Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting BSOD and Computer freezes


  • This topic is locked This topic is locked
20 replies to this topic

#1 Trevor1971

Trevor1971

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:12:50 PM

Posted 14 February 2015 - 04:48 PM

I have Windows 7 SP1 Ultimate.  I've ran Malwarebytes, chkdsk /f that repaired some errors, and I still think I am infected by some Chrome variant.  I have attached my FRST log and Addition text.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by THeistand (administrator) on NOTEBOOK on 14-02-2015 16:32:59
Running from C:\Users\THeistand\Desktop
Loaded Profiles: THeistand & DefaultAppPool (Available profiles: THeistand & DefaultAppPool)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Waterfox)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Dropbox, Inc.) C:\Users\THeistand\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1689576 2015-02-10] (Bitdefender)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-10] (Bitdefender)
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SystweakDisabled ()
Startup: C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\THeistand\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * ꖤ眡

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> {44195518-8F0D-4714-A59F-884DCF917F66} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> {5F647541-E072-4470-9E5D-62EFAE980689} URL = http://www.youtube.com/results?search_query={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {f16bb5f5-9e65-4f71-85d5-10f7bcfd4568} ->  No File
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> No Name - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} -  No File
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://www.pcpitstop.com/nirvana/controls/pcmatic.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: AutorunsDisabled - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057
FF DefaultSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-288039168-2513596968-2444979690-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\THeistand\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\searchplugins\java-api.xml
FF Extension: Flashblock - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-15]
FF Extension: EPUBReader - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-10]
FF Extension: FireFTP - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-15]
FF Extension: Show Password Field - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\ShowPasswordField@danilo.treffiletti.it.xpi [2015-01-16]
FF Extension: FastestFox - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\smarterwiki@wikiatic.com.xpi [2015-01-11]
FF Extension: عارض PDF - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\uriloader@pdf.js.xpi [2014-12-02]
FF Extension: YesScript - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\yesscript@userstyles.org.xpi [2014-12-15]
FF Extension: NoScript - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-11]
FF Extension: QuickJava - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-01-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-09-24]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-12-03]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-08-13]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-12-03]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - No Path
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-17] (Bitdefender)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
S4 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
S4 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S4 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
S4 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-03] (Electronic Arts)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-02-12] (Bitdefender)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-10] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-10] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-10] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-10] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-10] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2014-12-17] (BitDefender LLC)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-18] ()
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.) [File not signed]
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-11-23] (CACE Technologies, Inc.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-16] (EldoS Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 16:32 - 2015-02-14 16:33 - 00024334 _____ () C:\Users\THeistand\Desktop\FRST.txt
2015-02-14 15:05 - 2015-02-14 15:05 - 344516414 _____ () C:\Users\THeistand\Desktop\2-14-15.reg
2015-02-14 13:18 - 2015-02-14 13:18 - 02134528 _____ (Farbar) C:\Users\THeistand\Desktop\FRST64.exe
2015-02-14 12:04 - 2015-02-14 12:09 - 28251240 _____ (GZ Systems) C:\Users\THeistand\Downloads\OliveBundle.exe
2015-02-12 22:26 - 2015-02-13 02:50 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\CrashDumps
2015-02-12 10:52 - 2015-02-12 10:52 - 00048277 _____ () C:\Users\THeistand\Documents\Accounts 02-21-15.xlsx
2015-02-12 10:45 - 2015-02-12 10:46 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\New folder
2015-02-11 17:50 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 17:50 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 17:50 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 17:50 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 17:50 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 17:50 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 17:50 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 17:50 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 17:50 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 17:50 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 17:50 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 17:50 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 17:50 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 17:50 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 17:50 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 17:50 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 17:50 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 17:50 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 17:50 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 17:50 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 17:49 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 17:49 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 17:49 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 17:49 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 17:48 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 17:48 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 17:47 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 17:47 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 17:47 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 17:47 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 17:47 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 17:47 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 17:47 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 17:47 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 04:46 - 2015-02-11 04:46 - 00000000 __SHD () C:\found.000
2015-02-10 23:15 - 2015-02-14 16:33 - 00000000 ____D () C:\FRST
2015-02-10 23:15 - 2015-02-14 13:53 - 00000000 ____D () C:\Users\THeistand\Desktop\New folder
2015-02-10 20:23 - 2015-02-10 22:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-10 20:22 - 2015-02-10 20:22 - 00000000 ____D () C:\Users\THeistand\Desktop\MB anti rootkits
2015-02-10 15:55 - 2015-02-10 15:55 - 00001009 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-10 08:26 - 2015-02-10 08:26 - 00677104 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-02-10 08:26 - 2015-02-10 08:26 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-02-09 23:09 - 2015-02-09 23:09 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2015-02-09 21:13 - 2015-02-09 21:13 - 00000000 ____D () C:\Program Files\Reason
2015-02-09 21:03 - 2015-02-09 21:03 - 00003276 _____ () C:\Windows\System32\Tasks\{A2228571-3E55-4AF5-8F81-FEEBF175B44E}
2015-02-09 20:03 - 2015-02-11 04:35 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-02-09 13:39 - 2015-02-09 13:39 - 00000000 ____D () C:\Users\THeistand\Downloads\Acer Aspire 7551 repair and upgrade
2015-02-08 20:51 - 2015-02-08 20:51 - 00000000 ____D () C:\Users\THeistand\Documents\Fax
2015-02-07 15:28 - 2015-02-07 15:28 - 00059775 _____ () C:\Users\THeistand\Desktop\RESTORES.xlsx
2015-02-06 13:59 - 2015-02-14 15:25 - 01549951 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 13:59 - 2015-02-14 15:19 - 00001624 _____ () C:\Windows\setupact.log
2015-02-06 13:59 - 2015-02-06 13:59 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 13:58 - 2015-02-14 12:49 - 00086620 _____ () C:\Windows\PFRO.log
2015-02-06 13:58 - 2015-02-11 18:17 - 00503480 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-05 18:15 - 2015-02-05 18:15 - 00136912 _____ () C:\Users\THeistand\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-05 10:32 - 2015-02-05 10:32 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Abelssoft
2015-02-05 10:31 - 2015-02-09 18:44 - 00000000 ____D () C:\Program Files (x86)\WashAndGo
2015-02-05 10:03 - 2015-02-14 15:41 - 00004972 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for NOTEBOOK-THeistand notebook
2015-02-05 09:14 - 2015-02-05 09:14 - 00171127 _____ () C:\Users\THeistand\Desktop\Acer Laptop Configurations.pptx
2015-02-05 09:09 - 2015-02-05 09:09 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2015-02-05 09:09 - 2015-02-05 09:09 - 00000000 ____D () C:\Users\THeistand\AppData\Local\eSupport.com
2015-02-05 09:08 - 2015-02-05 09:08 - 00079781 _____ () C:\Users\THeistand\Desktop\NOTEBOOK.html
2015-02-03 06:37 - 2015-02-03 06:37 - 00000000 ____D () C:\Users\THeistand\Desktop\Contents old epic4g 2-3-15
2015-02-01 23:30 - 2015-02-01 23:30 - 00000801 _____ () C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-24 10:06 - 2015-02-14 12:34 - 00048371 _____ () C:\Users\THeistand\Documents\Accounts 01-24-15.xlsx
2015-01-24 07:22 - 2015-01-24 07:22 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Apps\2.0
2015-01-24 04:39 - 2015-01-24 04:39 - 00000095 _____ () C:\Users\THeistand\Documents\debug.log
2015-01-19 21:41 - 2015-01-19 21:41 - 00001483 _____ () C:\Users\THeistand\Desktop\15 minute beef stroganoff.doc.lnk
2015-01-18 21:38 - 2015-01-18 21:39 - 00000000 ____D () C:\Users\THeistand\Downloads\Arduino
2015-01-18 15:00 - 2015-01-18 15:00 - 00001932 _____ () C:\Windows\system32\.crusader
2015-01-18 13:34 - 2015-01-18 15:03 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-18 13:33 - 2015-01-18 15:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-18 13:10 - 2012-06-01 00:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2015-01-18 13:10 - 2012-06-01 00:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2015-01-18 13:10 - 2012-06-01 00:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2015-01-18 13:10 - 2012-06-01 00:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2015-01-18 13:10 - 2012-06-01 00:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2015-01-18 13:10 - 2012-06-01 00:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2015-01-18 13:10 - 2012-05-31 23:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2015-01-18 13:10 - 2012-05-31 23:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2015-01-18 13:10 - 2012-05-31 23:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2015-01-18 13:10 - 2012-05-31 23:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2015-01-18 13:10 - 2012-05-31 23:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2015-01-18 13:10 - 2012-05-31 23:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2015-01-18 12:57 - 2015-02-14 01:32 - 00000000 ____D () C:\Users\DefaultAppPool
2015-01-18 12:57 - 2014-12-06 03:29 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2015-01-18 12:57 - 2013-03-25 17:04 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Google
2015-01-18 12:57 - 2011-04-14 15:48 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-18 12:57 - 2011-04-14 15:48 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-18 12:57 - 2011-04-14 14:20 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Downloaded Installations
2015-01-18 12:57 - 2011-04-14 13:59 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2015-01-18 12:57 - 2010-11-20 21:51 - 00001449 _____ () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-18 12:57 - 2010-11-20 21:51 - 00001415 _____ () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-18 12:57 - 2010-11-20 21:50 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini
2015-01-18 08:19 - 2015-01-18 08:19 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2015-01-18 08:19 - 2015-01-18 08:19 - 00000000 ____D () C:\Windows\system32\BestPractices
2015-01-18 08:19 - 2015-01-18 08:19 - 00000000 ____D () C:\inetpub
2015-01-18 02:35 - 2015-01-18 02:35 - 128639736 _____ (Microsoft Corporation) C:\Users\THeistand\Downloads\msert.exe
2015-01-17 15:36 - 2015-01-17 15:36 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-17 15:28 - 2015-01-17 15:28 - 00001043 _____ () C:\Users\THeistand\Desktop\TJ and Ashley documents.lnk
2015-01-17 15:10 - 2015-01-28 15:51 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Adobe
2015-01-17 15:10 - 2015-01-17 15:36 - 00000000 ____D () C:\ProgramData\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 16:32 - 2013-12-22 10:09 - 02562560 ___SH () C:\Users\THeistand\Desktop\Thumbs.db
2015-02-14 16:25 - 2011-09-26 12:09 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-14 15:44 - 2012-03-31 09:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-14 15:24 - 2009-07-13 23:45 - 00041824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-14 15:24 - 2009-07-13 23:45 - 00041824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-14 15:21 - 2013-08-11 12:41 - 00000000 ___RD () C:\Users\THeistand\Dropbox
2015-02-14 15:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-02-14 15:20 - 2013-08-11 12:28 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Dropbox
2015-02-14 15:19 - 2014-11-21 02:19 - 00000488 ____H () C:\Windows\Tasks\BrickFixer-S-2168547716.job
2015-02-14 15:19 - 2011-09-26 12:09 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-14 15:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-14 14:16 - 2014-02-21 17:23 - 00000000 ____D () C:\Users\THeistand\Documents\Divorce & Police Records
2015-02-14 14:14 - 2013-01-21 13:21 - 00000000 ____D () C:\Users\THeistand\Documents\Ashleigh
2015-02-14 14:14 - 2012-03-07 06:09 - 00000000 ___HD () C:\Users\THeistand\Documents\Trevor File Cabinet
2015-02-14 14:07 - 2014-10-31 01:33 - 00000000 ____D () C:\Users\THeistand\Documents\DHS
2015-02-14 13:12 - 2011-09-29 12:59 - 00000000 ____D () C:\Program Files\Google
2015-02-14 13:12 - 2011-09-26 12:09 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-14 13:11 - 2011-09-26 12:09 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Google
2015-02-14 13:02 - 2014-10-20 07:36 - 00000000 ____D () C:\Users\THeistand\Downloads\pcdmis
2015-02-14 12:50 - 2014-08-15 21:02 - 00000000 ____D () C:\Users\THeistand\AppData\Local\NETGEARGenie
2015-02-14 12:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-14 12:10 - 2014-12-08 21:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-14 10:57 - 2014-06-06 22:48 - 00000000 ____D () C:\Users\THeistand\Downloads\QUALITY ENGINEERING MANUALS
2015-02-14 04:58 - 2009-07-14 00:13 - 00917758 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-14 03:31 - 2014-12-05 14:11 - 00000000 ____D () C:\Users\THeistand\AppData\Local\CrashDumps
2015-02-13 21:30 - 2009-07-14 00:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-13 19:39 - 2013-08-13 19:51 - 00002485 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-02-13 19:39 - 2013-08-13 19:51 - 00002194 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-02-13 19:39 - 2013-08-13 19:51 - 00002015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-02-13 11:23 - 2013-08-11 12:36 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 11:23 - 2011-11-10 23:25 - 00001150 _____ () C:\Windows\wininit.ini
2015-02-13 02:54 - 2011-09-10 23:23 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-12 12:08 - 2014-11-28 09:30 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Adobe
2015-02-12 12:06 - 2012-03-31 09:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-12 12:06 - 2012-03-31 09:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-12 12:06 - 2011-09-11 14:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-12 07:57 - 2014-12-02 17:12 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-12 07:56 - 2012-02-26 08:55 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-12 00:00 - 2014-11-27 00:22 - 00000740 _____ () C:\Windows\Tasks\Scheduled scanning task.job
2015-02-11 23:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 20:55 - 2014-02-17 23:37 - 00000000 ____D () C:\Program Files\PeerBlock
2015-02-11 18:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 18:11 - 2014-12-05 06:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-11 18:10 - 2011-12-02 07:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 18:02 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini
2015-02-11 17:56 - 2013-08-08 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 17:56 - 2011-09-10 18:28 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 05:47 - 2011-10-06 14:55 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\TeamViewer
2015-02-11 04:37 - 2011-10-29 03:49 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-10 20:23 - 2012-08-28 00:03 - 00007632 _____ () C:\Users\THeistand\AppData\Local\Resmon.ResmonCfg
2015-02-10 14:41 - 2011-12-23 14:51 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Abelssoft
2015-02-10 14:33 - 2013-01-13 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-10 14:20 - 2011-09-26 12:09 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-10 14:20 - 2011-09-26 12:09 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-10 14:09 - 2014-03-05 18:34 - 00117760 ___SH () C:\Users\THeistand\Thumbs.db
2015-02-10 11:36 - 2015-01-12 14:37 - 00048996 _____ () C:\Users\THeistand\Documents\Accounts (Autosaved) (Autosaved).xlsx
2015-02-10 08:26 - 2014-12-03 08:05 - 01306464 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-02-10 08:26 - 2014-12-03 08:05 - 00262544 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-02-10 08:26 - 2014-12-03 08:05 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-02-10 08:26 - 2013-11-15 05:45 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2015-02-10 08:26 - 2013-11-15 05:45 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2015-02-09 22:45 - 2014-11-21 02:17 - 00000000 ____D () C:\ProgramData\pfiohalhahjflndlajfcklpjbhadaijg
2015-02-09 21:01 - 2011-04-14 14:06 - 00000000 ____D () C:\Program Files (x86)\NewTech Infosystems
2015-02-09 20:54 - 2011-04-14 14:17 - 00000000 ___HD () C:\OEM
2015-02-09 19:18 - 2014-02-26 22:17 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-02-08 20:51 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-08 14:20 - 2011-08-31 20:58 - 00000000 ____D () C:\Users\THeistand
2015-02-07 15:32 - 2011-11-27 19:41 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-02-07 03:07 - 2015-01-03 16:13 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2015-02-05 11:26 - 2014-12-29 05:27 - 00000000 ____D () C:\ProgramData\Atheros
2015-02-05 11:26 - 2013-11-16 20:01 - 00000000 ____D () C:\Users\THeistand\AppData\Temp
2015-02-05 11:26 - 2013-08-30 23:39 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-02-05 11:26 - 2013-01-19 08:56 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\XnView
2015-02-05 11:26 - 2012-08-15 11:08 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Vso
2015-02-05 11:24 - 2012-02-19 14:28 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-02-05 11:24 - 2012-01-02 23:11 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Skype
2015-02-05 10:34 - 2013-09-21 16:43 - 00000000 ____D () C:\Users\THeistand\Documents\Outlook Files
2015-02-04 20:58 - 2014-12-24 16:34 - 00000000 ____D () C:\Users\THeistand\Desktop\Divorce Files
2015-02-04 20:38 - 2012-12-19 16:36 - 00060794 _____ () C:\ProgramData\lxeascan.log
2015-02-02 08:19 - 2012-06-13 16:24 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\uTorrent
2015-02-01 09:48 - 2011-12-16 09:01 - 00000000 ____D () C:\Users\THeistand\Documents\Quicken
2015-01-29 22:36 - 2012-02-24 17:48 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\vlc
2015-01-28 14:21 - 2012-10-08 07:49 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-28 14:11 - 2011-06-08 15:24 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-01-28 13:43 - 2015-01-12 01:07 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-28 13:43 - 2012-01-04 03:19 - 00000000 ____D () C:\Program Files\Java
2015-01-27 16:46 - 2014-02-14 01:58 - 00101888 ___SH () C:\Users\THeistand\Documents\Thumbs.db
2015-01-27 16:44 - 2014-04-16 04:48 - 00000000 ____D () C:\Users\THeistand\Documents\Matthew
2015-01-27 16:42 - 2014-02-21 17:21 - 00000000 ____D () C:\Users\THeistand\Documents\Michelle
2015-01-27 06:29 - 2014-10-31 01:14 - 00000000 ____D () C:\Users\THeistand\Documents\Income Taxes 2006-2014
2015-01-26 09:27 - 2011-10-28 00:50 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Cyberlink
2015-01-26 06:29 - 2014-11-04 07:54 - 00036604 _____ () C:\Users\THeistand\Desktop\Parkwood Expenses from Credit Union.xlsx
2015-01-24 12:48 - 2013-04-11 11:26 - 00000000 ____D () C:\Windows\pss
2015-01-24 10:02 - 2012-03-05 05:06 - 00048038 _____ () C:\Users\THeistand\Documents\Accounts.xlsx
2015-01-24 03:31 - 2013-01-28 19:40 - 00001225 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-24 03:28 - 2013-01-28 19:38 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-01-20 11:32 - 2014-10-31 01:42 - 00000000 ____D () C:\Users\THeistand\Desktop\Unemployment Oct. 2014
2015-01-20 11:10 - 2014-02-21 17:25 - 00000000 ____D () C:\Users\THeistand\Documents\Resumes
2015-01-20 03:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-01-18 12:52 - 2011-04-14 14:04 - 00000000 ____D () C:\Program Files\Acer
2015-01-18 12:52 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-18 12:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-18 09:34 - 2014-04-05 23:09 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\ Angry_Birds
2015-01-18 08:21 - 2011-09-01 22:12 - 00853838 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-18 08:21 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-18 08:19 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-01-18 06:17 - 2014-11-03 00:37 - 00000000 ____D () C:\Users\THeistand\Desktop\ORIGIN GAMES
2015-01-18 06:17 - 2012-10-04 21:22 - 00000000 ___RD () C:\Users\THeistand\Desktop\DVD RIP TOOLS
2015-01-18 04:35 - 2011-04-14 14:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-01-18 04:35 - 2011-04-14 13:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-18 03:44 - 2012-06-27 06:54 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2015-01-18 03:35 - 2013-08-24 15:45 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-01-18 03:24 - 2012-12-07 09:00 - 00000000 ____D () C:\Program Files (x86)\Open DVD Ripper
2015-01-18 03:24 - 2012-09-29 12:19 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-01-15 16:10 - 2015-01-12 00:51 - 00000000 ____D () C:\Program Files\Waterfox

==================== Files in the root of some directories =======

2015-01-11 14:52 - 2015-01-11 14:52 - 0037937 _____ () C:\Users\THeistand\AppData\Roaming\Comma Separated Values.ADR
2012-08-15 11:08 - 2012-08-15 11:08 - 0099384 _____ () C:\Users\THeistand\AppData\Roaming\inst.exe
2012-08-15 11:08 - 2012-08-15 11:08 - 0007859 _____ () C:\Users\THeistand\AppData\Roaming\pcouffin.cat
2012-08-15 11:08 - 2012-08-15 11:08 - 0001167 _____ () C:\Users\THeistand\AppData\Roaming\pcouffin.inf
2012-08-15 11:08 - 2012-08-15 11:08 - 0082816 _____ (VSO Software) C:\Users\THeistand\AppData\Roaming\pcouffin.sys
2012-08-15 11:10 - 2014-04-18 00:37 - 0001181 _____ () C:\Users\THeistand\AppData\Roaming\vso_ts_preview.xml
2014-02-15 11:19 - 2014-02-15 11:19 - 0000044 _____ () C:\Users\THeistand\AppData\Roaming\WB.CFG
2014-02-15 00:25 - 2014-02-23 11:06 - 0000346 ___SH () C:\Users\THeistand\AppData\Local\70149b02515b3bb20dd492.47983420
2013-09-22 00:02 - 2013-09-22 00:02 - 1065984 _____ () C:\Users\THeistand\AppData\Local\file__0.localstorage
2013-01-18 07:55 - 2013-01-18 07:55 - 0000218 _____ () C:\Users\THeistand\AppData\Local\recently-used.xbel
2012-08-28 00:03 - 2015-02-10 20:23 - 0007632 _____ () C:\Users\THeistand\AppData\Local\Resmon.ResmonCfg
2014-12-03 07:54 - 2014-12-03 08:06 - 0205174 _____ () C:\ProgramData\1417611246.1516.bin
2014-12-03 07:54 - 2014-12-03 08:06 - 0156016 _____ () C:\ProgramData\1417611246.2352.bin
2014-12-03 07:54 - 2014-12-03 08:04 - 0030672 _____ () C:\ProgramData\1417611246.2604.bin
2014-12-03 07:54 - 2014-12-03 07:54 - 0003735 _____ () C:\ProgramData\1417611246.3868.bin
2014-12-03 07:54 - 2014-12-03 08:03 - 0017903 _____ () C:\ProgramData\1417611246.4048.bin
2014-12-03 08:03 - 2014-12-03 08:03 - 0002247 _____ () C:\ProgramData\1417611246.4260.bin
2014-12-03 07:54 - 2014-12-03 07:54 - 0012148 _____ () C:\ProgramData\1417611246.4584.bin
2014-12-03 07:55 - 2014-12-03 08:00 - 0001545 _____ () C:\ProgramData\1417611246.4600.bin
2014-12-03 07:54 - 2014-12-03 07:54 - 0001090 _____ () C:\ProgramData\1417611246.6196.bin
2014-12-03 07:54 - 2014-12-03 07:54 - 0017948 _____ () C:\ProgramData\1417611246.6536.bin
2014-12-03 07:54 - 2014-12-03 07:54 - 0001090 _____ () C:\ProgramData\1417611246.6680.bin
2014-12-03 07:54 - 2014-12-03 08:06 - 0099087 _____ () C:\ProgramData\1417611246.6732.bin
2014-05-23 18:44 - 2014-05-23 18:44 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2014-02-22 19:41 - 2014-02-22 19:41 - 0000252 _____ () C:\ProgramData\FastPics.log
2013-01-01 19:58 - 2014-12-23 20:26 - 1183945 _____ () C:\ProgramData\lxea.log
2014-03-19 21:15 - 2014-05-23 18:44 - 0000244 _____ () C:\ProgramData\lxeaDiagnostics.log
2012-12-30 06:57 - 2014-04-18 18:30 - 0004858 _____ () C:\ProgramData\lxeaJSW.log
2012-12-19 16:36 - 2015-02-04 20:38 - 0060794 _____ () C:\ProgramData\lxeascan.log
2014-05-23 18:44 - 2014-05-23 18:44 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-08-28 00:13 - 2012-08-28 20:09 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-01-28 19:40 - 2015-01-24 03:31 - 0001225 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-05-23 18:43 - 2014-05-23 18:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Files to move or delete:
====================
C:\Users\THeistand\cnmss Canon iP2800 series (Local).dll

Some content of TEMP:
====================
C:\Users\THeistand\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9tiwqu.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 03:29

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by THeistand at 2015-02-14 16:33:42
Running from C:\Users\THeistand\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\uTorrent) (Version: 3.4.2.38429 - BitTorrent Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2904.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3009 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3016 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.03 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 14 v.14.0.5 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.5 - Ashampoo GmbH & Co. KG)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.19.0.1369 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.)
Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG2900 series User Registration (HKLM-x32\...\Canon MG2900 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3817.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
DVD-Cloner Platinum V9.40 Build 1108 (HKLM-x32\...\DVD-Cloner 9_is1) (Version: 9.40.0.1108 - OpenCloner Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.0.1 - iolo technologies, LLC)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version:  - Lexmark International, Inc.)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 16.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 16.0.2 (x86 en-US)) (Version: 16.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6636 - NewTech Infosystems) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.9 - Power Software Ltd)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM-x32\...\{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}) (Version: 1.3.800.0 - SAMSUNG Electronics CO., LTD.)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
System Mechanic 12 Professional (x32 Version: 14.0.1 - ) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
TP-LINK TL-WN721N_TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Unity Web Player (HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Waterfox 34.0.1 (x64 en-US) (HKLM\...\Waterfox 34.0.1 (x64 en-US)) (Version: 34.0.1 - Mozilla)
Webcam Motion Detector version 1.3 (HKLM-x32\...\Webcam Motion Detector_is1) (Version: 1.3 - Zebra-Media Software)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\THeistand\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{1029ABC3-2457-11D5-8E9D-0010B541CD80}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{3897B445-D5B8-410d-899A-9789B8ADB643}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{3C3F63EA-C7BA-11d4-8E60-0010B541CD80}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{4C80573A-9150-11d2-B772-0060B0F159EF}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{4D29B490-49B2-11D0-93C3-7E0706000000}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{62FBB030-24C7-11D3-B78D-0060B0F159EF}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{76283A80-50DD-11D3-A7E3-00C04F79D7BC}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{81D07C3D-0350-11D3-B7C2-0060B0EC020B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{8421A29C-54B8-11D1-9837-0060B03C43C8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{846217D0-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{846217D1-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{8B0E6BD9-610C-11D1-9842-0060B03C43C8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{B6B5DC40-96E3-11d2-B774-0060B0F159EF}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{BBF9FDF1-52DC-11D0-8C04-0800090BE8EC}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{C343ED84-A129-11d3-B799-0060B0F159EF}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{D7A1987D-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{D7A1987E-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{DB5D476B-3FF4-4E9D-A606-1E2B473BE571}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{E60F81E1-49B3-11D0-93C3-7E0706000000}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-288039168-2513596968-2444979690-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

11-02-2015 04:34:31 Removed Should I Remove It
11-02-2015 17:52:50 Windows Update
11-02-2015 18:12:30 Installed Microsoft Fix it 50123
12-02-2015 12:17:55 Installed Microsoft Fix it 50440
14-02-2015 00:44:09 new restore point
14-02-2015 05:02:41 Windows Backup
14-02-2015 12:09:37 Olive
14-02-2015 13:11:38 Removed Google Analytics Opt-out Browser Add-on
14-02-2015 13:13:55 Removed Paint.NET v3.5.10

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {046C2DBA-F8B8-4CBB-A376-A820ACF13C46} - System32\Tasks\BrickFixer-S-2168547716 => c:\programdata\trusted publisher\brickfixer\BrickFixer.exe <==== ATTENTION
Task: {0D37684C-2BCB-4C46-B136-82285FA3B4CC} - System32\Tasks\{C80FF883-8E59-4228-9AF6-6644B50E9A11} => C:\Users\THeistand\desktop\ImationLOCKv229.exe
Task: {0E700F2E-BCD7-4E53-A083-F3B5821D10B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {0E887EDB-C309-46EC-8FFC-E4FA95A75CFE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1C0AC6EC-CBD1-4263-8616-07298B6C48B4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {26702FD3-7169-42A1-812F-77CB5288782E} - System32\Tasks\{80D6389E-98B6-4AFD-9376-D54E86BF5182} => C:\Program Files (x86)\Acer\Acer System Information\SystemInformation.exe [2010-06-18] ()
Task: {3235A874-B245-44C0-8B96-9E71359DFCA1} - System32\Tasks\Scheduled scanning task => C:\PROGRA~2\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsav.exe
Task: {44123295-4B21-41F5-8365-487E8E0428B0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {560203A2-62C3-4D14-9D3A-95B33608B448} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2014-08-12] (iolo technologies, LLC)
Task: {57FE3272-A957-4011-9AB6-F98428287DE3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6F919909-FFFC-4CDF-816A-762ED301A7A7} - System32\Tasks\{59FFDFED-3FD2-4916-8ACB-B37E125FC2B9} => pcalua.exe -a C:\PROGRA~2\Belarc\Advisor\Uninstall.exe -c "C:\PROGRA~2\Belarc\Advisor\INSTALL.LOG"
Task: {708275DE-F0CD-403D-9FAC-621BCD40D175} - System32\Tasks\{43155E35-9A6E-4629-8DEF-4D3CB56A41B6} => pcalua.exe -a "C:\Users\THeistand\Desktop\New folder (4)\06_USB Driver\06_USB Driver\USB Driver for ASC\MCCI\USB_DRIVER\i386\SY06Uninstall.exe" -d "C:\Users\THeistand\Desktop\New folder (4)\06_USB Driver\06_USB Driver\USB Driver for ASC\MCCI\USB_DRIVER\i386"
Task: {72494BFA-C119-44DE-8853-63F26C9701D8} - System32\Tasks\{4DDA494B-98DD-487A-8BE8-4FA5354734BB} => pcalua.exe -a "C:\2nd Story Software\TaxACT 2012\Unta12.exe" -c C:\2nd Story Software\TaxACT 2012\Install_1040.log
Task: {77F1075A-CF8A-4B92-91E6-79F793B8474D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for NOTEBOOK-THeistand notebook => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-01-21] (Microsoft Corporation)
Task: {798EA507-A854-4AD7-8295-97AED57BD866} - System32\Tasks\{A2228571-3E55-4AF5-8F81-FEEBF175B44E} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe" -c -runfromtemp -l0x0409
Task: {7AD8436B-02A0-47ED-B549-D7C875571217} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-12-10] ()
Task: {8EE50350-B54D-49D8-BB89-D467AB3C634B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {8FBCEF76-5007-406D-BB07-1AD9C8E747C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-12] (Adobe Systems Incorporated)
Task: {9571A876-FE64-48D5-9E06-B3DEF2409549} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {A3412D47-C167-44DC-AF80-EFA7AC597535} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\WSCStub.exe
Task: {AAC70321-879F-4BB9-85E1-FAFB8FDF13A0} - System32\Tasks\{498283AA-F78E-464A-B0EC-C61AE941166E} => C:\Program Files (x86)\Acer\Acer System Information\SystemInformation.exe [2010-06-18] ()
Task: {CCE4A4E9-C6C5-470C-9D44-95B1E060CE7E} - System32\Tasks\{636BD552-54D3-4254-95D8-FCE9BD452E49} => Iexplore.exe http://ui.skype.com/ui/0/5.0.0.152.367/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {D3539995-EF0C-4F56-BC13-EA20F94A230E} - System32\Tasks\{D29005DB-A2DE-473F-B9C3-0CBCD44D9CFB} => pcalua.exe -a C:\Users\THeistand\AppData\Local\Temp\Temp1_Egyptoid2.zip\Setup.exe
Task: {E6ACAA8C-97C8-4E5B-9F02-6FFD8F82B4ED} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\SymErr.exe
Task: {EBAB9976-04E3-4683-9716-1E34CE6E4AE3} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\SymErr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BrickFixer-S-2168547716.job => c:\programdata\trusted publisher\brickfixer\BrickFixer.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Scheduled scanning task.job => C:\PROGRA~2\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsav.exe

==================== Loaded Modules (whitelisted) ==============

2014-12-03 08:05 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-12-03 08:05 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-12-03 08:05 - 2014-11-19 16:24 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-12-03 08:05 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-02-06 08:19 - 2015-02-06 08:24 - 00784712 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttpbr.mdl
2015-02-06 08:19 - 2015-02-06 08:20 - 00573544 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttpdsp.mdl
2015-02-06 08:19 - 2015-02-06 08:24 - 02657264 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttpph.mdl
2015-02-06 08:19 - 2015-02-06 08:24 - 01331648 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttprbl.mdl
2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-11-27 19:39 - 2009-11-04 08:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2014-11-06 10:28 - 2014-11-06 10:28 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2013-01-01 10:26 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2014-11-17 04:46 - 2014-11-17 04:46 - 00639488 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2014-11-10 04:55 - 2014-11-10 04:55 - 01686016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-11-05 02:36 - 2014-11-05 02:36 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-11-05 02:37 - 2014-11-05 02:37 - 00632832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-11-14 05:53 - 2014-11-14 05:53 - 06499840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-29 20:55 - 2014-06-29 20:55 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2014-06-29 21:05 - 2014-06-29 21:05 - 01183232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\qwt.dll
2014-11-07 04:13 - 2014-11-07 04:13 - 02475520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 15:27 - 2012-10-15 15:27 - 00111616 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlc.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 02286592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlccore.dll
2014-11-17 02:00 - 2014-11-17 02:00 - 01056768 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 03:39 - 2014-09-11 03:39 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2014-11-05 02:51 - 2014-11-05 02:51 - 01191424 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-11-17 01:21 - 2014-11-17 01:21 - 10374656 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-11-17 01:18 - 2014-11-17 01:18 - 02496512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-11-06 04:39 - 2014-11-06 04:39 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-11-05 02:58 - 2014-11-05 02:58 - 00889344 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-11-05 03:00 - 2014-11-05 03:00 - 00435712 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-06-29 20:55 - 2014-06-29 20:55 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-11-03 03:23 - 2014-11-03 03:23 - 00143360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2014-06-18 21:22 - 2014-06-18 21:22 - 02177405 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00219648 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00049664 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00070144 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-11-05 02:59 - 2014-11-05 02:59 - 00642048 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-11-05 03:01 - 2014-11-05 03:01 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-29 21:33 - 2014-06-29 21:33 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00750080 _____ () C:\Users\THeistand\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-14 15:20 - 2015-02-14 15:20 - 00043008 _____ () c:\Users\THeistand\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9tiwqu.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00047616 _____ () C:\Users\THeistand\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00865280 _____ () C:\Users\THeistand\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00200704 _____ () C:\Users\THeistand\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Windows\system32\atibtmon.exe:AGC
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\ProgramData\Temp:3F464E0C
AlternateDataStreams: C:\ProgramData\Temp:4AE6BD6E
AlternateDataStreams: C:\ProgramData\Temp:A303874F
AlternateDataStreams: C:\Users\THeistand\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\THeistand\Downloads\installer_win.exe:BDU
AlternateDataStreams: C:\Users\THeistand\Downloads\msert.exe:BDU
AlternateDataStreams: C:\Users\THeistand\Downloads\OliveBundle.exe:BDU
AlternateDataStreams: C:\Users\THeistand\Downloads\OMNIPAGE ULTIMATE.exe:BDU
AlternateDataStreams: C:\Users\THeistand\Downloads\privateinternetaccess.exe:BDU
AlternateDataStreams: C:\Users\THeistand\Downloads\SkypeSetup.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-288039168-2513596968-2444979690-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BdDesktopParental => 3
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: DsiWMIService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IDVaultSvc => 2
MSCONFIG\Services: ioloSystemService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: lxeaCATSCustConnectService => 2
MSCONFIG\Services: lxea_device => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: WinDefend => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^THeistand^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon iP2800 series.lnk => C:\Windows\pss\Canon IJ Status Monitor Canon iP2800 series.lnk.Startup
MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BlueStacks Agent =>
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
MSCONFIG\startupreg: Facebook Update =>
MSCONFIG\startupreg: Google Update => "C:\Users\THeistand\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: lxeamon.exe => "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
MSCONFIG\startupreg: Skype =>
MSCONFIG\startupreg: SunJavaUpdateSched =>
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Webcam Motion Detector => C:\Program Files (x86)\Zebra-Media\Webcam Motion Detector\AutoStartup.lnk

==================== Accounts: =============================

Administrator (S-1-5-21-288039168-2513596968-2444979690-500 - Administrator - Disabled)
Guest (S-1-5-21-288039168-2513596968-2444979690-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-288039168-2513596968-2444979690-1002 - Limited - Enabled)
THeistand (S-1-5-21-288039168-2513596968-2444979690-1000 - Administrator - Enabled) => C:\Users\THeistand

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2015 03:19:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 6.1.168.192.in-addr.arpa. PTR notebook.local.

Error: (02/14/2015 03:19:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   18 6.1.168.192.in-addr.arpa. PTR notebook-2.local.

Error: (02/14/2015 01:13:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\THEIST~1\AppData\Local\Temp\{F5FEC6ED-005F-4DD9-805E-A30529BF28A0}\setup.exe /q"C:\Program Files (x86)\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe" /tempdisk1folder"C:\Users\THEIST~1\AppData\Local\Temp\{F5FEC6ED-005F-4DD9-805E-A30529BF28A0}" -runfromtemp -l0x0409; Description = Configured NTI Backup Now 5; Error = 0x80042319).

Error: (02/14/2015 01:13:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_CryptSvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: msxml3.dll, version: 8.110.7601.18576, time stamp: 0x53f59493
Exception code: 0xc0000005
Fault offset: 0x000000000000340e
Faulting process id: 0x68c
Faulting application start time: 0xsvchost.exe_CryptSvc0
Faulting application path: svchost.exe_CryptSvc1
Faulting module path: svchost.exe_CryptSvc2
Report Id: svchost.exe_CryptSvc3

Error: (02/14/2015 00:50:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 6.1.168.192.in-addr.arpa. PTR notebook.local.

Error: (02/14/2015 00:50:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   18 6.1.168.192.in-addr.arpa. PTR notebook-2.local.

Error: (02/14/2015 00:29:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 6.1.168.192.in-addr.arpa. PTR notebook.local.

Error: (02/14/2015 00:29:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   18 6.1.168.192.in-addr.arpa. PTR notebook-2.local.

Error: (02/14/2015 00:10:13 PM) (Source: MsiInstaller) (EventID: 10005) (User: NOTEBOOK)
Description: Product: Olive -- Java Runtime Environment (32 bit) is not installed or outdated. Please install Oracle JRE 1.6 or later.

Error: (02/14/2015 11:51:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 6.1.168.192.in-addr.arpa. PTR notebook.local.

System errors:
=============
Error: (02/14/2015 03:24:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (02/14/2015 03:24:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Net.Pipe Listener Adapter service hung on starting.

Error: (02/14/2015 03:21:59 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (02/14/2015 03:21:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Media Center Extender Service service depends on the Remote Desktop Services service which failed to start because of the following error:
%%1058

Error: (02/14/2015 03:20:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (02/14/2015 03:20:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (02/14/2015 03:20:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (02/14/2015 03:20:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (02/14/2015 03:20:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (02/14/2015 03:20:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Microsoft Office Sessions:
=========================
Error: (02/14/2015 03:19:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 6.1.168.192.in-addr.arpa. PTR notebook.local.

Error: (02/14/2015 03:19:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   18 6.1.168.192.in-addr.arpa. PTR notebook-2.local.

Error: (02/14/2015 01:13:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\THEIST~1\AppData\Local\Temp\{F5FEC6ED-005F-4DD9-805E-A30529BF28A0}\setup.exe /q"C:\Program Files (x86)\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe" /tempdisk1folder"C:\Users\THEIST~1\AppData\Local\Temp\{F5FEC6ED-005F-4DD9-805E-A30529BF28A0}" -runfromtemp -l0x0409Configured NTI Backup Now 50x80042319

Error: (02/14/2015 01:13:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc3c1msxml3.dll8.110.7601.1857653f59493c0000005000000000000340e68c01d0487ea3750cb2C:\Windows\system32\svchost.exeC:\Windows\System32\msxml3.dll1cae9f34-b475-11e4-b5ff-206a8a440dce

Error: (02/14/2015 00:50:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 6.1.168.192.in-addr.arpa. PTR notebook.local.

Error: (02/14/2015 00:50:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   18 6.1.168.192.in-addr.arpa. PTR notebook-2.local.

Error: (02/14/2015 00:29:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 6.1.168.192.in-addr.arpa. PTR notebook.local.

Error: (02/14/2015 00:29:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   18 6.1.168.192.in-addr.arpa. PTR notebook-2.local.

Error: (02/14/2015 00:10:13 PM) (Source: MsiInstaller) (EventID: 10005) (User: NOTEBOOK)
Description: Product: Olive -- Java Runtime Environment (32 bit) is not installed or outdated. Please install Oracle JRE 1.6 or later.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/14/2015 11:51:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 6.1.168.192.in-addr.arpa. PTR notebook.local.

CodeIntegrity Errors:
===================================
  Date: 2014-03-15 17:16:23.395
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aticfx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-15 17:16:23.224
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aticfx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-15 14:43:21.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aticfx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-15 14:43:21.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aticfx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-14 21:39:51.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aticfx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-14 21:39:50.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aticfx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-14 12:58:21.773
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aticfx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-14 12:58:21.309
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aticfx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-29 18:11:51.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00217_003\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-29 18:03:27.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00217_003\avcuf64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Phenom™ II N970 Quad-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 7934.17 MB
Available physical RAM: 5846.48 MB
Total Pagefile: 15866.53 MB
Available Pagefile: 13650.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:452.48 GB) (Free:246.52 GB) NTFS
Drive d: (Music J to Z) (CDROM) (Total:4.38 GB) (Free:0 GB) CDFS
Drive f: (HP V255W) (Removable) (Total:29.95 GB) (Free:0 GB) FAT32
Drive g: () (Removable) (Total:14.62 GB) (Free:9.23 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 51CF23C3)
Partition 1: (Not Active) - (Size=13.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 14.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:50 PM

Posted 15 February 2015 - 02:25 PM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Trevor1971

Trevor1971
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:12:50 PM

Posted 16 February 2015 - 01:55 AM

~Machiavelli,

Thank you for you help. I still have BSOD and  I'm concerned about the Chrome entries in the FRST file.

 

ADW Log

 

# AdwCleaner v4.110 - Logfile created 15/02/2015 at 19:57:47

# Updated 05/02/2015 by Xplode

# Database : 2015-02-14.2 [Server]

# Operating system : Windows 7 Ultimate Service Pack 1 (x64)

# Username : THeistand - NOTEBOOK

# Running from : C:\Users\THeistand\Downloads\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\THeistand\AppData\Local\eSupport.com

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\eSupport.com

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Uniblue

Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v16.0.2 (en-US)

 

 

*************************

 

AdwCleaner[R1].txt - [308 bytes] - [15/02/2015 19:53:39]

AdwCleaner[R2].txt - [1412 bytes] - [15/02/2015 19:54:51]

AdwCleaner[S1].txt - [1267 bytes] - [15/02/2015 19:57:47]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1326  bytes] ##########

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/15/2015
Scan Time: 10:46:32 PM
Logfile:
Administrator: Yes

Version: 0.00.0.0000
Malware Database: v2015.02.16.02
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: THeistand

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 394340
Time Elapsed: 36 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by THeistand on Mon 02/16/2015 at  0:40:23.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f16bb5f5-9e65-4f71-85d5-10f7bcfd4568}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{f16bb5f5-9e65-4f71-85d5-10f7bcfd4568}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f16bb5f5-9e65-4f71-85d5-10f7bcfd4568}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{f16bb5f5-9e65-4f71-85d5-10f7bcfd4568}



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_94DDE1ED-2089C148.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-66EEE4D2.pf
Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\THeistand\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Program Files (x86)\max uninstaller"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/16/2015 at  0:47:59.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by THeistand (administrator) on NOTEBOOK on 16-02-2015 01:02:17
Running from C:\Users\THeistand\Desktop
Loaded Profiles: THeistand (Available profiles: THeistand)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: waterfox.exe)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
( ) C:\Windows\System32\lxeacoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Zebra-Media) C:\Program Files (x86)\Zebra-Media\Webcam Motion Detector\WebcamMotionDetector.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Dropbox, Inc.) C:\Users\THeistand\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Waterfox) C:\Program Files\Waterfox\waterfox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1689576 2015-02-10] (Bitdefender)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-10] (Bitdefender)
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-17] (Google Inc.)
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Run: [Webcam Motion Detector] => C:\Program Files (x86)\Zebra-Media\Webcam Motion Detector\AutoStartup.lnk [1197 2011-12-01] ()
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SystweakDisabled ()
Startup: C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\THeistand\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * ꖤ眡
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> {44195518-8F0D-4714-A59F-884DCF917F66} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> {5F647541-E072-4470-9E5D-62EFAE980689} URL = http://www.youtube.com/results?search_query={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> No Name - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} -  No File
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://www.pcpitstop.com/nirvana/controls/pcmatic.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: AutorunsDisabled - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057
FF DefaultSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-288039168-2513596968-2444979690-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\THeistand\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\searchplugins\java-api.xml
FF Extension: Flashblock - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-15]
FF Extension: EPUBReader - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-10]
FF Extension: FireFTP - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-15]
FF Extension: Show Password Field - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\ShowPasswordField@danilo.treffiletti.it.xpi [2015-01-16]
FF Extension: FastestFox - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\smarterwiki@wikiatic.com.xpi [2015-01-11]
FF Extension: عارض PDF - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\uriloader@pdf.js.xpi [2014-12-02]
FF Extension: YesScript - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\yesscript@userstyles.org.xpi [2014-12-15]
FF Extension: NoScript - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-11]
FF Extension: QuickJava - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-01-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-09-24]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-12-03]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-08-13]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-12-03]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - No Path
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-17] (Bitdefender)
S4 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S4 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-03] (Electronic Arts)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-02-12] (Bitdefender)
S4 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-10] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-10] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-10] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-10] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-10] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2014-12-17] (BitDefender LLC)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.) [File not signed]
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-11-23] (CACE Technologies, Inc.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-16] (EldoS Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 vmci; No ImagePath
S3 VMnetAdapter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 01:02 - 2015-02-16 01:02 - 00025771 _____ () C:\Users\THeistand\Desktop\FRST.txt
2015-02-16 00:59 - 2015-02-16 00:59 - 02085888 _____ (Farbar) C:\Users\THeistand\Desktop\FRST64.exe
2015-02-16 00:48 - 2015-02-16 00:47 - 00001683 _____ () C:\Users\THeistand\Desktop\JRT.txt
2015-02-16 00:39 - 2015-02-16 00:39 - 01388274 _____ (Thisisu) C:\Users\THeistand\Desktop\JRT.exe
2015-02-15 23:43 - 2015-02-15 23:43 - 00000376 _____ () C:\Windows\PFRO.log
2015-02-15 21:11 - 2015-02-16 00:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 21:10 - 2015-02-15 21:10 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-15 21:10 - 2015-02-15 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-15 21:10 - 2015-02-15 21:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-15 21:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-15 21:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-15 21:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-15 21:08 - 2015-02-15 21:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\THeistand\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-15 21:05 - 2015-02-15 21:05 - 00001406 _____ () C:\Users\THeistand\Desktop\AdwCleaner[S1].txt
2015-02-15 19:53 - 2015-02-15 21:05 - 00000000 ____D () C:\AdwCleaner
2015-02-15 19:53 - 2015-02-15 19:53 - 02112512 _____ () C:\Users\THeistand\Downloads\AdwCleaner.exe
2015-02-15 18:46 - 2015-02-15 18:46 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-15 12:19 - 2015-02-15 12:19 - 00001377 _____ () C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-15 12:11 - 2015-02-15 12:11 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-15 12:11 - 2015-02-15 12:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-15 12:11 - 2015-02-15 12:11 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-15 12:11 - 2015-02-15 12:11 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-15 12:11 - 2015-02-15 12:11 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-15 12:11 - 2015-02-15 12:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-15 12:11 - 2015-02-15 12:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-02-15 12:11 - 2015-02-15 12:11 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-02-15 12:11 - 2015-02-15 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-15 09:55 - 2015-02-16 00:16 - 00000616 _____ () C:\Windows\setupact.log
2015-02-15 09:55 - 2015-02-15 09:55 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-15 09:50 - 2015-02-15 12:15 - 00013756 _____ () C:\Windows\IE11_main.log
2015-02-15 09:36 - 2015-02-15 09:36 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-15 09:36 - 2015-02-15 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-15 09:36 - 2015-02-15 09:36 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-15 09:12 - 2015-02-15 09:12 - 00000833 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-02-15 09:12 - 2015-02-15 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-02-15 09:12 - 2015-02-15 09:12 - 00000000 ____D () C:\Program Files\CPUID
2015-02-15 08:01 - 2015-02-15 08:01 - 00000282 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}.job
2015-02-14 17:27 - 2015-02-14 17:27 - 00000682 ____H () C:\bdr-cf02
2015-02-14 12:04 - 2015-02-14 12:09 - 28251240 _____ (GZ Systems) C:\Users\THeistand\Downloads\OliveBundle.exe
2015-02-12 22:26 - 2015-02-13 02:50 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\CrashDumps
2015-02-12 10:52 - 2015-02-12 10:52 - 00048277 _____ () C:\Users\THeistand\Documents\Accounts 02-21-15.xlsx
2015-02-12 10:45 - 2015-02-12 10:46 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\New folder
2015-02-11 17:50 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 17:50 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 17:50 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 17:50 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 17:50 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 17:50 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 17:50 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 17:50 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 17:50 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 17:50 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 17:50 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 17:50 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 17:50 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 17:50 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 17:50 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 17:50 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 17:50 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 17:50 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 17:50 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 17:50 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 17:49 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 17:49 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 17:49 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 17:49 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 17:48 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 17:48 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 17:47 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 17:47 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 17:47 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 17:47 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 17:47 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 17:47 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 17:47 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 17:47 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 04:46 - 2015-02-11 04:46 - 00000000 __SHD () C:\found.000
2015-02-10 23:15 - 2015-02-16 01:02 - 00000000 ____D () C:\FRST
2015-02-10 23:15 - 2015-02-14 17:55 - 00000000 ____D () C:\Users\THeistand\Desktop\New folder
2015-02-10 20:23 - 2015-02-10 22:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-10 20:22 - 2015-02-10 20:22 - 00000000 ____D () C:\Users\THeistand\Desktop\MB anti rootkits
2015-02-10 15:55 - 2015-02-10 15:55 - 00001009 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-10 08:26 - 2015-02-10 08:26 - 00677104 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-02-10 08:26 - 2015-02-10 08:26 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-02-09 23:09 - 2015-02-09 23:09 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2015-02-09 21:13 - 2015-02-09 21:13 - 00000000 ____D () C:\Program Files\Reason
2015-02-09 21:03 - 2015-02-09 21:03 - 00003276 _____ () C:\Windows\System32\Tasks\{A2228571-3E55-4AF5-8F81-FEEBF175B44E}
2015-02-09 13:39 - 2015-02-09 13:39 - 00000000 ____D () C:\Users\THeistand\Downloads\Acer Aspire 7551 repair and upgrade
2015-02-08 20:51 - 2015-02-08 20:51 - 00000000 ____D () C:\Users\THeistand\Documents\Fax
2015-02-07 15:28 - 2015-02-07 15:28 - 00059775 _____ () C:\Users\THeistand\Desktop\RESTORES.xlsx
2015-02-06 13:59 - 2015-02-16 00:23 - 01858789 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 13:58 - 2015-02-11 18:17 - 00503480 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-05 18:15 - 2015-02-05 18:15 - 00136912 _____ () C:\Users\THeistand\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-05 10:32 - 2015-02-05 10:32 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Abelssoft
2015-02-05 10:31 - 2015-02-09 18:44 - 00000000 ____D () C:\Program Files (x86)\WashAndGo
2015-02-05 10:03 - 2015-02-16 00:30 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for NOTEBOOK-THeistand notebook
2015-02-05 10:00 - 2015-02-14 17:55 - 00000000 ____D () C:\Users\THeistand\Desktop\rempnp
2015-02-05 09:14 - 2015-02-05 09:14 - 00171127 _____ () C:\Users\THeistand\Desktop\Acer Laptop Configurations.pptx
2015-02-05 09:09 - 2015-02-05 09:09 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2015-02-05 09:08 - 2015-02-05 09:08 - 00079781 _____ () C:\Users\THeistand\Desktop\NOTEBOOK.html
2015-02-03 06:37 - 2015-02-03 06:37 - 00000000 ____D () C:\Users\THeistand\Desktop\Contents old epic4g 2-3-15
2015-02-01 23:30 - 2015-02-01 23:30 - 00000801 _____ () C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-24 10:06 - 2015-02-14 12:34 - 00048371 _____ () C:\Users\THeistand\Documents\Accounts 01-24-15.xlsx
2015-01-24 07:22 - 2015-01-24 07:22 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Apps\2.0
2015-01-24 04:39 - 2015-01-24 04:39 - 00000095 _____ () C:\Users\THeistand\Documents\debug.log
2015-01-19 21:41 - 2015-01-19 21:41 - 00001483 _____ () C:\Users\THeistand\Desktop\15 minute beef stroganoff.doc.lnk
2015-01-18 21:38 - 2015-01-18 21:39 - 00000000 ____D () C:\Users\THeistand\Downloads\Arduino
2015-01-18 15:00 - 2015-01-18 15:00 - 00001932 _____ () C:\Windows\system32\.crusader
2015-01-18 13:34 - 2015-01-18 15:03 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-18 13:33 - 2015-01-18 15:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-18 13:10 - 2012-06-01 00:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2015-01-18 13:10 - 2012-06-01 00:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2015-01-18 13:10 - 2012-06-01 00:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2015-01-18 13:10 - 2012-06-01 00:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2015-01-18 13:10 - 2012-06-01 00:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2015-01-18 13:10 - 2012-06-01 00:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2015-01-18 13:10 - 2012-05-31 23:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2015-01-18 13:10 - 2012-05-31 23:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2015-01-18 13:10 - 2012-05-31 23:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2015-01-18 13:10 - 2012-05-31 23:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2015-01-18 13:10 - 2012-05-31 23:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2015-01-18 13:10 - 2012-05-31 23:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2015-01-18 12:57 - 2015-02-14 19:09 - 00000000 ____D () C:\Users\DefaultAppPool
2015-01-18 12:57 - 2014-12-06 03:29 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2015-01-18 12:57 - 2013-03-25 17:04 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Google
2015-01-18 12:57 - 2011-04-14 15:48 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-18 12:57 - 2011-04-14 15:48 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-18 12:57 - 2011-04-14 14:20 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Downloaded Installations
2015-01-18 12:57 - 2011-04-14 13:59 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2015-01-18 12:57 - 2010-11-20 21:51 - 00001449 _____ () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-18 12:57 - 2010-11-20 21:51 - 00001415 _____ () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-18 12:57 - 2010-11-20 21:50 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini
2015-01-18 08:19 - 2015-01-18 08:19 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2015-01-18 08:19 - 2015-01-18 08:19 - 00000000 ____D () C:\Windows\system32\BestPractices
2015-01-18 08:19 - 2015-01-18 08:19 - 00000000 ____D () C:\inetpub
2015-01-18 02:35 - 2015-01-18 02:35 - 128639736 _____ (Microsoft Corporation) C:\Users\THeistand\Downloads\msert.exe
2015-01-17 15:36 - 2015-01-17 15:36 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-17 15:28 - 2015-01-17 15:28 - 00001043 _____ () C:\Users\THeistand\Desktop\TJ and Ashley documents.lnk
2015-01-17 15:10 - 2015-01-28 15:51 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Adobe
2015-01-17 15:10 - 2015-01-17 15:36 - 00000000 ____D () C:\ProgramData\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 00:44 - 2012-03-31 09:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-16 00:25 - 2011-09-26 12:09 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 00:22 - 2009-07-13 23:45 - 00041824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 00:22 - 2009-07-13 23:45 - 00041824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 00:19 - 2013-08-11 12:41 - 00000000 ___RD () C:\Users\THeistand\Dropbox
2015-02-16 00:19 - 2013-08-11 12:28 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Dropbox
2015-02-16 00:17 - 2014-11-21 02:19 - 00000488 ____H () C:\Windows\Tasks\BrickFixer-S-2168547716.job
2015-02-16 00:17 - 2011-09-26 12:09 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 00:17 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 21:09 - 2014-12-05 14:11 - 00000000 ____D () C:\Users\THeistand\AppData\Local\CrashDumps
2015-02-15 18:47 - 2012-03-31 09:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-15 18:47 - 2012-03-31 09:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-15 18:47 - 2011-09-11 14:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-15 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-15 12:18 - 2011-02-14 19:54 - 00000000 ____D () C:\Windows\Panther
2015-02-15 12:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-15 11:55 - 2011-10-06 14:55 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\TeamViewer
2015-02-15 10:11 - 2009-07-14 00:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-15 10:05 - 2013-12-22 10:09 - 02562560 ___SH () C:\Users\THeistand\Desktop\Thumbs.db
2015-02-15 08:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-15 08:15 - 2014-01-10 22:33 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\ioloGovernor
2015-02-15 08:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-02-15 08:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-02-15 08:07 - 2014-12-03 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-02-15 07:57 - 2012-12-19 16:36 - 00061014 _____ () C:\ProgramData\lxeascan.log
2015-02-15 00:00 - 2014-11-27 00:22 - 00000740 _____ () C:\Windows\Tasks\Scheduled scanning task.job
2015-02-14 19:11 - 2014-02-21 17:23 - 00000000 ____D () C:\Users\THeistand\Documents\Divorce & Police Records
2015-02-14 18:41 - 2013-04-11 11:26 - 00000000 ____D () C:\Windows\pss
2015-02-14 17:58 - 2011-08-31 20:58 - 00000000 ____D () C:\Users\THeistand
2015-02-14 17:57 - 2011-12-24 10:01 - 00000000 ____D () C:\Program Files\Bonjour
2015-02-14 17:55 - 2015-01-12 00:51 - 00000000 ____D () C:\Program Files\Waterfox
2015-02-14 17:55 - 2014-12-05 06:57 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-14 17:55 - 2014-09-24 19:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-14 17:55 - 2014-08-26 01:34 - 00000000 ____D () C:\Program Files (x86)\Quicken
2015-02-14 17:55 - 2014-08-15 21:02 - 00000000 ____D () C:\Users\THeistand\AppData\Local\NETGEARGenie
2015-02-14 17:55 - 2014-08-15 21:02 - 00000000 ____D () C:\Program Files (x86)\NETGEAR Genie
2015-02-14 17:55 - 2014-04-30 23:22 - 00000000 ____D () C:\Program Files\pia_manager
2015-02-14 17:55 - 2014-02-24 18:26 - 00000000 ____D () C:\Users\THeistand\AppData\Local\GoldenFrog
2015-02-14 17:55 - 2014-02-24 18:09 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-02-14 17:55 - 2014-02-22 19:35 - 00000000 ____D () C:\Program Files (x86)\Lexmark S300-S400 Series
2015-02-14 17:55 - 2014-02-20 00:58 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Golden_Frog,_Inc
2015-02-14 17:55 - 2014-02-17 23:37 - 00000000 ____D () C:\Program Files\PeerBlock
2015-02-14 17:55 - 2013-07-22 17:33 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2015-02-14 17:55 - 2012-09-29 12:14 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-14 17:55 - 2012-08-28 00:53 - 00000000 ____D () C:\Program Files\iTunes
2015-02-14 17:55 - 2012-08-28 00:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-14 17:55 - 2012-07-10 00:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-14 17:55 - 2012-06-13 16:24 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\uTorrent
2015-02-14 17:55 - 2012-01-11 21:59 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-14 17:55 - 2011-12-24 10:02 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-02-14 17:55 - 2011-12-24 10:02 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-02-14 17:55 - 2011-12-24 10:01 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-02-14 17:55 - 2011-12-16 09:25 - 00000000 ____D () C:\Program Files (x86)\PowerISO
2015-02-14 17:55 - 2011-09-10 23:23 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-14 17:55 - 2011-09-01 22:12 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-02-14 17:55 - 2011-06-08 15:28 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2015-02-14 17:55 - 2011-04-14 14:42 - 00000000 ____D () C:\Program Files\Windows Journal
2015-02-14 17:55 - 2011-04-14 14:19 - 00000000 ____D () C:\Program Files (x86)\EgisTec IPS
2015-02-14 17:55 - 2011-04-14 14:18 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2015-02-14 17:55 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-02-14 17:55 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-02-14 17:55 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-14 17:55 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-02-14 17:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-02-14 17:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-02-14 17:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Setup
2015-02-14 17:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\com
2015-02-14 17:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-02-14 17:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\servicing
2015-02-14 17:27 - 2014-12-03 08:03 - 00253404 ____H () C:\bdr-ld02
2015-02-14 17:27 - 2014-12-03 08:03 - 00009216 ____H () C:\bdr-ld02.mbr
2015-02-14 14:14 - 2013-01-21 13:21 - 00000000 ____D () C:\Users\THeistand\Documents\Ashleigh
2015-02-14 14:14 - 2012-03-07 06:09 - 00000000 ___HD () C:\Users\THeistand\Documents\Trevor File Cabinet
2015-02-14 14:07 - 2014-10-31 01:33 - 00000000 ____D () C:\Users\THeistand\Documents\DHS
2015-02-14 13:12 - 2011-09-29 12:59 - 00000000 ____D () C:\Program Files\Google
2015-02-14 13:12 - 2011-09-26 12:09 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-14 13:11 - 2011-09-26 12:09 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Google
2015-02-14 13:02 - 2014-10-20 07:36 - 00000000 ____D () C:\Users\THeistand\Downloads\pcdmis
2015-02-14 12:10 - 2014-12-08 21:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-14 10:57 - 2014-06-06 22:48 - 00000000 ____D () C:\Users\THeistand\Downloads\QUALITY ENGINEERING MANUALS
2015-02-14 04:58 - 2009-07-14 00:13 - 00917758 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-13 19:39 - 2013-08-13 19:51 - 00002485 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-02-13 19:39 - 2013-08-13 19:51 - 00002194 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-02-13 19:39 - 2013-08-13 19:51 - 00002015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-02-13 11:23 - 2013-08-11 12:36 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 12:08 - 2014-11-28 09:30 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Adobe
2015-02-12 07:57 - 2014-12-02 17:12 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-12 07:56 - 2012-02-26 08:55 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-11 18:11 - 2014-12-05 06:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-11 18:10 - 2011-12-02 07:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 18:02 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini
2015-02-11 17:56 - 2013-08-08 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 17:56 - 2011-09-10 18:28 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 04:37 - 2011-10-29 03:49 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-10 20:23 - 2012-08-28 00:03 - 00007632 _____ () C:\Users\THeistand\AppData\Local\Resmon.ResmonCfg
2015-02-10 14:41 - 2011-12-23 14:51 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Abelssoft
2015-02-10 14:33 - 2013-01-13 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-10 14:20 - 2011-09-26 12:09 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-10 14:20 - 2011-09-26 12:09 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-10 14:09 - 2014-03-05 18:34 - 00117760 ___SH () C:\Users\THeistand\Thumbs.db
2015-02-10 11:36 - 2015-01-12 14:37 - 00048996 _____ () C:\Users\THeistand\Documents\Accounts (Autosaved) (Autosaved).xlsx
2015-02-10 08:26 - 2014-12-03 08:05 - 01306464 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-02-10 08:26 - 2014-12-03 08:05 - 00262544 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-02-10 08:26 - 2014-12-03 08:05 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-02-10 08:26 - 2013-11-15 05:45 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2015-02-10 08:26 - 2013-11-15 05:45 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2015-02-09 22:45 - 2014-11-21 02:17 - 00000000 ____D () C:\ProgramData\pfiohalhahjflndlajfcklpjbhadaijg
2015-02-09 21:01 - 2011-04-14 14:06 - 00000000 ____D () C:\Program Files (x86)\NewTech Infosystems
2015-02-09 20:54 - 2011-04-14 14:17 - 00000000 ___HD () C:\OEM
2015-02-09 19:18 - 2014-02-26 22:17 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-02-08 20:51 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-07 15:32 - 2011-11-27 19:41 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-02-07 03:07 - 2015-01-03 16:13 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2015-02-05 11:26 - 2014-12-29 05:27 - 00000000 ____D () C:\ProgramData\Atheros
2015-02-05 11:26 - 2013-11-16 20:01 - 00000000 ____D () C:\Users\THeistand\AppData\Temp
2015-02-05 11:26 - 2013-08-30 23:39 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-02-05 11:26 - 2013-01-19 08:56 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\XnView
2015-02-05 11:26 - 2012-08-15 11:08 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Vso
2015-02-05 11:24 - 2012-02-19 14:28 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-02-05 11:24 - 2012-01-02 23:11 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Skype
2015-02-05 10:34 - 2013-09-21 16:43 - 00000000 ____D () C:\Users\THeistand\Documents\Outlook Files
2015-02-04 20:58 - 2014-12-24 16:34 - 00000000 ____D () C:\Users\THeistand\Desktop\Divorce Files
2015-02-01 09:48 - 2011-12-16 09:01 - 00000000 ____D () C:\Users\THeistand\Documents\Quicken
2015-01-29 22:36 - 2012-02-24 17:48 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\vlc
2015-01-28 14:21 - 2012-10-08 07:49 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-28 14:11 - 2011-06-08 15:24 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-01-28 13:43 - 2015-01-12 01:07 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-28 13:43 - 2012-01-04 03:19 - 00000000 ____D () C:\Program Files\Java
2015-01-27 16:46 - 2014-02-14 01:58 - 00101888 ___SH () C:\Users\THeistand\Documents\Thumbs.db
2015-01-27 16:44 - 2014-04-16 04:48 - 00000000 ____D () C:\Users\THeistand\Documents\Matthew
2015-01-27 16:42 - 2014-02-21 17:21 - 00000000 ____D () C:\Users\THeistand\Documents\Michelle
2015-01-27 06:29 - 2014-10-31 01:14 - 00000000 ____D () C:\Users\THeistand\Documents\Income Taxes 2006-2014
2015-01-26 09:27 - 2011-10-28 00:50 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Cyberlink
2015-01-26 06:29 - 2014-11-04 07:54 - 00036604 _____ () C:\Users\THeistand\Desktop\Parkwood Expenses from Credit Union.xlsx
2015-01-24 10:02 - 2012-03-05 05:06 - 00048038 _____ () C:\Users\THeistand\Documents\Accounts.xlsx
2015-01-24 03:31 - 2013-01-28 19:40 - 00001225 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-24 03:28 - 2013-01-28 19:38 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-01-20 11:32 - 2014-10-31 01:42 - 00000000 ____D () C:\Users\THeistand\Desktop\Unemployment Oct. 2014
2015-01-20 11:10 - 2014-02-21 17:25 - 00000000 ____D () C:\Users\THeistand\Documents\Resumes
2015-01-18 12:52 - 2011-04-14 14:04 - 00000000 ____D () C:\Program Files\Acer
2015-01-18 12:52 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-18 09:34 - 2014-04-05 23:09 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\ Angry_Birds
2015-01-18 08:21 - 2011-09-01 22:12 - 00853838 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-18 08:21 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-18 08:19 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-01-18 06:17 - 2014-11-03 00:37 - 00000000 ____D () C:\Users\THeistand\Desktop\ORIGIN GAMES
2015-01-18 06:17 - 2012-10-04 21:22 - 00000000 ___RD () C:\Users\THeistand\Desktop\DVD RIP TOOLS
2015-01-18 04:35 - 2011-04-14 14:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-01-18 04:35 - 2011-04-14 13:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-18 03:44 - 2012-06-27 06:54 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2015-01-18 03:35 - 2013-08-24 15:45 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-01-18 03:24 - 2012-12-07 09:00 - 00000000 ____D () C:\Program Files (x86)\Open DVD Ripper
2015-01-18 03:24 - 2012-09-29 12:19 - 00000000 ____D () C:\Program Files (x86)\Origin Games

==================== Files in the root of some directories =======

2015-01-11 14:52 - 2015-01-11 14:52 - 0037937 _____ () C:\Users\THeistand\AppData\Roaming\Comma Separated Values.ADR
2012-08-15 11:08 - 2012-08-15 11:08 - 0099384 _____ () C:\Users\THeistand\AppData\Roaming\inst.exe
2012-08-15 11:08 - 2012-08-15 11:08 - 0007859 _____ () C:\Users\THeistand\AppData\Roaming\pcouffin.cat
2012-08-15 11:08 - 2012-08-15 11:08 - 0001167 _____ () C:\Users\THeistand\AppData\Roaming\pcouffin.inf
2012-08-15 11:08 - 2012-08-15 11:08 - 0082816 _____ (VSO Software) C:\Users\THeistand\AppData\Roaming\pcouffin.sys
2012-08-15 11:10 - 2014-04-18 00:37 - 0001181 _____ () C:\Users\THeistand\AppData\Roaming\vso_ts_preview.xml
2014-02-15 11:19 - 2014-02-15 11:19 - 0000044 _____ () C:\Users\THeistand\AppData\Roaming\WB.CFG
2014-02-15 00:25 - 2014-02-23 11:06 - 0000346 ___SH () C:\Users\THeistand\AppData\Local\70149b02515b3bb20dd492.47983420
2013-09-22 00:02 - 2013-09-22 00:02 - 1065984 _____ () C:\Users\THeistand\AppData\Local\file__0.localstorage
2013-01-18 07:55 - 2013-01-18 07:55 - 0000218 _____ () C:\Users\THeistand\AppData\Local\recently-used.xbel
2012-08-28 00:03 - 2015-02-10 20:23 - 0007632 _____ () C:\Users\THeistand\AppData\Local\Resmon.ResmonCfg
2014-12-03 07:54 - 2014-12-03 08:06 - 0205174 _____ () C:\ProgramData\1417611246.1516.bin
2014-12-03 07:54 - 2014-12-03 08:06 - 0156016 _____ () C:\ProgramData\1417611246.2352.bin
2014-12-03 07:54 - 2014-12-03 08:04 - 0030672 _____ () C:\ProgramData\1417611246.2604.bin
2014-12-03 07:54 - 2014-12-03 07:54 - 0003735 _____ () C:\ProgramData\1417611246.3868.bin
2014-12-03 07:54 - 2014-12-03 08:03 - 0017903 _____ () C:\ProgramData\1417611246.4048.bin
2014-12-03 08:03 - 2014-12-03 08:03 - 0002247 _____ () C:\ProgramData\1417611246.4260.bin
2014-12-03 07:54 - 2014-12-03 07:54 - 0012148 _____ () C:\ProgramData\1417611246.4584.bin
2014-12-03 07:55 - 2014-12-03 08:00 - 0001545 _____ () C:\ProgramData\1417611246.4600.bin
2014-12-03 07:54 - 2014-12-03 07:54 - 0001090 _____ () C:\ProgramData\1417611246.6196.bin
2014-12-03 07:54 - 2014-12-03 07:54 - 0017948 _____ () C:\ProgramData\1417611246.6536.bin
2014-12-03 07:54 - 2014-12-03 07:54 - 0001090 _____ () C:\ProgramData\1417611246.6680.bin
2014-12-03 07:54 - 2014-12-03 08:06 - 0099087 _____ () C:\ProgramData\1417611246.6732.bin
2014-05-23 18:44 - 2014-05-23 18:44 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2014-02-22 19:41 - 2014-02-22 19:41 - 0000252 _____ () C:\ProgramData\FastPics.log
2013-01-01 19:58 - 2014-12-23 20:26 - 1183945 _____ () C:\ProgramData\lxea.log
2014-03-19 21:15 - 2014-05-23 18:44 - 0000244 _____ () C:\ProgramData\lxeaDiagnostics.log
2012-12-30 06:57 - 2014-04-18 18:30 - 0004858 _____ () C:\ProgramData\lxeaJSW.log
2012-12-19 16:36 - 2015-02-15 07:57 - 0061014 _____ () C:\ProgramData\lxeascan.log
2014-05-23 18:44 - 2014-05-23 18:44 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-08-28 00:13 - 2012-08-28 20:09 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-01-28 19:40 - 2015-01-24 03:31 - 0001225 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-05-23 18:43 - 2014-05-23 18:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Files to move or delete:
====================
C:\Users\THeistand\cnmss Canon iP2800 series (Local).dll


Some content of TEMP:
====================
C:\Users\THeistand\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuzdneh.dll
C:\Users\THeistand\AppData\Local\Temp\Quarantine.exe
C:\Users\THeistand\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 03:29

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:50 PM

Posted 16 February 2015 - 04:47 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SystweakDisabled ()
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
    Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> No Name - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} -  No File
    Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    Filter: AutorunsDisabled - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
    FF NetworkProxy: "type", 0
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
    C:\Users\THeistand\cnmss Canon iP2800 series (Local).dll
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Trevor1971

Trevor1971
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:12:50 PM

Posted 17 February 2015 - 10:58 AM

Laptop is running slightly better.  I've attached the Event Log Just for today.  IE is hanging and freezes.  Get Java script Errors.  Maybe HDD failing?

 

I ran Seagate tools and WD Lifeguard.  Both passed tests

 

Error 2/17/2015 10:17:31 AM Application Hang 1002 (101)
Error 2/17/2015 10:14:27 AM Application Hang 1002 (101)
Error 2/17/2015 8:57:21 AM Application Hang 1002 (101)
Error 2/17/2015 8:20:18 AM Application Error 1000 (100)
Error 2/17/2015 8:02:57 AM Ntfs 55 (2)
Error 2/17/2015 7:59:37 AM Application Error 1000 (100)
Error 2/17/2015 7:38:05 AM ESENT 474 Database Page Cache
Error 2/17/2015 7:04:36 AM Service Control Manager 7001 None
Error 2/17/2015 7:04:36 AM Service Control Manager 7022 None
Error 2/17/2015 7:02:32 AM Service Control Manager 7003 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:11 AM Service Control Manager 7001 None
Error 2/17/2015 7:01:10 AM Service Control Manager 7001 None
Error 2/17/2015 7:00:46 AM Dhcp-Client 1001 Address Configuration State Event
Warning 2/17/2015 7:00:36 AM Kernel-PnP 219 (212)
Error 2/17/2015 7:00:34 AM Service Control Manager 7001 None
Error 2/17/2015 7:00:33 AM Service Control Manager 7000 None
Error 2/17/2015 6:59:29 AM Bonjour Service 100 None
Error 2/17/2015 6:59:29 AM Bonjour Service 100 None
Error 2/17/2015 6:58:55 AM Service Control Manager 7000 None
Error 2/17/2015 6:58:55 AM Service Control Manager 7009 None
Error 2/17/2015 6:58:55 AM Service Control Manager 7001 None
Error 2/17/2015 6:58:47 AM Service Control Manager 7000 None
Warning 2/17/2015 6:57:46 AM Wininit 11 None
Error 2/17/2015 6:58:43 AM Eventlog 1101 Event processing
Warning 2/17/2015 6:57:31 AM k57nd60a 4 None
Error 2/17/2015 6:58:42 AM EventLog 6008 None
Warning 2/17/2015 6:35:18 AM DNS Client Events 1014 None
Error 2/17/2015 6:33:11 AM Service Control Manager 7001 None
Error 2/17/2015 6:33:11 AM Service Control Manager 7001 None
Error 2/17/2015 6:33:11 AM Service Control Manager 7022 None
Error 2/17/2015 6:31:49 AM Service Control Manager 7003 None
Error 2/17/2015 6:31:15 AM Dhcp-Client 1001 Address Configuration State Event
Error 2/17/2015 6:31:09 AM Bonjour Service 100 None
Error 2/17/2015 6:31:09 AM Bonjour Service 100 None
Warning 2/17/2015 6:29:50 AM Kernel-PnP 219 (212)
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:49 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:47 AM Service Control Manager 7000 None
Error 2/17/2015 6:29:14 AM Service Control Manager 7000 None
Error 2/17/2015 6:29:14 AM Service Control Manager 7009 None
Error 2/17/2015 6:29:14 AM Service Control Manager 7001 None
Error 2/17/2015 6:29:13 AM Service Control Manager 7000 None
Warning 2/17/2015 6:28:17 AM Wininit 11 None
Warning 2/17/2015 6:28:01 AM k57nd60a 4 None
Warning 2/17/2015 6:27:15 AM WLAN-AutoConfig 4001 None
Error 2/17/2015 6:11:29 AM DistributedCOM 10010 None
Error 2/17/2015 6:11:24 AM Kernel-General 5 None
Error 2/17/2015 6:11:17 AM Application Error 1000 (100)
Error 2/17/2015 4:43:55 AM Application Error 1000 (100)
Error 2/17/2015 3:17:27 AM Application Error 1000 (100)
Warning 2/17/2015 2:21:05 AM DNS Client Events 1014 None
Error 2/17/2015 2:17:15 AM Service Control Manager 7001 None
Error 2/17/2015 2:17:15 AM Service Control Manager 7022 None
Error 2/17/2015 2:15:02 AM Service Control Manager 7003 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:34 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:33 AM Service Control Manager 7001 None
Error 2/17/2015 2:13:07 AM Dhcp-Client 1001 Address Configuration State Event
Warning 2/17/2015 2:12:55 AM Kernel-PnP 219 (212)
Error 2/17/2015 2:12:50 AM Service Control Manager 7000 None
Error 2/17/2015 2:12:00 AM Bonjour Service 100 None
Error 2/17/2015 2:12:00 AM Bonjour Service 100 None
Error 2/17/2015 2:11:12 AM Service Control Manager 7000 None
Error 2/17/2015 2:11:12 AM Service Control Manager 7009 None
Error 2/17/2015 2:11:12 AM Service Control Manager 7001 None
Error 2/17/2015 2:11:11 AM Service Control Manager 7000 None
Warning 2/17/2015 2:10:20 AM Wininit 11 None
Error 2/17/2015 2:11:08 AM EventLog 6008 None
Error 2/17/2015 2:11:08 AM Eventlog 1101 Event processing
Warning 2/17/2015 2:09:57 AM k57nd60a 4 None
Error 2/17/2015 1:54:12 AM SideBySide 80 None
Error 2/17/2015 1:34:09 AM ESENT 474 Database Page Cache
Warning 2/17/2015 12:57:30 AM DNS Client Events 1014 None
Error 2/17/2015 12:56:33 AM Application Error 1000 (100)
Error 2/17/2015 12:51:47 AM Application Error 1000 (100)
Error 2/17/2015 12:46:23 AM Application Error 1000 (100)

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by THeistand at 2015-02-17 06:26:19 Run:1
Running from C:\Users\THeistand\Desktop
Loaded Profiles: THeistand (Available profiles: THeistand)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SystweakDisabled ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> No Name - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} -  No File
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Filter: AutorunsDisabled - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF
Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
C:\Users\THeistand\cnmss Canon iP2800 series (Local).dll
EmptyTemp:
*****************

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SystweakDisabled" => Could not move.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value deleted successfully.
HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => Key not found.
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{124D001A-BDCB-472F-AA59-BBE7E4BC3204} => value deleted successfully.
HKCR\CLSID\{124D001A-BDCB-472F-AA59-BBE7E4BC3204} => Key not found.
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
"HKCR\PROTOCOLS\Filter\AutorunsDisabled" => Key deleted successfully.
HKCR\CLSID\{807573E5-5146-11D5-A672-00B0D022E945} => Key not found.
Firefox Proxy settings were reset.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
FF => Error: No automatic fix found for this entry.
Plugin-x32: @microsoft.com/GENUINE -> disabled No File => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fabcmochhfpldjekobfaaggijgohadih" => Key deleted successfully.
C:\Users\THeistand\cnmss Canon iP2800 series (Local).dll => Moved successfully.
EmptyTemp: => Removed 455.8 MB temporary data.

The system needed a reboot.

==== End of Fixlog 06:26:51 ====

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by THeistand (administrator) on NOTEBOOK on 17-02-2015 06:35:32
Running from C:\Users\THeistand\Desktop
Loaded Profiles: THeistand (Available profiles: THeistand)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: waterfox.exe)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
( ) C:\Windows\System32\lxeacoms.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Zebra-Media) C:\Program Files (x86)\Zebra-Media\Webcam Motion Detector\WebcamMotionDetector.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Dropbox, Inc.) C:\Users\THeistand\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\downloader.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1689576 2015-02-10] (Bitdefender)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-10] (Bitdefender)
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-17] (Google Inc.)
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Run: [Webcam Motion Detector] => C:\Program Files (x86)\Zebra-Media\Webcam Motion Detector\AutoStartup.lnk [1197 2011-12-01] ()
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SystweakDisabled ()
Startup: C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\THeistand\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THeistand\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * ꖤ眡

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> {44195518-8F0D-4714-A59F-884DCF917F66} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> {5F647541-E072-4470-9E5D-62EFAE980689} URL = http://www.youtube.com/results?search_query={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://www.pcpitstop.com/nirvana/controls/pcmatic.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-288039168-2513596968-2444979690-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\THeistand\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\searchplugins\java-api.xml
FF Extension: Flashblock - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-15]
FF Extension: EPUBReader - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-10]
FF Extension: FireFTP - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-15]
FF Extension: Show Password Field - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\ShowPasswordField@danilo.treffiletti.it.xpi [2015-01-16]
FF Extension: FastestFox - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\smarterwiki@wikiatic.com.xpi [2015-01-11]
FF Extension: عارض PDF - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\uriloader@pdf.js.xpi [2014-12-02]
FF Extension: YesScript - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\yesscript@userstyles.org.xpi [2014-12-15]
FF Extension: NoScript - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-11]
FF Extension: QuickJava - C:\Users\THeistand\AppData\Roaming\Mozilla\Firefox\Profiles\6c7anaps.default-1417051098057\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-01-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-09-24]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-12-03]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-08-13]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-12-03]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-17] (Bitdefender)
S4 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S4 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-03] (Electronic Arts)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-02-12] (Bitdefender)
S4 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-10] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-10] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-10] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-10] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-10] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2014-12-17] (BitDefender LLC)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.) [File not signed]
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-11-23] (CACE Technologies, Inc.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-16] (EldoS Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 vmci; No ImagePath
S3 VMnetAdapter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 06:35 - 2015-02-17 06:35 - 00025064 _____ () C:\Users\THeistand\Desktop\FRST.txt
2015-02-16 09:35 - 2015-02-16 09:35 - 00000000 ____D () C:\Users\THeistand\Downloads\Michelle Nice Video
2015-02-16 09:28 - 2015-02-16 09:28 - 01117999 _____ () C:\Users\THeistand\Desktop\hellotarget4.apk
2015-02-16 02:51 - 2015-02-16 02:51 - 00000744 _____ () C:\Windows\KB893803v2.log
2015-02-16 02:49 - 2015-02-16 02:49 - 00002124 _____ () C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2015-02-16 02:49 - 2015-02-16 02:49 - 00001992 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2015-02-16 00:59 - 2015-02-16 00:59 - 02085888 _____ (Farbar) C:\Users\THeistand\Desktop\FRST64.exe
2015-02-16 00:39 - 2015-02-16 00:39 - 01388274 _____ (Thisisu) C:\Users\THeistand\Desktop\JRT.exe
2015-02-15 23:43 - 2015-02-17 06:28 - 00000866 _____ () C:\Windows\PFRO.log
2015-02-15 21:11 - 2015-02-16 19:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 21:10 - 2015-02-15 21:10 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-15 21:10 - 2015-02-15 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-15 21:10 - 2015-02-15 21:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-15 21:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-15 21:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-15 21:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-15 21:08 - 2015-02-15 21:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\THeistand\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-15 19:53 - 2015-02-15 21:05 - 00000000 ____D () C:\AdwCleaner
2015-02-15 19:53 - 2015-02-15 19:53 - 02112512 _____ () C:\Users\THeistand\Downloads\AdwCleaner.exe
2015-02-15 18:46 - 2015-02-15 18:46 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-15 12:19 - 2015-02-15 12:19 - 00001377 _____ () C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-15 12:11 - 2015-02-15 12:11 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-15 12:11 - 2015-02-15 12:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-15 12:11 - 2015-02-15 12:11 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-15 12:11 - 2015-02-15 12:11 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-15 12:11 - 2015-02-15 12:11 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-15 12:11 - 2015-02-15 12:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-15 12:11 - 2015-02-15 12:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-02-15 12:11 - 2015-02-15 12:11 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-02-15 12:11 - 2015-02-15 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-02-15 12:11 - 2015-02-15 12:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-15 12:11 - 2015-02-15 12:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-15 09:55 - 2015-02-17 06:29 - 00001176 _____ () C:\Windows\setupact.log
2015-02-15 09:55 - 2015-02-15 09:55 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-15 09:50 - 2015-02-15 12:15 - 00013756 _____ () C:\Windows\IE11_main.log
2015-02-15 09:36 - 2015-02-15 09:36 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-15 09:36 - 2015-02-15 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-15 09:36 - 2015-02-15 09:36 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-15 09:12 - 2015-02-15 09:12 - 00000833 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-02-15 09:12 - 2015-02-15 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-02-15 09:12 - 2015-02-15 09:12 - 00000000 ____D () C:\Program Files\CPUID
2015-02-15 08:01 - 2015-02-15 08:01 - 00000282 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}.job
2015-02-14 17:27 - 2015-02-14 17:27 - 00000682 ____H () C:\bdr-cf02
2015-02-14 12:04 - 2015-02-14 12:09 - 28251240 _____ (GZ Systems) C:\Users\THeistand\Downloads\OliveBundle.exe
2015-02-12 22:26 - 2015-02-13 02:50 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\CrashDumps
2015-02-12 10:52 - 2015-02-17 05:53 - 00048326 _____ () C:\Users\THeistand\Documents\Accounts 02-21-15.xlsx
2015-02-12 10:45 - 2015-02-12 10:46 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\New folder
2015-02-11 17:50 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 17:50 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 17:50 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 17:50 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 17:50 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 17:50 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 17:50 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 17:50 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 17:50 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 17:50 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 17:50 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 17:50 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 17:50 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 17:50 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 17:50 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 17:50 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 17:50 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 17:50 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 17:50 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 17:50 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 17:49 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 17:49 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 17:49 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 17:49 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 17:48 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 17:48 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 17:47 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 17:47 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 17:47 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 17:47 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 17:47 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 17:47 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 17:47 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 17:47 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 04:46 - 2015-02-11 04:46 - 00000000 __SHD () C:\found.000
2015-02-10 23:15 - 2015-02-17 06:35 - 00000000 ____D () C:\FRST
2015-02-10 23:15 - 2015-02-14 17:55 - 00000000 ____D () C:\Users\THeistand\Desktop\New folder
2015-02-10 20:23 - 2015-02-10 22:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-10 20:22 - 2015-02-10 20:22 - 00000000 ____D () C:\Users\THeistand\Desktop\MB anti rootkits
2015-02-10 15:55 - 2015-02-10 15:55 - 00001009 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-10 08:26 - 2015-02-10 08:26 - 00677104 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-02-10 08:26 - 2015-02-10 08:26 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-02-09 23:09 - 2015-02-09 23:09 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2015-02-09 21:13 - 2015-02-09 21:13 - 00000000 ____D () C:\Program Files\Reason
2015-02-09 21:03 - 2015-02-09 21:03 - 00003276 _____ () C:\Windows\System32\Tasks\{A2228571-3E55-4AF5-8F81-FEEBF175B44E}
2015-02-09 13:39 - 2015-02-09 13:39 - 00000000 ____D () C:\Users\THeistand\Downloads\Acer Aspire 7551 repair and upgrade
2015-02-08 20:51 - 2015-02-08 20:51 - 00000000 ____D () C:\Users\THeistand\Documents\Fax
2015-02-07 15:28 - 2015-02-07 15:28 - 00059775 _____ () C:\Users\THeistand\Desktop\RESTORES.xlsx
2015-02-06 13:59 - 2015-02-17 06:27 - 01883728 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 13:58 - 2015-02-11 18:17 - 00503480 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-05 18:15 - 2015-02-05 18:15 - 00136912 _____ () C:\Users\THeistand\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-05 10:32 - 2015-02-05 10:32 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Abelssoft
2015-02-05 10:31 - 2015-02-09 18:44 - 00000000 ____D () C:\Program Files (x86)\WashAndGo
2015-02-05 10:03 - 2015-02-17 06:33 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for NOTEBOOK-THeistand notebook
2015-02-05 10:00 - 2015-02-14 17:55 - 00000000 ____D () C:\Users\THeistand\Desktop\rempnp
2015-02-05 09:14 - 2015-02-05 09:14 - 00171127 _____ () C:\Users\THeistand\Desktop\Acer Laptop Configurations.pptx
2015-02-05 09:09 - 2015-02-05 09:09 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2015-02-05 09:08 - 2015-02-05 09:08 - 00079781 _____ () C:\Users\THeistand\Desktop\NOTEBOOK.html
2015-02-03 06:37 - 2015-02-03 06:37 - 00000000 ____D () C:\Users\THeistand\Desktop\Contents old epic4g 2-3-15
2015-02-01 23:30 - 2015-02-01 23:30 - 00000801 _____ () C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-24 10:06 - 2015-02-14 12:34 - 00048371 _____ () C:\Users\THeistand\Documents\Accounts 01-24-15.xlsx
2015-01-24 07:22 - 2015-01-24 07:22 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Apps\2.0
2015-01-24 04:39 - 2015-01-24 04:39 - 00000095 _____ () C:\Users\THeistand\Documents\debug.log
2015-01-19 21:41 - 2015-01-19 21:41 - 00001483 _____ () C:\Users\THeistand\Desktop\15 minute beef stroganoff.doc.lnk
2015-01-18 21:38 - 2015-01-18 21:39 - 00000000 ____D () C:\Users\THeistand\Downloads\Arduino
2015-01-18 15:00 - 2015-01-18 15:00 - 00001932 _____ () C:\Windows\system32\.crusader
2015-01-18 13:34 - 2015-01-18 15:03 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-18 13:33 - 2015-01-18 15:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-18 13:10 - 2012-06-01 00:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2015-01-18 13:10 - 2012-06-01 00:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2015-01-18 13:10 - 2012-06-01 00:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2015-01-18 13:10 - 2012-06-01 00:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2015-01-18 13:10 - 2012-06-01 00:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2015-01-18 13:10 - 2012-06-01 00:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2015-01-18 13:10 - 2012-05-31 23:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2015-01-18 13:10 - 2012-05-31 23:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2015-01-18 13:10 - 2012-05-31 23:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2015-01-18 13:10 - 2012-05-31 23:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2015-01-18 13:10 - 2012-05-31 23:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2015-01-18 13:10 - 2012-05-31 23:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2015-01-18 12:57 - 2015-02-14 19:09 - 00000000 ____D () C:\Users\DefaultAppPool
2015-01-18 12:57 - 2014-12-06 03:29 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2015-01-18 12:57 - 2013-03-25 17:04 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Google
2015-01-18 12:57 - 2011-04-14 15:48 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-18 12:57 - 2011-04-14 15:48 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-18 12:57 - 2011-04-14 14:20 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Downloaded Installations
2015-01-18 12:57 - 2011-04-14 13:59 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2015-01-18 12:57 - 2010-11-20 21:51 - 00001449 _____ () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-18 12:57 - 2010-11-20 21:51 - 00001415 _____ () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-18 12:57 - 2010-11-20 21:50 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini
2015-01-18 08:19 - 2015-01-18 08:19 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2015-01-18 08:19 - 2015-01-18 08:19 - 00000000 ____D () C:\Windows\system32\BestPractices
2015-01-18 08:19 - 2015-01-18 08:19 - 00000000 ____D () C:\inetpub
2015-01-18 02:35 - 2015-01-18 02:35 - 128639736 _____ (Microsoft Corporation) C:\Users\THeistand\Downloads\msert.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 06:34 - 2009-07-13 23:45 - 00041824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 06:34 - 2009-07-13 23:45 - 00041824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 06:32 - 2013-08-11 12:41 - 00000000 ___RD () C:\Users\THeistand\Dropbox
2015-02-17 06:32 - 2013-08-11 12:28 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Dropbox
2015-02-17 06:31 - 2013-12-22 10:09 - 02562560 ___SH () C:\Users\THeistand\Desktop\Thumbs.db
2015-02-17 06:29 - 2014-11-21 02:19 - 00000488 ____H () C:\Windows\Tasks\BrickFixer-S-2168547716.job
2015-02-17 06:29 - 2011-09-26 12:09 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-17 06:29 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 06:26 - 2011-08-31 20:58 - 00000000 ____D () C:\Users\THeistand
2015-02-17 06:25 - 2011-09-26 12:09 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-17 06:11 - 2014-12-05 14:11 - 00000000 ____D () C:\Users\THeistand\AppData\Local\CrashDumps
2015-02-17 05:44 - 2012-03-31 09:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-17 01:52 - 2014-11-27 00:22 - 00000740 _____ () C:\Windows\Tasks\Scheduled scanning task.job
2015-02-16 09:34 - 2012-02-24 17:48 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\vlc
2015-02-16 02:49 - 2013-08-13 19:51 - 00002485 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-02-16 02:49 - 2013-08-13 19:51 - 00002194 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-02-16 02:49 - 2013-08-13 19:51 - 00002015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-02-15 18:47 - 2012-03-31 09:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-15 18:47 - 2012-03-31 09:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-15 18:47 - 2011-09-11 14:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-15 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-15 12:18 - 2011-02-14 19:54 - 00000000 ____D () C:\Windows\Panther
2015-02-15 12:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-15 11:55 - 2011-10-06 14:55 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\TeamViewer
2015-02-15 10:11 - 2009-07-14 00:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-15 08:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-15 08:15 - 2014-01-10 22:33 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\ioloGovernor
2015-02-15 08:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-02-15 08:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-02-15 08:07 - 2014-12-03 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-02-15 07:57 - 2012-12-19 16:36 - 00061014 _____ () C:\ProgramData\lxeascan.log
2015-02-14 19:11 - 2014-02-21 17:23 - 00000000 ____D () C:\Users\THeistand\Documents\Divorce & Police Records
2015-02-14 18:41 - 2013-04-11 11:26 - 00000000 ____D () C:\Windows\pss
2015-02-14 17:57 - 2011-12-24 10:01 - 00000000 ____D () C:\Program Files\Bonjour
2015-02-14 17:55 - 2015-01-12 00:51 - 00000000 ____D () C:\Program Files\Waterfox
2015-02-14 17:55 - 2014-12-05 06:57 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-14 17:55 - 2014-09-24 19:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-14 17:55 - 2014-08-26 01:34 - 00000000 ____D () C:\Program Files (x86)\Quicken
2015-02-14 17:55 - 2014-08-15 21:02 - 00000000 ____D () C:\Users\THeistand\AppData\Local\NETGEARGenie
2015-02-14 17:55 - 2014-08-15 21:02 - 00000000 ____D () C:\Program Files (x86)\NETGEAR Genie
2015-02-14 17:55 - 2014-04-30 23:22 - 00000000 ____D () C:\Program Files\pia_manager
2015-02-14 17:55 - 2014-02-24 18:26 - 00000000 ____D () C:\Users\THeistand\AppData\Local\GoldenFrog
2015-02-14 17:55 - 2014-02-24 18:09 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-02-14 17:55 - 2014-02-22 19:35 - 00000000 ____D () C:\Program Files (x86)\Lexmark S300-S400 Series
2015-02-14 17:55 - 2014-02-20 00:58 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Golden_Frog,_Inc
2015-02-14 17:55 - 2014-02-17 23:37 - 00000000 ____D () C:\Program Files\PeerBlock
2015-02-14 17:55 - 2013-07-22 17:33 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2015-02-14 17:55 - 2012-09-29 12:14 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-14 17:55 - 2012-08-28 00:53 - 00000000 ____D () C:\Program Files\iTunes
2015-02-14 17:55 - 2012-08-28 00:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-14 17:55 - 2012-07-10 00:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-14 17:55 - 2012-06-13 16:24 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\uTorrent
2015-02-14 17:55 - 2012-01-11 21:59 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-14 17:55 - 2011-12-24 10:02 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-02-14 17:55 - 2011-12-24 10:02 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-02-14 17:55 - 2011-12-24 10:01 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-02-14 17:55 - 2011-12-16 09:25 - 00000000 ____D () C:\Program Files (x86)\PowerISO
2015-02-14 17:55 - 2011-09-10 23:23 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-14 17:55 - 2011-09-01 22:12 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-02-14 17:55 - 2011-06-08 15:28 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2015-02-14 17:55 - 2011-04-14 14:42 - 00000000 ____D () C:\Program Files\Windows Journal
2015-02-14 17:55 - 2011-04-14 14:19 - 00000000 ____D () C:\Program Files (x86)\EgisTec IPS
2015-02-14 17:55 - 2011-04-14 14:18 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2015-02-14 17:55 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-02-14 17:55 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-02-14 17:55 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-14 17:55 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-02-14 17:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-02-14 17:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-02-14 17:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Setup
2015-02-14 17:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\com
2015-02-14 17:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-02-14 17:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\servicing
2015-02-14 17:27 - 2014-12-03 08:03 - 00253404 ____H () C:\bdr-ld02
2015-02-14 17:27 - 2014-12-03 08:03 - 00009216 ____H () C:\bdr-ld02.mbr
2015-02-14 14:14 - 2013-01-21 13:21 - 00000000 ____D () C:\Users\THeistand\Documents\Ashleigh
2015-02-14 14:14 - 2012-03-07 06:09 - 00000000 ___HD () C:\Users\THeistand\Documents\Trevor File Cabinet
2015-02-14 14:07 - 2014-10-31 01:33 - 00000000 ____D () C:\Users\THeistand\Documents\DHS
2015-02-14 13:12 - 2011-09-29 12:59 - 00000000 ____D () C:\Program Files\Google
2015-02-14 13:12 - 2011-09-26 12:09 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-14 13:11 - 2011-09-26 12:09 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Google
2015-02-14 13:02 - 2014-10-20 07:36 - 00000000 ____D () C:\Users\THeistand\Downloads\pcdmis
2015-02-14 12:10 - 2014-12-08 21:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-14 10:57 - 2014-06-06 22:48 - 00000000 ____D () C:\Users\THeistand\Downloads\QUALITY ENGINEERING MANUALS
2015-02-14 04:58 - 2009-07-14 00:13 - 00917758 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-13 11:23 - 2013-08-11 12:36 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 12:08 - 2014-11-28 09:30 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Adobe
2015-02-12 07:57 - 2014-12-02 17:12 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-12 07:56 - 2012-02-26 08:55 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-11 18:11 - 2014-12-05 06:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-11 18:10 - 2011-12-02 07:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 18:02 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini
2015-02-11 17:56 - 2013-08-08 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 17:56 - 2011-09-10 18:28 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 04:37 - 2011-10-29 03:49 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-10 20:23 - 2012-08-28 00:03 - 00007632 _____ () C:\Users\THeistand\AppData\Local\Resmon.ResmonCfg
2015-02-10 14:41 - 2011-12-23 14:51 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Abelssoft
2015-02-10 14:33 - 2013-01-13 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-10 14:20 - 2011-09-26 12:09 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-10 14:20 - 2011-09-26 12:09 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-10 14:09 - 2014-03-05 18:34 - 00117760 ___SH () C:\Users\THeistand\Thumbs.db
2015-02-10 11:36 - 2015-01-12 14:37 - 00048996 _____ () C:\Users\THeistand\Documents\Accounts (Autosaved) (Autosaved).xlsx
2015-02-10 08:26 - 2014-12-03 08:05 - 01306464 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-02-10 08:26 - 2014-12-03 08:05 - 00262544 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-02-10 08:26 - 2014-12-03 08:05 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-02-10 08:26 - 2013-11-15 05:45 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2015-02-10 08:26 - 2013-11-15 05:45 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2015-02-09 22:45 - 2014-11-21 02:17 - 00000000 ____D () C:\ProgramData\pfiohalhahjflndlajfcklpjbhadaijg
2015-02-09 21:01 - 2011-04-14 14:06 - 00000000 ____D () C:\Program Files (x86)\NewTech Infosystems
2015-02-09 20:54 - 2011-04-14 14:17 - 00000000 ___HD () C:\OEM
2015-02-09 19:18 - 2014-02-26 22:17 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-02-08 20:51 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-07 15:32 - 2011-11-27 19:41 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-02-07 03:07 - 2015-01-03 16:13 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2015-02-05 11:26 - 2014-12-29 05:27 - 00000000 ____D () C:\ProgramData\Atheros
2015-02-05 11:26 - 2013-11-16 20:01 - 00000000 ____D () C:\Users\THeistand\AppData\Temp
2015-02-05 11:26 - 2013-08-30 23:39 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-02-05 11:26 - 2013-01-19 08:56 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\XnView
2015-02-05 11:26 - 2012-08-15 11:08 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Vso
2015-02-05 11:24 - 2012-02-19 14:28 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-02-05 11:24 - 2012-01-02 23:11 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Skype
2015-02-05 10:34 - 2013-09-21 16:43 - 00000000 ____D () C:\Users\THeistand\Documents\Outlook Files
2015-02-04 20:58 - 2014-12-24 16:34 - 00000000 ____D () C:\Users\THeistand\Desktop\Divorce Files
2015-02-01 09:48 - 2011-12-16 09:01 - 00000000 ____D () C:\Users\THeistand\Documents\Quicken
2015-01-28 15:51 - 2015-01-17 15:10 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\Adobe
2015-01-28 14:21 - 2012-10-08 07:49 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-28 14:11 - 2011-06-08 15:24 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-01-28 13:43 - 2015-01-12 01:07 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-28 13:43 - 2012-01-04 03:19 - 00000000 ____D () C:\Program Files\Java
2015-01-27 16:46 - 2014-02-14 01:58 - 00101888 ___SH () C:\Users\THeistand\Documents\Thumbs.db
2015-01-27 16:44 - 2014-04-16 04:48 - 00000000 ____D () C:\Users\THeistand\Documents\Matthew
2015-01-27 16:42 - 2014-02-21 17:21 - 00000000 ____D () C:\Users\THeistand\Documents\Michelle
2015-01-27 06:29 - 2014-10-31 01:14 - 00000000 ____D () C:\Users\THeistand\Documents\Income Taxes 2006-2014
2015-01-26 09:27 - 2011-10-28 00:50 - 00000000 ____D () C:\Users\THeistand\AppData\Local\Cyberlink
2015-01-26 06:29 - 2014-11-04 07:54 - 00036604 _____ () C:\Users\THeistand\Desktop\Parkwood Expenses from Credit Union.xlsx
2015-01-24 10:02 - 2012-03-05 05:06 - 00048038 _____ () C:\Users\THeistand\Documents\Accounts.xlsx
2015-01-24 03:31 - 2013-01-28 19:40 - 00001225 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-24 03:28 - 2013-01-28 19:38 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-01-20 11:32 - 2014-10-31 01:42 - 00000000 ____D () C:\Users\THeistand\Desktop\Unemployment Oct. 2014
2015-01-20 11:10 - 2014-02-21 17:25 - 00000000 ____D () C:\Users\THeistand\Documents\Resumes
2015-01-18 12:52 - 2011-04-14 14:04 - 00000000 ____D () C:\Program Files\Acer
2015-01-18 12:52 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-18 09:34 - 2014-04-05 23:09 - 00000000 ____D () C:\Users\THeistand\AppData\Roaming\ Angry_Birds
2015-01-18 08:21 - 2011-09-01 22:12 - 00853838 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-18 08:21 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-18 08:19 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-01-18 06:17 - 2014-11-03 00:37 - 00000000 ____D () C:\Users\THeistand\Desktop\ORIGIN GAMES
2015-01-18 06:17 - 2012-10-04 21:22 - 00000000 ___RD () C:\Users\THeistand\Desktop\DVD RIP TOOLS
2015-01-18 04:35 - 2011-04-14 14:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-01-18 04:35 - 2011-04-14 13:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-18 03:44 - 2012-06-27 06:54 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2015-01-18 03:35 - 2013-08-24 15:45 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-01-18 03:24 - 2012-12-07 09:00 - 00000000 ____D () C:\Program Files (x86)\Open DVD Ripper
2015-01-18 03:24 - 2012-09-29 12:19 - 00000000 ____D () C:\Program Files (x86)\Origin Games

==================== Files in the root of some directories =======

2015-01-11 14:52 - 2015-01-11 14:52 - 0037937 _____ () C:\Users\THeistand\AppData\Roaming\Comma Separated Values.ADR
2012-08-15 11:08 - 2012-08-15 11:08 - 0099384 _____ () C:\Users\THeistand\AppData\Roaming\inst.exe
2012-08-15 11:08 - 2012-08-15 11:08 - 0007859 _____ () C:\Users\THeistand\AppData\Roaming\pcouffin.cat
2012-08-15 11:08 - 2012-08-15 11:08 - 0001167 _____ () C:\Users\THeistand\AppData\Roaming\pcouffin.inf
2012-08-15 11:08 - 2012-08-15 11:08 - 0082816 _____ (VSO Software) C:\Users\THeistand\AppData\Roaming\pcouffin.sys
2012-08-15 11:10 - 2014-04-18 00:37 - 0001181 _____ () C:\Users\THeistand\AppData\Roaming\vso_ts_preview.xml
2014-02-15 11:19 - 2014-02-15 11:19 - 0000044 _____ () C:\Users\THeistand\AppData\Roaming\WB.CFG
2014-02-15 00:25 - 2014-02-23 11:06 - 0000346 ___SH () C:\Users\THeistand\AppData\Local\70149b02515b3bb20dd492.47983420
2013-09-22 00:02 - 2013-09-22 00:02 - 1065984 _____ () C:\Users\THeistand\AppData\Local\file__0.localstorage
2013-01-18 07:55 - 2013-01-18 07:55 - 0000218 _____ () C:\Users\THeistand\AppData\Local\recently-used.xbel
2012-08-28 00:03 - 2015-02-10 20:23 - 0007632 _____ () C:\Users\THeistand\AppData\Local\Resmon.ResmonCfg
2014-12-03 07:54 - 2014-12-03 08:06 - 0205174 _____ () C:\ProgramData\1417611246.1516.bin
2014-12-03 07:54 - 2014-12-03 08:06 - 0156016 _____ () C:\ProgramData\1417611246.2352.bin
2014-12-03 07:54 - 2014-12-03 08:04 - 0030672 _____ () C:\ProgramData\1417611246.2604.bin
2014-12-03 07:54 - 2014-12-03 07:54 - 0003735 _____ () C:\ProgramData\1417611246.3868.bin
2014-12-03 07:54 - 2014-12-03 08:03 - 0017903 _____ () C:\ProgramData\1417611246.4048.bin
2014-12-03 08:03 - 2014-12-03 08:03 - 0002247 _____ () C:\ProgramData\1417611246.4260.bin
2014-12-03 07:54 - 2014-12-03 07:54 - 0012148 _____ () C:\ProgramData\1417611246.4584.bin
2014-12-03 07:55 - 2014-12-03 08:00 - 0001545 _____ () C:\ProgramData\1417611246.4600.bin
2014-12-03 07:54 - 2014-12-03 07:54 - 0001090 _____ () C:\ProgramData\1417611246.6196.bin
2014-12-03 07:54 - 2014-12-03 07:54 - 0017948 _____ () C:\ProgramData\1417611246.6536.bin
2014-12-03 07:54 - 2014-12-03 07:54 - 0001090 _____ () C:\ProgramData\1417611246.6680.bin
2014-12-03 07:54 - 2014-12-03 08:06 - 0099087 _____ () C:\ProgramData\1417611246.6732.bin
2014-05-23 18:44 - 2014-05-23 18:44 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2014-02-22 19:41 - 2014-02-22 19:41 - 0000252 _____ () C:\ProgramData\FastPics.log
2013-01-01 19:58 - 2014-12-23 20:26 - 1183945 _____ () C:\ProgramData\lxea.log
2014-03-19 21:15 - 2014-05-23 18:44 - 0000244 _____ () C:\ProgramData\lxeaDiagnostics.log
2012-12-30 06:57 - 2014-04-18 18:30 - 0004858 _____ () C:\ProgramData\lxeaJSW.log
2012-12-19 16:36 - 2015-02-15 07:57 - 0061014 _____ () C:\ProgramData\lxeascan.log
2014-05-23 18:44 - 2014-05-23 18:44 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-08-28 00:13 - 2012-08-28 20:09 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-01-28 19:40 - 2015-01-24 03:31 - 0001225 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-05-23 18:43 - 2014-05-23 18:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some content of TEMP:
====================
C:\Users\THeistand\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl9bmcs.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 03:29

==================== End Of Log ============================

 

 

ESET Crashed and I got a BSOD and had to run again.  2nd Try it ran all the way through but threw up and error at the very final end but still appeared to fix two errors it found.

 

C:\Users\All Users\pfiohalhahjflndlajfcklpjbhadaijg\T7uaE8bVnJ.js JS/Kryptik.ATB trojan 
C:\ProgramData\pfiohalhahjflndlajfcklpjbhadaijg\T7uaE8bVnJ.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

 

 

Thank you for your help so far.  I do notice the laptop not lagging, and crashing nearly as much.  I think we're just about there.
 



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:50 PM

Posted 17 February 2015 - 04:14 PM

Hey, :)
Please tell me how your system is running after you run the FRST Fix below.
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    C:\Users\All Users\pfiohalhahjflndlajfcklpjbhadaijg
    C:\ProgramData\pfiohalhahjflndlajfcklpjbhadaijg
    HKLM-x32\...\Run: [] => [X]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SystweakDisabled ()
    Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Trevor1971

Trevor1971
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:12:50 PM

Posted 18 February 2015 - 10:51 AM

Laptop seems to be doing better I had one crash/freeze after applying your fix.  It would crash/freeze when I would use the back button in IE11.  I changed two settings within internet options.  See Screenshot. So far several hours has passed with no errors.  Thank you for you help.

 

316945d1399490498t-ie-11-back-button-not

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by THeistand at 2015-02-18 01:28:14 Run:2
Running from C:\Users\THeistand\Desktop
Loaded Profiles: THeistand (Available profiles: THeistand)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\All
Users\pfiohalhahjflndlajfcklpjbhadaijg
C:\ProgramData\pfiohalhahjflndlajfcklpjbhadaijg
HKLM-x32\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SystweakDisabled ()
Toolbar: HKU\S-1-5-21-288039168-2513596968-2444979690-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
EmptyTemp:
*****************

"C:\Users\All" => File/Directory not found.
Users\pfiohalhahjflndlajfcklpjbhadaijg => Error: No automatic fix found for this entry.
C:\ProgramData\pfiohalhahjflndlajfcklpjbhadaijg => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SystweakDisabled" => Could not move.
HKU\S-1-5-21-288039168-2513596968-2444979690-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
EmptyTemp: => Removed 2.1 GB temporary data.

The system needed a reboot.

==== End of Fixlog 01:28:24 ====



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:50 PM

Posted 19 February 2015 - 04:25 AM

OK, watch your system for a day and tell me if the problems are still there. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:50 AM

Posted 21 February 2015 - 09:02 AM

Greetings Trevor1971,

Machiavelli will be unavailable to reply for a bit of time and since we don't want to delay addressing your concerns I will be coming in alongside to continue to address your issues. Please allow me a little bit of time to come up to speed.

Thanks for your understanding and patience,

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:50 AM

Posted 21 February 2015 - 09:18 AM

Greetings Trevor1971,

I have reviewed all the information. Can you provide an update on your situation for me please.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Trevor1971

Trevor1971
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:12:50 PM

Posted 21 February 2015 - 02:57 PM

Thanks Gary,

I've been have a lot of errors, freezes, and bsod's. I've been backup up all my files in fear I might lose everything. In the Event Viewer every 2 seconds I get a Error for Service Control Manager

Log Name: System
Source: Service Control Manager
Date: 2/21/2015 2:00:33 AM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: notebook
Description:
The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2015-02-21T07:00:33.597929400Z" />
<EventRecordID>386104</EventRecordID>
<Correlation />
<Execution ProcessID="784" ThreadID="2500" />
<Channel>System</Channel>
<Computer>notebook</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Computer Browser</Data>
<Data Name="param2">Server</Data>
<Data Name="param3">%%1058</Data>
</EventData>
</Event>

I tried running Hitman Pro but it crashes when I try to run the clean phase. I'm at a loss.

Thanks,
Trevor

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:50 AM

Posted 21 February 2015 - 04:47 PM

Greetings Trevor,

I would like to check your hardware. If that is the issue no matter what we do we will hit a dead end. Please do these things.

===================================================

Seagate Seatools for DOS

----------
  • Please download SeaTools for DOS and create a bootable CD as instructed here and save it to your desktop
  • NOTE: If you have any difficulty booting up with this version, please use one of the legacy versions of SeaTools for DOS
  • If you do not have ISO burning software on your computer download and install Active@ ISO Burner then create a bootable disk with the downloaded file
  • Boot your computer using the CD you just created. If necessary see here for instructions about how to boot to CD
  • After the program loads click I Accept
  • Left Click on your hard drive listed under Drive List (if you have a Seagate hard drive take special note of the caution below)
  • Click Basic Tests, then select Long Generic
  • Allow the process to run, which may take up to 3 hours, and report the findings in your reply
  • If the results indicate your hard drive failed the test and you have a Seagate hard drive installed DO NOT follow up on the suggestion to allow the program to attempt to resolve the issue. Doing so may cause permanent loss of data
===================================================

Testing Computer Memory Using MemTest86+

--------------------
  • Download the latest version of MemTest86+ Windows Images: Image for creating boot-able CD , and and save it to your desktop
  • Right click on the folder and select Extract All...
  • Select Next, Next, then Finish
  • Burn the image file to a CD, as an image file. If you're unsure how to do this, see the [url=http://www.bleepingcomputer.com/forums/topic201611.html]How to Burn an ISO File tutorial.[/url. Be sure to uncheck any additional software that is offered.]
  • Put your CD in the drive and configure your machine to boot to the CD. This is different on all machines, but it's usually by pressing F12 or F10 as your system boots, and selecting either "CDROM" or your cdrom drive.
  • If you've done it correctly, MemTest86+ will start to run automaticly, as shown below:

memtestStart.png

  • If you want to be reasonably certain your RAM is OK, then allow MemTest to run until you see this message:

memtestFinished.png

  • On the other hand, if you want to be completely sure your RAM is OK, allow MemTest to run overnight. Memtest will run forever until power is pulled on the machine.
  • Check the MemTest screen for any reported errors. Errors will appear as RED warnings at the bottom of the screen, similar to the following screenshot:

memtestFail.png

  • Press the reset button on the computer, removing the MemTest disk in the process
  • Report the results
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Hard drive test results
  • MemTest results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Trevor1971

Trevor1971
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:12:50 PM

Posted 22 February 2015 - 03:52 PM

HDD tests passed. It errored when trying to generate a report at the end.

MemTest86 would run erratically. MemTest86 will start automatically but within a few moments my laptop would shutoff. I tried 3 times to get this to run without success.

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:50 AM

Posted 22 February 2015 - 04:09 PM

Thanks,

We need to follow up on that behavior. Before we start messing with the memory I would like to check your computer temperature.

Please do this.

===================================================

Core Temp

--------------------

NOTE: Many antivirus programs will flag this as malicious software but it is not. It can be safely downloaded and launched.
  • Please download Core Temp and save it to your desktop
  • If you receive a warning the file is malicious you can ignore the warning and download the file anyway
  • Launch the program
  • Monitor the core temperature both at computer idle and when performing tasks
  • Please take a screen shot of this window and attach it to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Trevor1971

Trevor1971
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:12:50 PM

Posted 22 February 2015 - 08:23 PM

Computer idle 140 F
Under 100% Load Using Prime 95 and Silver Bench simultaneously 212 F Max




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users