01-20 20:38 - 2015-01-20 20:38 - 00000136 _____ () C:\Users\Benj\Documents\parking advice from reynolds.txt
2015-01-19 19:20 - 2015-01-21 03:21 - 00131085 _____ () C:\Users\Benj\Documents\try.html
2015-01-19 19:20 - 2015-01-21 03:21 - 00000000 ____D () C:\Users\Benj\Documents\try_files
2015-01-19 04:42 - 2015-01-19 04:42 - 00573665 _____ () C:\Users\Benj\Downloads\temp.3gp
2015-01-18 16:08 - 2015-01-18 16:08 - 00000000 ____D () C:\Users\Benj\Desktop\Media
2015-01-18 16:08 - 2015-01-14 07:00 - 01126483 ____N () C:\Users\Benj\Desktop\msgstore-2015-01-15.1.db.crypt7
2015-01-18 16:06 - 2015-01-18 16:06 - 00000000 ____D () C:\Users\Benj\Documents\WhatsApp
2015-01-18 16:05 - 2015-01-18 16:05 - 00000000 ____D () C:\Users\Benj\Desktop\WhatsApp
2015-01-18 00:04 - 2015-01-18 00:04 - 00104562 _____ () C:\Users\Benj\Downloads\[kickass.so]the.hobbit.the.desolation.of.smaug.2013.bdrip.x264.sparks.torrent
2015-01-17 23:57 - 2015-01-17 23:57 - 00075125 _____ () C:\Users\Benj\Downloads\[kickass.so]the.hobbit.the.desolation.of.smaug.2013.extended.1080p.bluray.h2.torrent
2015-01-17 18:53 - 2015-01-17 18:53 - 00000197 _____ () C:\Windows\system32\2015-01-17-23-53-05.022-AvastVBoxSVC.exe-3740.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 02:33 - 2014-10-10 23:48 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\Skype
2015-02-16 02:18 - 2014-10-10 22:53 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 02:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-16 01:46 - 2014-12-13 19:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-16 01:01 - 2014-10-10 07:43 - 01761942 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 00:38 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-16 00:04 - 2014-10-10 23:00 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\ClassicShell
2015-02-15 23:33 - 2014-10-10 23:34 - 00000000 ____D () C:\Users\Benj\AppData\Local\Battle.net
2015-02-15 23:23 - 2014-10-10 23:34 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-15 14:46 - 2014-10-10 22:53 - 00000000 ___DO () C:\Users\Benj\OneDrive
2015-02-15 14:41 - 2014-10-10 22:53 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-14 20:37 - 2014-03-18 05:03 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-14 04:58 - 2014-10-11 16:41 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\vlc
2015-02-14 03:30 - 2014-10-10 23:00 - 00634880 ___SH () C:\Users\Benj\Downloads\Thumbs.db
2015-02-14 03:15 - 2014-12-13 19:23 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-14 03:14 - 2014-10-12 03:58 - 00000000 ____D () C:\Users\Benj\AppData\Local\Adobe
2015-02-13 14:29 - 2014-10-10 03:39 - 00000000 ____D () C:\Users\Benj\Documents\LSLAP
2015-02-13 12:42 - 2014-10-11 14:18 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\uTorrent
2015-02-13 06:33 - 2014-10-10 22:58 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3033371514-2614738754-950436685-1001
2015-02-13 04:39 - 2013-08-22 09:46 - 00082168 _____ () C:\Windows\setupact.log
2015-02-12 18:41 - 2014-08-11 19:36 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 18:03 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 17:58 - 2014-10-10 03:43 - 00012528 _____ () C:\Users\Benj\Documents\Amounts Owed.xlsx
2015-02-12 13:24 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-12 13:24 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-11 18:07 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-02-11 14:15 - 2013-08-22 09:44 - 00481208 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 06:55 - 2014-10-12 04:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 06:55 - 2014-10-10 23:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 06:53 - 2014-10-12 04:44 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 03:23 - 2014-08-11 19:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-10 12:12 - 2014-10-23 20:53 - 00054784 ___SH () C:\Users\Benj\Desktop\Thumbs.db
2015-02-08 15:08 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-08 00:15 - 2014-10-12 04:00 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-07 05:37 - 2014-12-03 04:34 - 00000092 _____ () C:\Windows\brpcfx.ini
2015-02-07 05:37 - 2014-12-03 04:33 - 00000000 ____D () C:\Program Files (x86)\Browny02
2015-02-07 05:37 - 2014-12-03 04:33 - 00000000 ____D () C:\Program Files (x86)\Brother
2015-02-07 05:36 - 2014-08-11 19:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-07 05:34 - 2014-03-18 04:54 - 00750366 _____ () C:\Windows\PFRO.log
2015-02-05 16:01 - 2014-08-11 19:30 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 16:01 - 2014-08-11 19:30 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 15:12 - 2014-12-18 00:11 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-02-05 14:07 - 2014-08-11 19:30 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 14:07 - 2014-08-11 19:30 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 14:07 - 2014-08-11 19:30 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 14:07 - 2014-08-11 19:30 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 14:07 - 2014-08-11 19:30 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 14:06 - 2014-08-11 19:30 - 01098384 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-02-05 14:06 - 2014-08-11 19:30 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 14:06 - 2014-08-11 19:30 - 00074896 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-02-05 07:50 - 2014-08-11 19:30 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-04 21:13 - 2014-10-10 22:53 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 21:13 - 2014-10-10 22:53 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 14:51 - 2014-04-29 13:50 - 00000000 ____D () C:\Windows\ko
2015-02-03 14:31 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 17:36 - 2014-10-22 20:51 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-29 14:15 - 2014-10-10 03:40 - 00000000 ____D () C:\Users\Benj\Documents\Tax Year 2014
2015-01-23 23:32 - 2014-11-17 20:18 - 00000000 ____D () C:\ProgramData\SofTest
2015-01-23 23:32 - 2014-11-17 20:18 - 00000000 ____D () C:\Program Files (x86)\Examsoft
2015-01-22 12:12 - 2014-11-03 22:31 - 00000000 ____D () C:\Users\Benj\AppData\Local\CrashDumps
2015-01-22 03:36 - 2014-10-10 03:39 - 00000000 ____D () C:\Users\Benj\Documents\Law School
2015-01-21 12:52 - 2014-10-23 04:38 - 00000000 ____D () C:\Users\Benj\Documents\Coupons
2015-01-19 19:14 - 2014-10-16 02:40 - 00000000 ____D () C:\Users\Benj\AppData\Roaming\Notepad++
 
Some content of TEMP:
====================
C:\Users\Benj\AppData\Local\Temp\avgnt.exe
C:\Users\Benj\AppData\Local\Temp\COMAP.EXE
C:\Users\Benj\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Benj\AppData\Local\Temp\Gw2.exe
C:\Users\Benj\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\Benj\AppData\Local\Temp\ose00000.exe
C:\Users\Benj\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Benj\AppData\Local\Temp\_is9459.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-06 15:39
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Benj at 2015-02-16 02:36:02
Running from C:\Users\Benj\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3033371514-2614738754-950436685-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.624 - Avira)
AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version: 1.7.3156.0 - Axantum Software AB)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boot Configure (HKLM-x32\...\{AB72B3BB-A389-4F62-86EE-C08326B4BE60}) (Version: 20.014.05233 - Micro-Star International Co., Ltd.)
Brother MFL-Pro Suite MFC-L2700DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1402.2601 - )
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1402.1001 - Application)
Dragon Gaming Center (x32 Version: 1.0.1402.1001 - Application) Hidden
ETDWare PS/2-X64 11.13.4.4_WHQL (HKLM\...\Elantech) (Version: 11.13.4.4 - ELAN Microelectronic Corp.)
Evoland (HKLM-x32\...\Steam App 233470) (Version: - Shiro Games)
f.lux (HKU\S-1-5-21-3033371514-2614738754-950436685-1001\...\Flux) (Version: - )
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
FTL - Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.3.0.13 - GOG.com)
Galeria de Fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Gods Will Be Watching (HKU\S-1-5-21-3033371514-2614738754-950436685-1001\...\Gods Will Be Watching) (Version: - )
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hack, Slash, Loot (HKLM-x32\...\Steam App 207430) (Version: - David Williamson)
Haskell Platform 2014.2.0.0 (HKLM\...\HaskellPlatform-2014.2.0.0) (Version: - Haskell.org)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Intellex Player (HKLM-x32\...\{68E9A0DF-ED47-11D5-A3F2-00A0CC5DF8D2}) (Version: 4.0 - Sensormatic-VPD)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
MAGIX MX Suite (HKLM-x32\...\MAGIX_{43136332-880B-458A-966C-900C18752B66}) (Version: 1.13.0.121 - MAGIX AG)
MAGIX MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.41.17507 - pdfforge GmbH)
PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{DD21E907-9A2A-44B8-A12E-13691E166664}) (Version: 1.0.30.1003 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Quest for Infamy (HKLM-x32\...\Quest for Infamy) (Version: - Infamous Quests)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21242 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)
Rochard (HKLM-x32\...\Recoil Games Rochard) (Version: 1.42 - Recoil Games)
SCM (HKLM\...\{6692DCAF-A445-4C6B-AF31-3DD85FC06FBA}) (Version: 13.014.01026 - Application)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SofTest v11 (HKLM-x32\...\InstallShield_{DC1A3EFD-5E5C-4AAF-8218-53AB1ABC0481}) (Version: 11.11.10 - Examsoft)
SofTest v11 (x32 Version: 11.11.10 - Examsoft) Hidden
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
The Incredible Machine Series (HKLM-x32\...\GOGPACKTIMPACK_is1) (Version: 2.0.0.20 - GOG.com)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Sims 3 Complete Collection version 1.67.2 (HKLM-x32\...\The Sims 3 Complete Collection_is1) (Version: 1.67.2 - Mr DJ)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 2.4.0.0 - Manuel Hoefs (Zottel))
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Wing Commander 1 and 2 (HKLM-x32\...\GOGPACKWINGCOMMANDER12_is1) (Version: 2.0.0.18 - GOG.com)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
YOU DON'T KNOW JACK V1 XL (HKLM-x32\...\YOU DON'T KNOW JACK V1 XL 1.1.0) (Version: 1.1.0 - JackboxGames)
YOU DON'T KNOW JACK V1 XL (x32 Version: 1.1.0 - JackboxGames) Hidden
YOU DON'T KNOW JACK V2 (HKLM-x32\...\YOU DON'T KNOW JACK V2 1.2.0) (Version: 1.2.0 - JackboxGames)
YOU DON'T KNOW JACK V2 (x32 Version: 1.2.0 - JackboxGames) Hidden
フォト ギャラリー (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
معرض الصور (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
사진 갤러리 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3033371514-2614738754-950436685-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

15-02-2015 23:29:17 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08B07AC5-3E92-4759-9524-08ECF953BDF7} - System32\Tasks\MSI_Reminder => C:\Program Files (x86)\MSI\MSI Remind Manager\MSI Reminder.exe
Task: {1174C68E-4139-44A5-8F7E-DFB6D7721850} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-23] (TODO: <公司名稱>)
Task: {1472E950-4A71-4CAE-B1F9-AFADAD250B7A} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {4ABAE7A4-10AF-476D-BF88-90D4E11164B0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
Task: {758229E2-0718-4392-8192-7CF47661BE03} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {7E90F246-73EF-44DA-BDC1-A45885976E3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
Task: {869988B4-B982-4368-9D34-CA81DA17B23A} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {BE6A4263-B89D-4032-B330-E207C3E40398} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-14] (Adobe Systems Incorporated)
Task: {DF8C0BDA-8723-442B-B2F9-E6B28A3A5AFB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-12-03 04:33 - 2005-04-21 23:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2014-08-11 19:30 - 2015-02-05 14:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-11 19:45 - 2012-11-01 13:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-08-11 19:45 - 2012-11-01 13:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2015-01-21 01:35 - 2015-01-21 01:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-21 01:35 - 2015-01-21 01:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-22 12:44 - 2014-01-22 12:44 - 00075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll
2013-05-23 11:15 - 2013-05-23 11:15 - 00025600 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\CoreAudioApi.dll
2013-08-08 16:35 - 2013-08-08 16:35 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-04-02 16:33 - 2014-04-02 16:33 - 00904704 _____ () C:\Program Files (x86)\Examsoft\Softest 11.0\System.Data.SQLite.dll
2015-02-07 05:36 - 2009-02-27 19:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-08-11 19:31 - 2013-08-08 15:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-02-05 22:18 - 2015-02-04 04:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-05 22:18 - 2015-02-04 04:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-05 22:18 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-05 22:18 - 2015-02-04 04:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
2013-07-10 20:07 - 2013-07-10 20:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Benj\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3033371514-2614738754-950436685-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Benj\Downloads\BooBoo\1920x1080_mushroom-mario-wallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

==================== Accounts: =============================

Administrator (S-1-5-21-3033371514-2614738754-950436685-500 - Administrator - Disabled)
Benj (S-1-5-21-3033371514-2614738754-950436685-1001 - Administrator - Enabled) => C:\Users\Benj
Guest (S-1-5-21-3033371514-2614738754-950436685-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3033371514-2614738754-950436685-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2015 11:29:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

System Error:
The system cannot find the file specified.
.

Error: (02/15/2015 11:29:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.
.

Error: (02/15/2015 11:29:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

System Error:
The system cannot find the file specified.
.

Error: (02/15/2015 11:29:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Revert.

System Error:
The system cannot find the file specified.
.

Error: (02/15/2015 11:29:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary aswRdr.

System Error:
The system cannot find the file specified.
.

Error: (02/15/2015 11:29:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.

System Error:
The system cannot find the file specified.
.

Error: (02/15/2015 03:01:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9578

Error: (02/15/2015 03:01:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9578

Error: (02/15/2015 03:01:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/15/2015 03:01:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5109


System errors:
=============
Error: (02/15/2015 11:46:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070241: Microsoft.Adera.

Error: (02/15/2015 11:46:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070241: Microsoft.MicrosoftSolitaireCollection.

Error: (02/15/2015 11:46:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070241: 1430GreenfieldTechnologie.PuzzleTouch.

Error: (02/15/2015 11:46:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070241: Microsoft.Studios.Wordament.

Error: (02/15/2015 11:46:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070241: Microsoft.Studios.PinballFx2.

Error: (02/15/2015 11:46:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070241: Microsoft.Taptiles.

Error: (02/15/2015 11:46:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070241: Microsoft.MicrosoftMahjong.

Error: (02/15/2015 11:29:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070241: Microsoft.Taptiles.

Error: (02/15/2015 11:28:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070241: Microsoft.MicrosoftMahjong.

Error: (02/15/2015 11:11:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070241: Microsoft.Adera.


Microsoft Office Sessions:
=========================
Error: (11/19/2014 00:50:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6707.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 679 seconds with 300 seconds of active time. This session ended with a crash.

Error: (11/19/2014 00:38:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6707.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1356 seconds with 1080 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-02-15 23:46:41.164
Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\uxtheme.dll that did not meet the Windows signing level requirements.

Date: 2015-02-15 23:46:38.865
Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\uxtheme.dll that did not meet the Windows signing level requirements.

Date: 2015-02-15 23:46:36.574
Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\uxtheme.dll that did not meet the Windows signing level requirements.

Date: 2015-02-15 23:46:34.285
Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\uxtheme.dll that did not meet the Windows signing level requirements.

Date: 2015-02-15 23:46:31.980
Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\uxtheme.dll that did not meet the Windows signing level requirements.

Date: 2015-02-15 23:46:29.651
Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\uxtheme.dll that did not meet the Windows signing level requirements.

Date: 2015-02-15 23:46:27.260
Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\uxtheme.dll that did not meet the Windows signing level requirements.

Date: 2015-02-15 23:28:57.679
Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\uxtheme.dll that did not meet the Windows signing level requirements.

Date: 2015-02-15 23:28:55.366
Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\uxtheme.dll that did not meet the Windows signing level requirements.

Date: 2015-02-15 23:11:42.820
Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\uxtheme.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 43%
Total physical RAM: 8109.36 MB
Available physical RAM: 4557.33 MB
Total Pagefile: 9389.36 MB
Available Pagefile: 4813.75 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (MeepMeep) (Fixed) (Total:207.19 GB) (Free:86.75 GB) NTFS
Drive d: (Tortoise) (Fixed) (Total:915.12 GB) (Free:674.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 436D0C72)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 32D4637B)

Partition: GPT Partition Type.

==================== End Of Log ============================

Attached Files


Edited by Oh My!, 19 February 2015 - 10:23 PM.
Posted Addition.txt


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:13 AM

Posted 19 February 2015 - 10:28 PM

Greetings bdmi and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please Review, consider and run the below for me.

Can you tell me if you are familiar with these downloads:
 

2015-02-14 03:46 - 2015-02-14 03:46 - 00152298 _____ () C:\Users\Benj\Downloads\mod06_e01.swf
2015-02-14 03:41 - 2015-02-14 03:41 - 00166398 _____ () C:\Users\Benj\Downloads\mod05_e06b.swf
2015-02-14 03:41 - 2015-02-14 03:41 - 00150334 _____ () C:\Users\Benj\Downloads\mod05_e06a.swf
2015-02-14 03:34 - 2015-02-14 03:34 - 00437246 _____ () C:\Users\Benj\Downloads\mod04_e11-1.swf
2015-02-14 03:33 - 2015-02-14 03:33 - 00029911 _____ () C:\Users\Benj\Downloads\mod04_e10_consider.swf
2015-02-14 03:32 - 2015-02-14 03:32 - 00278923 _____ () C:\Users\Benj\Downloads\mod04_e10.swf
2015-02-14 03:30 - 2015-02-14 03:30 - 00309407 _____ () C:\Users\Benj\Downloads\mod04_e01.swf
2015-02-14 03:26 - 2015-02-14 03:26 - 00656651 _____ () C:\Users\Benj\Downloads\mod03_e16.swf
2015-02-14 03:19 - 2015-02-14 03:19 - 00197625 _____ () C:\Users\Benj\Downloads\mod03_e01.swf
2015-02-14 03:15 - 2015-02-14 03:15 - 03268846 _____ () C:\Users\Benj\Downloads\mod02_e01.swf
2015-02-14 03:13 - 2015-02-14 03:13 - 00013956 _____ () C:\Users\Benj\Downloads\mod01_e05.swf
2015-02-14 03:11 - 2015-02-14 03:11 - 00375445 _____ () C:\Users\Benj\Downloads\mod01_e01.swf


===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
C:\Users\Benj\AppData\Local\Temp\avgnt.exe
C:\Users\Benj\AppData\Local\Temp\COMAP.EXE
C:\Users\Benj\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Benj\AppData\Local\Temp\Gw2.exe
C:\Users\Benj\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\Benj\AppData\Local\Temp\ose00000.exe
C:\Users\Benj\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Benj\AppData\Local\Temp\_is9459.exe
File: C:\Windows\System32\uxtheme.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize downloads?
  • Fixlog
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 bdmi

bdmi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 19 February 2015 - 10:47 PM

NOTE: Yesterday I went to Task Manager -> Startup and disabled InstallShield by Flexera Software LLC. Was this a bad idea? Should I re-enable it?

 

1) Yes, I recognize these downloads, they're shockwave files from an educational module I completed last week.

 

 

 

2) Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01

Ran by Benj at 2015-02-19 22:37:33 Run:1
Running from C:\Users\Benj\Desktop
Loaded Profiles: Benj (Available profiles: Benj)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
C:\Users\Benj\AppData\Local\Temp\avgnt.exe
C:\Users\Benj\AppData\Local\Temp\COMAP.EXE
C:\Users\Benj\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Benj\AppData\Local\Temp\Gw2.exe
C:\Users\Benj\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\Benj\AppData\Local\Temp\ose00000.exe
C:\Users\Benj\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Benj\AppData\Local\Temp\_is9459.exe
File: C:\Windows\System32\uxtheme.dll
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. 
C:\Users\Benj\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\Benj\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\Benj\AppData\Local\Temp\drm_dyndata_7400009.dll => Moved successfully.
C:\Users\Benj\AppData\Local\Temp\Gw2.exe => Moved successfully.
C:\Users\Benj\AppData\Local\Temp\npp.6.7.4.Installer.exe => Moved successfully.
C:\Users\Benj\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Benj\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
C:\Users\Benj\AppData\Local\Temp\_is9459.exe => Moved successfully.
 
========================= File: C:\Windows\System32\uxtheme.dll ========================
 
MD5: 5C7CC27943B62DFC013DEF22C5C50923
Creation and modification date: 2014-03-18 05:13 - 2014-10-10 23:02
Size: 1163264
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: UxTheme.dll
Original Name: UxTheme.dll.mui
Product Name: Microsoft® Windows® Operating System
Description: Microsoft UxTheme Library
File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
Product Version: 6.3.9600.16384
Copyright: © Microsoft Corporation. All rights reserved.
 
====== End Of File: ======
 
 
==== End of Fixlog 22:37:35 ====
 
 
3) See Summary Attached
 
 
4) I don't know if there's any improvement. Amazon hasn't told me my account was compromised again, but that doesn't mean anything. The internet issues are still happening.
 
Thank you for your help!

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:13 AM

Posted 19 February 2015 - 11:22 PM

Thank you,

Please do this.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List devices >>(Problem only)<<

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Result.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 bdmi

bdmi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 19 February 2015 - 11:59 PM

I did what you ask, though note I'm using Chrome exclusively, not firefox.

 

--

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Benj (administrator) on 19-02-2015 at 23:59:01
Running from "C:\Users\Benj\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-AC 3160 = Wi-Fi 2 (Connected)
Killer e2200 Gigabit Ethernet Controller (NDIS 6.30) = Ethernet 2 (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Enterprise-D
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway.2wire.net
 
Ethernet adapter Bluetooth Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
   Physical Address. . . . . . . . . : 30-3A-64-83-10-7F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 4:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : 30-3A-64-83-10-7C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi 2:
 
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3160 #2
   Physical Address. . . . . . . . . : 30-3A-64-83-10-7B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8145:77ae:2d1:a1b4%8(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.2.27(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : February 19, 2015 4:11:38 AM
   Lease Expires . . . . . . . . . . : February 22, 2015 11:57:18 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 137378404
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-C9-8D-73-44-8A-5B-41-95-87
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Killer e2200 Gigabit Ethernet Controller (NDIS 6.30) #2
   Physical Address. . . . . . . . . : 44-8A-5B-EC-DF-4C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.gateway.2wire.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:30cd:224c:b3bd:96ac(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::30cd:224c:b3bd:96ac%12(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 486539264
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-C9-8D-73-44-8A-5B-41-95-87
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  resolver1.opendns.com
Address:  208.67.222.222
 
Name:    google.com
Addresses:  2607:f8b0:400b:806::1005
 173.194.43.67
 173.194.43.71
 173.194.43.68
 173.194.43.64
 173.194.43.70
 173.194.43.78
 173.194.43.65
 173.194.43.66
 173.194.43.72
 173.194.43.69
 173.194.43.73
 
 
Pinging google.com [173.194.43.65] with 32 bytes of data:
Reply from 173.194.43.65: bytes=32 time=20ms TTL=54
Reply from 173.194.43.65: bytes=32 time=18ms TTL=54
 
Ping statistics for 173.194.43.65:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 20ms, Average = 19ms
Server:  resolver1.opendns.com
Address:  208.67.222.222
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=45ms TTL=50
Reply from 98.139.183.24: bytes=32 time=51ms TTL=50
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 45ms, Maximum = 51ms, Average = 48ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...30 3a 64 83 10 7f ......Bluetooth Device (Personal Area Network) #2
  9...30 3a 64 83 10 7c ......Microsoft Wi-Fi Direct Virtual Adapter #2
  8...30 3a 64 83 10 7b ......Intel® Dual Band Wireless-AC 3160 #2
  7...44 8a 5b ec df 4c ......Killer e2200 Gigabit Ethernet Controller (NDIS 6.30) #2
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.27     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link      192.168.2.27    281
     192.168.2.27  255.255.255.255         On-link      192.168.2.27    281
    192.168.2.255  255.255.255.255         On-link      192.168.2.27    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.2.27    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.2.27    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 12    306 2001::/32                On-link
 12    306 2001:0:9d38:6ab8:30cd:224c:b3bd:96ac/128
                                    On-link
  8    281 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::30cd:224c:b3bd:96ac/128
                                    On-link
  8    281 fe80::8145:77ae:2d1:a1b4/128
                                    On-link
  1    306 ff00::/8                 On-link
  8    281 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
 
========================= Devices: ================================
 
 
**** End of log ****


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:13 AM

Posted 20 February 2015 - 09:36 AM

Thank you.

I am not seeing anything of concern. Are you still experiencing the intermittent Internet disconnect?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 bdmi

bdmi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 22 February 2015 - 05:20 AM

The performance issues seem to be gone. I was worried about how they got access to my account, if it was from a keylogger or something. If you say my computer is clean then I'm greatly relieved! Thank you :)



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:13 AM

Posted 22 February 2015 - 09:29 AM

Greetings,

Things are looking good but I would like to run 2 more programs.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 bdmi

bdmi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 22 February 2015 - 01:16 PM

Hello again!

 

Full disclosure: I know I wasn't supposed to change anything before you gave me the all clear, but I thought we were done so I installed Comodo Firewall when I realized that Windows Firewall wouldn't allow me to block unapproved outgoing connections (and since I was worried about a keylogger...)

 

 

While ESET was running, Avira did this:
 
C:\Users\Benj\Downloads\paganitz_downloader_I4Fu2JSKl.exe contains recognition pattern of the APPL/Somoto.Gen application.
Action: Move to quarantine.
 
ESET Report:
 
C:\Users\Benj\Documents\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined
 
---
 
Security Check Log
 

 Results of screen317's Security Check version 0.99.96  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Avira Desktop      
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Comodo Firewall cmdagent.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

---

 

The system is running great, I haven't seen any internet connectivity or other issues yet :)



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:13 AM

Posted 22 February 2015 - 02:27 PM

No problem installing the firewall. It looks like you are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:13 AM

Posted 23 February 2015 - 09:11 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users