Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Helper DLL


  • This topic is locked This topic is locked
18 replies to this topic

#1 geekcohen

geekcohen

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 11 March 2015 - 11:27 PM

G'day guys,

I have been out of the game for a while in regards to malware programs to run. I recently got hit with an annoying virus, the securityhelper.dll virus. I have googled it a bit, but haven't had any luck with programs I have tried running.

I am running Windows 8.1 with all updates installed. I have run Malwarebytes but it doesn't find anything and AVG keeps going on and on and on about this bug.

Please advise me on what programs to run and logs to post.

Cheers,
Cohen


Edited by geekcohen, 11 March 2015 - 11:28 PM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:52 PM

Posted 12 March 2015 - 06:05 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 geekcohen

geekcohen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 12 March 2015 - 02:20 PM

Thanks

 

FRST.TXT log
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Geek Cohen (administrator) on COHEN-L-HP-ENVY on 13-03-2015 06:16:50
Running from C:\Users\Geek Cohen\Downloads
Loaded Profiles: Geek Cohen (Available profiles: Geek Cohen)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Dropbox, Inc.) C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-08-07] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-06] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-03-12] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\Run: [EPSON WorkForce 435 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHRA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\MountPoints2: {af842996-b542-11e3-be95-70188b1ae904} - "H:\Windows\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\MountPoints2: {bad9f5f3-7e42-11e3-be7b-70188b1ae904} - "E:\WIN\setup.exe" 
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\MountPoints2: {e240f677-9e6c-11e3-be8c-70188b1ae904} - "E:\LaunchU3.exe" -a
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-02-06] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164752 2015-02-06] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\Geek Cohen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-23] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-23] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-23] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-23] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.12.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2014-12-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-02-08] ( HP)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-23] (Apple Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.au/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP0511193C-2469-4113-B57D-A960CDC3EC73&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1402999947&from=cor&uid=TOSHIBAXMQ01ABD100_832EP3NJTXX832EP3NJT", "hxxp://mysearch.avg.com?cid={13DED49A-DC66-4C6F-8B75-B2D9C0073183}&mid=730837ebb23947d29dcda151cdfe00f7-0b6695676749f6785a2cbb375e3c77f0f9d8178a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-22 16:46:26&v=18.1.0.443&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={13DED49A-DC66-4C6F-8B75-B2D9C0073183}&mid=730837ebb23947d29dcda151cdfe00f7-0b6695676749f6785a2cbb375e3c77f0f9d8178a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-22 16:46:26&v=18.1.7.598&pid=safeguard&sg=&sap=hp", "https://mysearch.avg.com?cid={13DED49A-DC66-4C6F-8B75-B2D9C0073183}&mid=730837ebb23947d29dcda151cdfe00f7-0b6695676749f6785a2cbb375e3c77f0f9d8178a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-22 16:46:26&v=18.1.9.786&pid=safeguard&sg=&sap=hp", "https://mysearch.avg.com?cid={13DED49A-DC66-4C6F-8B75-B2D9C0073183}&mid=730837ebb23947d29dcda151cdfe00f7-0b6695676749f6785a2cbb375e3c77f0f9d8178a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-22 16:46:26&v=18.1.9.799&pid=safeguard&sg=&sap=hp"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-01-13]
CHR Extension: (Google Docs) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13]
CHR Extension: (Google Drive) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13]
CHR Extension: (Facebook Invites Bomber) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapfbfppjamdelgobaciclmdjkhdapik [2015-02-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13]
CHR Extension: (Google Search) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13]
CHR Extension: (Invite All (for Facebook)) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih [2015-01-13]
CHR Extension: (NetBank) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnpedghacgigoamalnfnikaagobdbjp [2014-01-13]
CHR Extension: (The QR Code Generator) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2014-01-13]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-06-23]
CHR Extension: (Website Logon) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2014-01-13]
CHR Extension: (My IP) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbgmfgkdplpkdnamkjbdanfcgfeejmg [2014-01-13]
CHR Extension: (Google Maps) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-01-13]
CHR Extension: (No Name) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]
CHR Extension: (piZap Photo Editor) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2014-05-17]
CHR Extension: (Gmail) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-08] (HP)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-23] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-02-23] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1069248 2014-02-06] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2014-08-07] (IDT, Inc.) [File not signed]
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [317296 2011-06-24] (Sierra Wireless, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-20] () [File not signed]
S4 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-03-12] (AVG Secure Search)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-12] ()
S2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
U3 BthHFSrv; C:\Windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
U3 BthHFSrv; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-14] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-14] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [18456 2012-01-10] (HandSet Incorporated)
S3 massfilter_lte; C:\Windows\System32\drivers\massfilter_LTE.sys [18456 2011-10-04] (HandSet Incorporated)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205872 2014-12-30] (Ralink Technology, Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2014-08-07] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-11] (Synaptics Incorporated)
S3 swg3kser00; C:\Windows\system32\DRIVERS\swg3kser00.sys [258432 2011-07-21] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\drivers\swiwdmbx64.sys [109312 2011-07-21] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\system32\DRIVERS\swnc8ua3.sys [249344 2011-07-21] (Sierra Wireless Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-09-01] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-03-12] ()
S3 zgdcat; C:\Windows\system32\DRIVERS\zgdcat.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcdiag; C:\Windows\system32\DRIVERS\zgdcdiag.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcmdm; C:\Windows\system32\DRIVERS\zgdcmdm.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcnet; C:\Windows\system32\DRIVERS\zgdcnet.sys [169496 2011-12-19] (ZTE Incorporated)
S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
S3 btUrbFilterDrv; \SystemRoot\System32\Drivers\IvtUrbBtFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-13 06:16 - 2015-03-13 06:17 - 00033511 _____ () C:\Users\Geek Cohen\Downloads\FRST.txt
2015-03-13 06:16 - 2015-03-13 06:16 - 02095616 _____ (Farbar) C:\Users\Geek Cohen\Downloads\FRST64.exe
2015-03-13 06:16 - 2015-03-13 06:16 - 00000000 ____D () C:\FRST
2015-03-12 19:04 - 2015-03-12 19:04 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-03-12 16:07 - 2015-03-12 16:07 - 00001002 _____ () C:\Users\Public\Desktop\Fotor.lnk
2015-03-12 16:07 - 2015-03-12 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotor
2015-03-12 16:06 - 2015-03-12 16:07 - 00000000 ____D () C:\Program Files (x86)\Fotor
2015-03-12 16:04 - 2015-03-12 16:06 - 60830872 _____ (chengdu Everimaging.Inc) C:\Users\Geek Cohen\Downloads\Fotor_v2.0.2_Setup.exe
2015-03-12 15:32 - 2015-03-12 15:33 - 00000000 ____D () C:\Users\Geek Cohen\Downloads\Big Bang Theory Season 8
2015-03-12 14:26 - 2015-03-13 06:14 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\AVG Web TuneUp
2015-03-12 14:26 - 2015-03-12 14:26 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2015-03-12 14:26 - 2015-03-12 14:26 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-03-11 09:19 - 2015-02-04 10:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-11 09:19 - 2015-02-04 10:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-11 09:19 - 2015-02-04 10:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-11 09:19 - 2015-02-03 10:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-11 09:19 - 2015-02-03 10:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-11 09:19 - 2015-01-27 14:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-11 09:19 - 2015-01-24 12:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-11 09:18 - 2015-03-06 13:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-11 09:18 - 2015-03-06 13:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-11 09:18 - 2015-02-07 10:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-11 09:18 - 2015-01-23 18:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-11 09:18 - 2015-01-23 16:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-11 09:17 - 2015-02-26 10:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-11 09:08 - 2015-01-29 12:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-11 09:08 - 2015-01-29 12:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-11 09:06 - 2015-02-20 14:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-11 09:06 - 2015-02-20 13:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-11 09:06 - 2015-02-20 13:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-11 09:06 - 2015-02-20 13:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-11 09:06 - 2015-02-06 07:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-11 09:06 - 2015-01-31 10:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-11 09:06 - 2015-01-31 10:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-11 09:05 - 2015-01-29 12:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-11 09:05 - 2015-01-29 12:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-11 09:04 - 2015-01-30 14:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-11 09:04 - 2015-01-30 14:00 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-11 08:59 - 2015-02-06 12:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-11 08:59 - 2015-02-06 12:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-11 08:54 - 2015-02-03 11:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-11 08:54 - 2015-02-03 11:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-11 08:54 - 2015-01-30 13:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-11 08:54 - 2015-01-30 13:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-11 08:54 - 2015-01-30 12:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-11 08:54 - 2015-01-30 12:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-11 08:54 - 2015-01-30 12:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-11 08:54 - 2015-01-29 12:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 08:54 - 2015-01-29 12:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 08:54 - 2015-01-29 11:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-11 08:54 - 2015-01-29 11:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-11 08:53 - 2015-01-29 11:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-11 08:53 - 2015-01-29 11:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-11 08:53 - 2015-01-28 13:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-11 08:53 - 2015-01-28 12:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-11 08:52 - 2015-01-29 02:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-11 08:52 - 2015-01-29 02:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-11 08:52 - 2015-01-29 02:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-11 08:51 - 2015-01-31 10:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-11 08:49 - 2015-01-27 15:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-11 08:49 - 2015-01-27 13:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-11 08:48 - 2015-01-30 13:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-11 08:48 - 2015-01-30 12:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-11 08:48 - 2015-01-30 12:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-11 08:48 - 2015-01-30 12:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-11 08:48 - 2015-01-30 12:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-11 08:48 - 2015-01-30 12:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-11 08:48 - 2015-01-30 12:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-11 08:48 - 2015-01-30 12:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-11 08:43 - 2015-02-21 12:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-11 08:43 - 2015-02-21 11:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-11 08:43 - 2015-02-21 11:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-11 08:43 - 2015-02-21 11:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-11 08:43 - 2015-02-21 11:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-11 08:43 - 2015-02-21 10:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-11 08:43 - 2015-02-21 10:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-11 08:43 - 2015-02-20 13:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-11 08:43 - 2015-02-20 13:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-11 08:43 - 2015-02-20 13:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-11 08:43 - 2015-02-20 13:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-11 08:43 - 2015-02-20 13:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-11 08:43 - 2015-02-20 13:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-11 08:43 - 2015-02-20 13:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-11 08:43 - 2015-02-20 13:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-11 08:43 - 2015-02-20 13:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-11 08:43 - 2015-02-20 13:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-11 08:43 - 2015-02-20 13:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-11 08:43 - 2015-02-20 12:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-11 08:43 - 2015-02-20 12:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-11 08:43 - 2015-02-20 12:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-11 08:43 - 2015-02-20 12:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-11 08:43 - 2015-02-20 12:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-11 08:43 - 2015-02-20 12:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-11 08:43 - 2015-02-20 12:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-11 08:43 - 2015-02-20 12:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-11 08:43 - 2015-02-20 12:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-11 08:43 - 2015-02-20 12:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-11 08:43 - 2015-02-20 12:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-11 08:43 - 2015-02-20 12:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-11 08:43 - 2015-02-20 12:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-11 08:43 - 2015-02-20 12:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-11 08:43 - 2015-02-20 12:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-11 08:43 - 2015-02-20 12:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-11 08:43 - 2015-02-20 12:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-11 08:43 - 2015-02-20 11:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-11 08:43 - 2015-02-20 11:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-11 08:42 - 2015-01-30 05:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-11 08:42 - 2015-01-30 05:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-11 08:41 - 2015-02-13 04:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-11 08:41 - 2015-02-13 04:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-11 08:41 - 2014-12-11 16:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-11 08:40 - 2015-02-08 10:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-11 08:40 - 2015-02-08 10:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-11 08:40 - 2015-01-28 12:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-11 08:40 - 2015-01-28 12:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-11 08:40 - 2015-01-28 10:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-11 08:40 - 2015-01-28 10:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-11 08:39 - 2015-01-21 16:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-11 08:39 - 2015-01-21 16:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-10 08:08 - 2015-03-10 08:08 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\Macromedia
2015-03-08 11:18 - 2015-03-08 11:18 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\7AA11498.sys
2015-03-08 10:41 - 2015-03-08 10:45 - 00000000 ____D () C:\AdwCleaner
2015-03-08 09:58 - 2015-03-08 09:58 - 00313112 _____ () C:\WINDOWS\Minidump\030815-50171-01.dmp
2015-03-06 09:23 - 2015-03-06 09:23 - 00000000 ____D () C:\Users\Public\CyberLink
2015-03-06 08:30 - 2015-03-06 08:30 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2015-03-06 02:03 - 2015-03-06 02:03 - 00003154 _____ () C:\WINDOWS\System32\Tasks\YCMServiceAgent
2015-03-06 02:03 - 2014-01-28 14:58 - 00041704 _____ (CyberLink Corporation) C:\WINDOWS\system32\Drivers\clwvd.sys
2015-03-05 21:40 - 2015-03-06 02:03 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-03-05 19:13 - 2014-02-26 22:29 - 00001288 _____ () C:\Users\Geek Cohen\Desktop\AVS Video Converter.lnk
2015-03-05 18:48 - 2015-03-05 18:49 - 00315456 _____ () C:\WINDOWS\Minidump\030515-83625-01.dmp
2015-03-04 19:38 - 2015-03-04 19:39 - 00312672 _____ () C:\WINDOWS\Minidump\030415-67781-01.dmp
2015-02-26 10:30 - 2015-02-26 10:30 - 00003120 _____ () C:\WINDOWS\SysWOW64\9DH5FCCP.ocx
2015-02-26 10:30 - 2015-02-26 10:30 - 00003120 _____ () C:\WINDOWS\IMG7TI73.ocx
2015-02-26 10:30 - 2015-02-26 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Print2CAD 2014
2015-02-26 10:29 - 2015-02-26 10:30 - 00000000 ____D () C:\Program Files (x86)\Print2CAD 2014
2015-02-26 10:25 - 2015-03-04 18:51 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-02-26 10:17 - 2015-02-26 10:17 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-26 10:17 - 2012-02-10 13:48 - 00114688 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl80.dll
2015-02-26 10:16 - 2015-03-05 07:08 - 00000000 ____D () C:\ProgramData\InstallMate
2015-02-26 10:12 - 2015-03-08 19:29 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\Insoft
2015-02-26 10:11 - 2015-03-12 14:56 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\YdPack
2015-02-26 10:01 - 2015-02-26 10:01 - 00003120 _____ () C:\WINDOWS\SysWOW64\Y9KYQRHU.ocx
2015-02-26 10:01 - 2015-02-26 10:01 - 00003120 _____ () C:\WINDOWS\PK3VLI4G.ocx
2015-02-26 09:59 - 2015-03-05 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Print2CAD 2015 6th Generation
2015-02-26 09:52 - 2015-02-26 09:52 - 00000000 ____D () C:\Output Files
2015-02-26 09:51 - 2015-03-05 07:07 - 00000000 ____D () C:\Program Files (x86)\Convert Pdf to Wmf Psd Jpeg
2015-02-25 17:55 - 2014-12-14 08:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 17:55 - 2014-12-14 08:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-24 16:19 - 2015-03-05 19:55 - 00000000 ____D () C:\Users\Geek Cohen\Desktop\Photography Sort
2015-02-20 19:44 - 2015-02-20 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-20 19:43 - 2015-02-20 19:44 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-20 19:43 - 2015-02-20 19:44 - 00000000 ____D () C:\Program Files\iTunes
2015-02-20 19:43 - 2015-02-20 19:43 - 00000000 ____D () C:\Program Files\iPod
2015-02-20 19:43 - 2015-02-20 19:43 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-18 13:46 - 2015-02-18 13:50 - 00012942 _____ () C:\Users\Geek Cohen\Documents\ptcsetup.log
2015-02-18 13:46 - 2015-02-18 13:46 - 00008305 _____ () C:\Users\Geek Cohen\Documents\ptcsetup.bak
2015-02-18 13:38 - 2015-02-18 13:38 - 00000427 _____ () C:\INSTALL.LOG
2015-02-18 13:34 - 2003-03-19 00:12 - 01047552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71u.dll
2015-02-18 13:34 - 2003-03-18 22:20 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71.dll
2015-02-18 13:34 - 2003-03-18 22:05 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl71.dll
2015-02-18 13:34 - 2003-03-18 21:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2015-02-18 13:34 - 2003-02-21 05:42 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-02-18 13:27 - 2015-02-18 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mini CAD Viewer
2015-02-18 13:27 - 2015-02-18 13:27 - 00000000 ____D () C:\Program Files (x86)\ZXT2007 Software
2015-02-18 13:27 - 2013-08-11 10:24 - 11800576 _____ (AutoDWG) C:\WINDOWS\SysWOW64\MiniCAD.dll
2015-02-18 13:11 - 2015-02-18 13:11 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\Nemetschek
2015-02-18 13:08 - 2015-02-18 13:10 - 00000000 ____D () C:\Program Files (x86)\Vectorworks2014Viewer
2015-02-18 13:08 - 2015-02-18 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vectorworks2014Viewer
2015-02-18 10:34 - 2015-03-08 09:58 - 704456096 _____ () C:\WINDOWS\MEMORY.DMP
2015-02-18 10:34 - 2015-02-18 10:35 - 00315456 _____ () C:\WINDOWS\Minidump\021815-60593-01.dmp
2015-02-18 09:49 - 2015-02-18 09:54 - 00000000 ____D () C:\Users\Geek Cohen\Documents\OBDwiz
2015-02-18 09:49 - 2015-02-18 09:54 - 00000000 ____D () C:\ProgramData\OBDwiz
2015-02-18 09:49 - 2015-02-18 09:49 - 00006418 _____ () C:\WINDOWS\DPINST.LOG
2015-02-18 09:49 - 2015-02-18 09:49 - 00000000 ____D () C:\ProgramData\OCTech, LLC
2015-02-18 09:49 - 2015-02-18 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBDwiz
2015-02-18 09:49 - 2015-02-18 09:49 - 00000000 ____D () C:\Program Files (x86)\OBDwiz
2015-02-17 16:03 - 2015-03-12 16:53 - 00005004 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for COHEN-L-HP-ENVY-Geek Cohen Cohen-L-HP-Envy
2015-02-17 15:45 - 2015-02-17 15:49 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\Autodesk
2015-02-17 15:30 - 2015-02-17 15:30 - 01691808 _____ (Microsoft Corporation) C:\WINDOWS\system32\FM20.DLL
2015-02-15 15:44 - 2015-02-19 13:06 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-02-15 15:44 - 2015-02-15 15:44 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-02-15 15:42 - 2015-02-06 08:01 - 32106640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 24768144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 20466496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 18575880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 17253848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 16017040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 13294528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 13208200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 10773704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 10713256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 10284872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-02-15 15:42 - 2015-02-06 08:01 - 03610768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 03247248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 02902784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434752.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434752.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00969872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00943760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00929936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00908104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00399504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00305136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-02-13 19:30 - 2015-02-13 22:52 - 00000000 ____D () C:\Users\Geek Cohen\Downloads\The Big Bang Theory - The Complete Season 7 [HDTV]
2015-02-11 15:33 - 2015-02-13 18:31 - 00000000 ____D () C:\f5b251b7c82ae95f6903a487537b
2015-02-11 09:42 - 2015-02-04 10:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 09:42 - 2015-02-04 10:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 09:42 - 2015-02-04 10:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 09:42 - 2015-02-03 10:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 09:42 - 2015-02-03 10:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 09:42 - 2015-02-03 10:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 09:42 - 2015-01-20 05:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 09:42 - 2015-01-16 09:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 09:42 - 2015-01-16 09:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 09:42 - 2015-01-14 15:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 09:42 - 2015-01-14 14:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 09:42 - 2014-12-19 19:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 09:42 - 2014-12-19 19:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 09:42 - 2014-12-09 14:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 09:42 - 2014-12-09 12:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 09:41 - 2015-01-12 13:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 09:41 - 2015-01-12 12:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 09:41 - 2015-01-12 12:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 09:41 - 2015-01-12 12:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-13 06:17 - 2014-06-22 17:46 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2015-03-13 06:17 - 2014-01-13 19:17 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-13 06:14 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-12 21:19 - 2014-01-13 06:11 - 00003974 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A56D2572-ECBB-4F4F-9DAA-3CEE29A690FC}
2015-03-12 21:15 - 2015-02-09 08:39 - 01737172 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-12 21:14 - 2014-01-13 16:27 - 00000000 ____D () C:\Users\Geek Cohen\Documents\Outlook Files
2015-03-12 21:00 - 2014-01-13 07:13 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 20:30 - 2014-03-15 09:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-12 19:46 - 2014-01-13 11:56 - 00000000 ___DO () C:\Users\Geek Cohen\SkyDrive
2015-03-12 19:42 - 2014-01-13 15:48 - 00000000 ___RD () C:\Users\Geek Cohen\Dropbox (Cohen Lewis)
2015-03-12 19:40 - 2013-11-14 18:28 - 00962360 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-12 19:05 - 2014-01-13 15:44 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\Dropbox
2015-03-12 19:05 - 2014-01-13 07:14 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1817333107-2215594419-2709439802-1002
2015-03-12 19:04 - 2014-01-13 07:13 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 19:04 - 2013-08-22 22:41 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-03-12 19:03 - 2015-02-09 08:28 - 00014700 _____ () C:\WINDOWS\setupact.log
2015-03-12 19:03 - 2014-01-13 11:34 - 00000000 ____D () C:\Users\Geek Cohen
2015-03-12 19:03 - 2013-08-23 01:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-12 19:02 - 2015-02-09 08:28 - 00034988 _____ () C:\WINDOWS\PFRO.log
2015-03-12 14:44 - 2015-02-09 07:35 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-12 14:17 - 2015-02-09 08:28 - 05254320 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-12 14:15 - 2013-08-23 00:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 14:11 - 2012-07-26 18:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-12 13:44 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-11 16:43 - 2014-01-13 12:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-11 16:43 - 2014-01-13 11:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 16:29 - 2014-01-13 09:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-11 16:29 - 2013-08-23 00:25 - 00000167 _____ () C:\WINDOWS\win.ini
2015-03-11 16:22 - 2014-01-13 09:30 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-11 16:02 - 2014-01-13 19:16 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\vlc
2015-03-11 10:14 - 2014-01-13 18:57 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\uTorrent
2015-03-10 20:41 - 2014-01-21 21:21 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-03-10 20:40 - 2013-05-26 11:48 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-03-10 20:40 - 2012-08-04 11:02 - 00000000 ____D () C:\SWSetup
2015-03-10 20:39 - 2013-08-22 22:33 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2015-03-10 12:05 - 2014-01-14 13:19 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\FileZilla
2015-03-09 14:51 - 2013-08-23 00:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-08 12:00 - 2014-01-13 06:08 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\Packages
2015-03-08 09:58 - 2014-01-24 17:17 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-07 11:18 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-07 08:19 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-06 09:22 - 2014-06-22 17:45 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2015-03-06 08:20 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\Resources
2015-03-06 02:04 - 2013-08-22 23:01 - 00000000 ____D () C:\ProgramData\install_clap
2015-03-06 02:03 - 2013-08-22 22:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-03-05 08:24 - 2013-08-23 02:38 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-05 08:24 - 2013-08-23 02:38 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-05 07:06 - 2014-01-13 06:09 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\VirtualStore
2015-03-04 19:42 - 2014-10-23 18:07 - 00000000 ____D () C:\ProgramData\AVG2015
2015-02-26 09:44 - 2014-06-26 17:44 - 00000000 ___SD () C:\Users\Geek Cohen\Documents\My Shapes
2015-02-21 06:00 - 2014-01-13 07:14 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-20 19:43 - 2014-01-14 12:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-19 10:50 - 2014-12-27 10:52 - 00003543 _____ () C:\Users\Geek Cohen\Documents\coffeecup_scd.log
2015-02-18 13:27 - 2014-05-27 20:07 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\filestore
2015-02-18 13:26 - 2014-01-14 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-18 13:25 - 2014-04-27 18:57 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\Sounddrain Downloader
2015-02-18 13:10 - 2013-08-22 22:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-15 15:44 - 2014-09-30 19:10 - 00000000 ____D () C:\Temp
2015-02-15 15:44 - 2014-01-13 11:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-13 15:53 - 2014-01-14 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-02-13 15:53 - 2014-01-14 13:17 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-02-12 09:53 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-11 15:04 - 2014-12-11 19:54 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 15:04 - 2014-07-10 11:33 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 13:31 - 2014-01-13 15:45 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
==================== Files in the root of some directories =======
 
2014-01-22 21:39 - 2015-01-16 14:14 - 0000132 _____ () C:\Users\Geek Cohen\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-12-27 10:24 - 2015-01-14 08:49 - 0039936 _____ () C:\Users\Geek Cohen\AppData\Roaming\SharedSettings.ccs
2014-02-11 17:02 - 2014-07-29 15:52 - 0001456 _____ () C:\Users\Geek Cohen\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-03-24 21:11 - 2014-03-24 21:27 - 0000600 _____ () C:\Users\Geek Cohen\AppData\Local\PUTTY.RND
2014-01-20 09:36 - 2014-01-20 09:36 - 0000877 _____ () C:\Users\Geek Cohen\AppData\Local\recently-used.xbel
 
Some content of TEMP:
====================
C:\Users\Geek Cohen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2qloyb.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-12 16:59
 
==================== End Of Log ============================

Addition.txt
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Geek Cohen at 2015-03-13 06:18:01
Running from C:\Users\Geek Cohen\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe DNG Codec (HKLM-x32\...\Adobe DNG Codec) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.2 64-bit (HKLM\...\{54E6C675-3AD4-42E4-957F-31666ABF1603}) (Version: 5.2.1 - Adobe)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{A04CB48B-B82B-406B-ABAA-209F098F03A4}) (Version: 12.1.5.155 - Adobe Systems, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
AutoSketch Release 9 (HKLM-x32\...\{DB639F99-ED74-49D4-8FFD-5B8C34C00D64}) (Version: 9.0.0.88 - Autodesk)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4306 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON NX430 TX435 Series Printer Uninstall (HKLM\...\EPSON NX430 TX435 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 435 Series Printer Uninstall (HKLM\...\EPSON WorkForce 435 Series) (Version:  - SEIKO EPSON Corporation)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.68 - NCH Software)
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
Fotor 2.0.2 (HKLM-x32\...\Fotor) (Version: 2.0.2 - Everimaging Co., Ltd.)
Free Video to MP3 Converter version 5.0.40.514 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.40.514 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{0FEE0C28-850D-4AC0-92E7-57D214134102}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.0 x64 (HKLM\...\{5D1D65C3-E6D3-4751-AEFD-CAB4E3EB85F2}) (Version: 4.0.41.2072 - Intel)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
KMSpico 4.1 (HKLM\...\KMSpico v4.1_is1) (Version: 4 - )
KMSpico v9.2.1 Beta (HKLM\...\KMSpico_is1) (Version: 9.2.1 Beta - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mediatek Bluetooth (HKLM\...\{904C579C-9366-D3B7-7F31-4879401DBD4A}) (Version: 11.0.756.0 - Mediatek)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mini CAD Viewer 3.1.6.0 (HKLM-x32\...\{900A3D0F-22D6-4B07-B618-43141080705A}_is1) (Version:  - zxt2007.com)
Mobile Broadband Manager (x32 Version: 3.8.11219 - Telstra) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OBDwiz (HKLM-x32\...\{2AAF92BA-E688-43F7-9A6D-96A01FF606D4}) (Version: 2.16.4 - OCTech, LLC)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Print2CAD 2014 (HKLM\...\{86930D06-D5AE-4535-B2AF-95FAD369F8D8}) (Version: 11.20.0.0 - BackToCAD Technologies, LLC)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.65 - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Telstra Mobile Broadband Manager (HKLM-x32\...\Mobile Broadband Manager) (Version: 3.8.11219 - Telstra)
TransferBigFiles Desktop Client (HKLM-x32\...\{AADBF2C6-CF3B-40DC-9939-E0FF3C74F193}) (Version: 1.3.5.1 - Axosoft, LLC)
Validity WBF DDK (HKLM\...\{B80C52A3-7666-4068-A371-7867F51E68EB}) (Version: 4.5.122.0 - Validity Sensors, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WOW Slider (HKLM-x32\...\WOW Slider_is1) (Version:  - )
ZTE LTE Device USB Driver (HKLM\...\{00C1EF09-B5B7-4082-B1F4-C35CE7A7FCA9}) (Version:  - ZTE Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
04-03-2015 06:50:19 HPSF Applying updates
05-03-2015 19:00:27 HPSF Applying updates
07-03-2015 08:12:15 Windows Modules Installer
10-03-2015 20:34:35 HPSF Applying updates
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-23 00:25 - 2015-03-08 11:22 - 00001161 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {063EF178-8778-41B9-BE7F-76A10A26AD44} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {24BB4A4A-BF31-4544-ABB1-D91D7A4B991D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)
Task: {42173F08-068B-4993-B6AF-D9065EF00F2F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-13] (Piriform Ltd)
Task: {5419EF43-69DC-4742-9ED8-C1ADF43C18B8} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-11] (Synaptics Incorporated)
Task: {65B7CF1C-10E2-40C2-97A4-8842F362BCB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {743AD3BB-A163-4269-8E9B-5C6B6C38AE14} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-10-28] (CyberLink Corp.)
Task: {806A826D-2874-464B-979D-0DBDCA21B5AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9E30EFD5-6D8F-4DFF-9888-82137D65B9BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)
Task: {A2A3EBD7-FC07-459E-8791-94290A44B677} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {A7F5B2CC-803C-44D1-907C-C3417DDD6161} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AE398F82-BBD5-4907-B917-6BDED0877CA1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for COHEN-L-HP-ENVY-Geek Cohen Cohen-L-HP-Envy => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {AE628B42-6830-4B24-8761-34834ECB57FB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B032C489-A226-448C-B6A2-5ED13EAB3AA0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {CBA888C1-915B-4645-9621-D6B12ADD8707} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D1DFBEF1-4C60-499F-9EBF-17E5AB550943} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D3355AE2-21D8-42F9-841D-EF74E3E60A50} - System32\Tasks\{EAE54B2D-763D-4EED-86E0-6A4016391C12} => Chrome.exe http://ui.skype.com/ui/0/6.22.81.105/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {D680E252-076F-43CB-AF71-5C4458E5FCBB} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-02-06] ()
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-03-12 14:26 - 2015-03-12 14:26 - 00620056 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2014-01-13 11:30 - 2015-02-06 06:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-14 04:35 - 2013-02-14 04:35 - 00180200 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-02-14 04:35 - 2013-02-14 04:35 - 00060392 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-03-20 08:21 - 2013-03-20 08:21 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-26 10:10 - 2015-02-26 10:10 - 02622464 _____ () C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll
2014-12-08 21:10 - 2014-12-08 21:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-25 02:22 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2013-02-08 03:19 - 2013-02-08 03:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2015-03-12 14:26 - 2015-03-12 14:26 - 03033112 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2015-02-11 08:00 - 2015-02-11 08:00 - 00750080 _____ () C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-12 19:05 - 2015-03-12 19:05 - 00043008 _____ () c:\Users\Geek Cohen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2qloyb.dll
2015-02-11 08:00 - 2015-02-11 08:00 - 00047616 _____ () C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-11 08:00 - 2015-02-11 08:00 - 00865280 _____ () C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-11 08:00 - 2015-02-11 08:00 - 00200704 _____ () C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-12 14:26 - 2015-03-12 14:26 - 01711128 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2015-03-12 14:26 - 2015-03-12 14:26 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll
2015-02-01 22:17 - 2015-02-01 22:17 - 00039200 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-25 03:41 - 2014-05-25 03:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-25 03:41 - 2014-05-25 03:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-02-21 06:00 - 2015-02-18 09:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-21 06:00 - 2015-02-18 09:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-21 06:00 - 2015-02-18 09:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2013-08-22 22:27 - 2013-02-16 11:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Geek Cohen\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Geek Cohen\Pictures\My Car 2014\With New Wheels\DSC_6109_edit_copy.JPG
DNS Servers: 10.12.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\Services: vToolbarUpdater18.4.0 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeBridge => 
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BigPondWirelessBroadbandCM => "C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
MSCONFIG\startupreg: EPSON (NX430 TX435) => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHBP.EXE /FU "C:\Users\GEEKCO~1\AppData\Local\Temp\E_S4CE8.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSON NX430 TX435 Series => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHBP.EXE /FU "C:\Users\GEEKCO~1\AppData\Local\Temp\E_S3D7C.tmp" /EF "HKCU"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Geek Cohen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BigPondWirelessBroadbandCM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\StartupApproved\Run: => "EPSON WorkForce 435 Series"
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\StartupApproved\Run: => "EPSON (NX430 TX435)"
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\StartupApproved\Run: => "EPSON NX430 TX435 Series"
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1817333107-2215594419-2709439802-500 - Administrator - Disabled)
Geek Cohen (S-1-5-21-1817333107-2215594419-2709439802-1002 - Administrator - Enabled) => C:\Users\Geek Cohen
Guest (S-1-5-21-1817333107-2215594419-2709439802-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/12/2015 07:41:48 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
 
Do you want to start in safe mode?.
Rejected Safe Mode action : Microsoft Outlook.
 
Error: (03/12/2015 04:04:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COHEN-L-HP-ENVY)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/12/2015 04:04:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COHEN-L-HP-ENVY)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/12/2015 04:03:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COHEN-L-HP-ENVY)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/12/2015 04:03:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COHEN-L-HP-ENVY)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (03/12/2015 07:42:46 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.
 
Error: (03/12/2015 07:03:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.3.0 service failed to start due to the following error: 
%%2
 
Error: (03/12/2015 07:03:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:58:14 PM on ‎3/‎12/‎2015 was unexpected.
 
Error: (03/12/2015 04:58:38 PM) (Source: DCOM) (EventID: 10010) (User: COHEN-L-HP-ENVY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (03/12/2015 04:58:08 PM) (Source: DCOM) (EventID: 10010) (User: COHEN-L-HP-ENVY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (03/12/2015 04:57:38 PM) (Source: DCOM) (EventID: 10010) (User: COHEN-L-HP-ENVY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (03/12/2015 04:57:08 PM) (Source: DCOM) (EventID: 10010) (User: COHEN-L-HP-ENVY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (03/12/2015 04:56:38 PM) (Source: DCOM) (EventID: 10010) (User: COHEN-L-HP-ENVY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (03/12/2015 04:56:08 PM) (Source: DCOM) (EventID: 10010) (User: COHEN-L-HP-ENVY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (03/12/2015 04:55:38 PM) (Source: DCOM) (EventID: 10010) (User: COHEN-L-HP-ENVY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
 
Microsoft Office Sessions:
=========================
Error: (03/12/2015 07:41:48 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft OutlookOutlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
 
Do you want to start in safe mode?
 
Error: (03/12/2015 04:04:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COHEN-L-HP-ENVY)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927151
 
Error: (03/12/2015 04:04:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COHEN-L-HP-ENVY)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927151
 
Error: (03/12/2015 04:03:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COHEN-L-HP-ENVY)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927151
 
Error: (03/12/2015 04:03:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COHEN-L-HP-ENVY)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927151
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-12 09:49:50.870
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\SETEAF5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 17%
Total physical RAM: 16315.96 MB
Available physical RAM: 13441.79 MB
Total Pagefile: 32700.02 MB
Available Pagefile: 29269.98 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:905.43 GB) (Free:397.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.97 GB) (Free:2.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:52 PM

Posted 12 March 2015 - 03:31 PM

warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).


goGMWSt.gifCRACKED SOFTWARE WARNING

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security risk. Were you aware your machine has cracked software installed? I do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.

KMSpico 4.1, KMSpico v9.2.1 Beta = Microsoft Office Professional Plus 2013

 
 
 
Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    C:\ProgramData\Microsoft\Security
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    CHR StartupUrls: Default -> "hxxp://search.con
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 geekcohen

geekcohen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 12 March 2015 - 03:51 PM

Thanks. I am aware of KMSpico.
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Geek Cohen at 2015-03-13 07:44:22 Run:1
Running from C:\Users\Geek Cohen\Downloads
Loaded Profiles: Geek Cohen (Available profiles: Geek Cohen)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\ProgramData\Microsoft\Security
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR StartupUrls: Default -> "hxxp://search.con
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider" => Key deleted successfully.
"HKCR\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
 
"C:\ProgramData\Microsoft\Security" directory move:
 
Could not move "C:\ProgramData\Microsoft\Security" directory. => Scheduled to move on reboot.
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Chrome StartupUrls deleted successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-13 07:48:31)<=
 
C:\ProgramData\Microsoft\Security => Is moved successfully.
 
==== End of Fixlog 07:48:31 ====


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:52 PM

Posted 12 March 2015 - 03:56 PM

Please uninstall the cracked software now.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 geekcohen

geekcohen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 12 March 2015 - 03:56 PM

FRST.TXT LOG
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Geek Cohen (administrator) on COHEN-L-HP-ENVY on 13-03-2015 07:54:52
Running from C:\Users\Geek Cohen\Downloads
Loaded Profiles: Geek Cohen (Available profiles: Geek Cohen)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Dropbox, Inc.) C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-08-07] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-06] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-03-12] ()
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\Run: [EPSON WorkForce 435 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHRA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\MountPoints2: {af842996-b542-11e3-be95-70188b1ae904} - "H:\Windows\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\MountPoints2: {bad9f5f3-7e42-11e3-be7b-70188b1ae904} - "E:\WIN\setup.exe" 
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\MountPoints2: {e240f677-9e6c-11e3-be8c-70188b1ae904} - "E:\LaunchU3.exe" -a
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-02-06] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164752 2015-02-06] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\Geek Cohen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-23] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-23] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-23] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-23] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2014-12-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-02-08] ( HP)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-23] (Apple Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Website Logon) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2014-01-13]
CHR Extension: (Google Wallet) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-08] (HP)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-23] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-02-23] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1069248 2014-02-06] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2014-08-07] (IDT, Inc.) [File not signed]
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [317296 2011-06-24] (Sierra Wireless, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-20] () [File not signed]
S4 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-03-12] (AVG Secure Search)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-12] ()
S2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
U3 BthHFSrv; C:\Windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
U3 BthHFSrv; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-14] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-14] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [18456 2012-01-10] (HandSet Incorporated)
S3 massfilter_lte; C:\Windows\System32\drivers\massfilter_LTE.sys [18456 2011-10-04] (HandSet Incorporated)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205872 2014-12-30] (Ralink Technology, Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2014-08-07] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-11] (Synaptics Incorporated)
S3 swg3kser00; C:\Windows\system32\DRIVERS\swg3kser00.sys [258432 2011-07-21] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\drivers\swiwdmbx64.sys [109312 2011-07-21] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\system32\DRIVERS\swnc8ua3.sys [249344 2011-07-21] (Sierra Wireless Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-09-01] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-03-13] ()
S3 zgdcat; C:\Windows\system32\DRIVERS\zgdcat.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcdiag; C:\Windows\system32\DRIVERS\zgdcdiag.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcmdm; C:\Windows\system32\DRIVERS\zgdcmdm.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcnet; C:\Windows\system32\DRIVERS\zgdcnet.sys [169496 2011-12-19] (ZTE Incorporated)
S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
S3 btUrbFilterDrv; \SystemRoot\System32\Drivers\IvtUrbBtFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-13 07:46 - 2015-03-13 07:46 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-03-13 06:18 - 2015-03-13 06:18 - 00036127 _____ () C:\Users\Geek Cohen\Downloads\Addition.txt
2015-03-13 06:16 - 2015-03-13 07:54 - 00028623 _____ () C:\Users\Geek Cohen\Downloads\FRST.txt
2015-03-13 06:16 - 2015-03-13 07:54 - 00000000 ____D () C:\FRST
2015-03-13 06:16 - 2015-03-13 06:16 - 02095616 _____ (Farbar) C:\Users\Geek Cohen\Downloads\FRST64.exe
2015-03-12 16:07 - 2015-03-12 16:07 - 00001002 _____ () C:\Users\Public\Desktop\Fotor.lnk
2015-03-12 16:07 - 2015-03-12 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotor
2015-03-12 16:06 - 2015-03-12 16:07 - 00000000 ____D () C:\Program Files (x86)\Fotor
2015-03-12 16:04 - 2015-03-12 16:06 - 60830872 _____ (chengdu Everimaging.Inc) C:\Users\Geek Cohen\Downloads\Fotor_v2.0.2_Setup.exe
2015-03-12 15:32 - 2015-03-12 15:33 - 00000000 ____D () C:\Users\Geek Cohen\Downloads\Big Bang Theory Season 8
2015-03-12 14:26 - 2015-03-13 06:14 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\AVG Web TuneUp
2015-03-12 14:26 - 2015-03-12 14:26 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2015-03-12 14:26 - 2015-03-12 14:26 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-03-11 09:19 - 2015-02-04 10:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-11 09:19 - 2015-02-04 10:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-11 09:19 - 2015-02-04 10:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-11 09:19 - 2015-02-03 10:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-11 09:19 - 2015-02-03 10:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-11 09:19 - 2015-01-27 14:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-11 09:19 - 2015-01-24 12:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-11 09:18 - 2015-03-06 13:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-11 09:18 - 2015-03-06 13:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-11 09:18 - 2015-02-07 10:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-11 09:18 - 2015-01-23 18:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-11 09:18 - 2015-01-23 16:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-11 09:17 - 2015-02-26 10:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-11 09:08 - 2015-01-29 12:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-11 09:08 - 2015-01-29 12:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-11 09:06 - 2015-02-20 14:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-11 09:06 - 2015-02-20 13:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-11 09:06 - 2015-02-20 13:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-11 09:06 - 2015-02-20 13:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-11 09:06 - 2015-02-06 07:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-11 09:06 - 2015-01-31 10:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-11 09:06 - 2015-01-31 10:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-11 09:05 - 2015-01-29 12:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-11 09:05 - 2015-01-29 12:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-11 09:04 - 2015-01-30 14:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-11 09:04 - 2015-01-30 14:00 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-11 08:59 - 2015-02-06 12:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-11 08:59 - 2015-02-06 12:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-11 08:54 - 2015-02-03 11:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-11 08:54 - 2015-02-03 11:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-11 08:54 - 2015-01-30 13:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-11 08:54 - 2015-01-30 13:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-11 08:54 - 2015-01-30 12:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-11 08:54 - 2015-01-30 12:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-11 08:54 - 2015-01-30 12:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-11 08:54 - 2015-01-29 12:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 08:54 - 2015-01-29 12:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 08:54 - 2015-01-29 11:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-11 08:54 - 2015-01-29 11:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-11 08:53 - 2015-01-29 11:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-11 08:53 - 2015-01-29 11:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-11 08:53 - 2015-01-28 13:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-11 08:53 - 2015-01-28 12:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-11 08:52 - 2015-01-29 02:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-11 08:52 - 2015-01-29 02:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-11 08:52 - 2015-01-29 02:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-11 08:51 - 2015-01-31 10:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-11 08:49 - 2015-01-27 15:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-11 08:49 - 2015-01-27 13:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-11 08:48 - 2015-01-30 13:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-11 08:48 - 2015-01-30 12:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-11 08:48 - 2015-01-30 12:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-11 08:48 - 2015-01-30 12:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-11 08:48 - 2015-01-30 12:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-11 08:48 - 2015-01-30 12:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-11 08:48 - 2015-01-30 12:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-11 08:48 - 2015-01-30 12:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-11 08:43 - 2015-02-21 12:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-11 08:43 - 2015-02-21 11:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-11 08:43 - 2015-02-21 11:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-11 08:43 - 2015-02-21 11:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-11 08:43 - 2015-02-21 11:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-11 08:43 - 2015-02-21 10:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-11 08:43 - 2015-02-21 10:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-11 08:43 - 2015-02-20 13:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-11 08:43 - 2015-02-20 13:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-11 08:43 - 2015-02-20 13:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-11 08:43 - 2015-02-20 13:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-11 08:43 - 2015-02-20 13:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-11 08:43 - 2015-02-20 13:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-11 08:43 - 2015-02-20 13:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-11 08:43 - 2015-02-20 13:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-11 08:43 - 2015-02-20 13:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-11 08:43 - 2015-02-20 13:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-11 08:43 - 2015-02-20 13:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-11 08:43 - 2015-02-20 12:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-11 08:43 - 2015-02-20 12:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-11 08:43 - 2015-02-20 12:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-11 08:43 - 2015-02-20 12:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-11 08:43 - 2015-02-20 12:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-11 08:43 - 2015-02-20 12:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-11 08:43 - 2015-02-20 12:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-11 08:43 - 2015-02-20 12:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-11 08:43 - 2015-02-20 12:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-11 08:43 - 2015-02-20 12:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-11 08:43 - 2015-02-20 12:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-11 08:43 - 2015-02-20 12:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-11 08:43 - 2015-02-20 12:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-11 08:43 - 2015-02-20 12:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-11 08:43 - 2015-02-20 12:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-11 08:43 - 2015-02-20 12:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-11 08:43 - 2015-02-20 12:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-11 08:43 - 2015-02-20 11:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-11 08:43 - 2015-02-20 11:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-11 08:42 - 2015-01-30 05:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-11 08:42 - 2015-01-30 05:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-11 08:41 - 2015-02-13 04:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-11 08:41 - 2015-02-13 04:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-11 08:41 - 2014-12-11 16:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-11 08:40 - 2015-02-08 10:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-11 08:40 - 2015-02-08 10:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-11 08:40 - 2015-01-28 12:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-11 08:40 - 2015-01-28 12:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-11 08:40 - 2015-01-28 10:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-11 08:40 - 2015-01-28 10:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-11 08:39 - 2015-01-21 16:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-11 08:39 - 2015-01-21 16:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-10 08:08 - 2015-03-10 08:08 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\Macromedia
2015-03-08 11:18 - 2015-03-08 11:18 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\7AA11498.sys
2015-03-08 10:41 - 2015-03-08 10:45 - 00000000 ____D () C:\AdwCleaner
2015-03-08 09:58 - 2015-03-08 09:58 - 00313112 _____ () C:\WINDOWS\Minidump\030815-50171-01.dmp
2015-03-06 09:23 - 2015-03-06 09:23 - 00000000 ____D () C:\Users\Public\CyberLink
2015-03-06 08:30 - 2015-03-06 08:30 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2015-03-06 02:03 - 2015-03-06 02:03 - 00003154 _____ () C:\WINDOWS\System32\Tasks\YCMServiceAgent
2015-03-06 02:03 - 2014-01-28 14:58 - 00041704 _____ (CyberLink Corporation) C:\WINDOWS\system32\Drivers\clwvd.sys
2015-03-05 21:40 - 2015-03-06 02:03 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-03-05 19:13 - 2014-02-26 22:29 - 00001288 _____ () C:\Users\Geek Cohen\Desktop\AVS Video Converter.lnk
2015-03-05 18:48 - 2015-03-05 18:49 - 00315456 _____ () C:\WINDOWS\Minidump\030515-83625-01.dmp
2015-03-04 19:38 - 2015-03-04 19:39 - 00312672 _____ () C:\WINDOWS\Minidump\030415-67781-01.dmp
2015-02-26 10:30 - 2015-02-26 10:30 - 00003120 _____ () C:\WINDOWS\SysWOW64\9DH5FCCP.ocx
2015-02-26 10:30 - 2015-02-26 10:30 - 00003120 _____ () C:\WINDOWS\IMG7TI73.ocx
2015-02-26 10:30 - 2015-02-26 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Print2CAD 2014
2015-02-26 10:29 - 2015-02-26 10:30 - 00000000 ____D () C:\Program Files (x86)\Print2CAD 2014
2015-02-26 10:25 - 2015-03-04 18:51 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-02-26 10:17 - 2015-02-26 10:17 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-26 10:17 - 2012-02-10 13:48 - 00114688 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl80.dll
2015-02-26 10:16 - 2015-03-05 07:08 - 00000000 ____D () C:\ProgramData\InstallMate
2015-02-26 10:12 - 2015-03-08 19:29 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\Insoft
2015-02-26 10:11 - 2015-03-12 14:56 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\YdPack
2015-02-26 10:01 - 2015-02-26 10:01 - 00003120 _____ () C:\WINDOWS\SysWOW64\Y9KYQRHU.ocx
2015-02-26 10:01 - 2015-02-26 10:01 - 00003120 _____ () C:\WINDOWS\PK3VLI4G.ocx
2015-02-26 09:59 - 2015-03-05 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Print2CAD 2015 6th Generation
2015-02-26 09:52 - 2015-02-26 09:52 - 00000000 ____D () C:\Output Files
2015-02-26 09:51 - 2015-03-05 07:07 - 00000000 ____D () C:\Program Files (x86)\Convert Pdf to Wmf Psd Jpeg
2015-02-25 17:55 - 2014-12-14 08:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 17:55 - 2014-12-14 08:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-24 16:19 - 2015-03-05 19:55 - 00000000 ____D () C:\Users\Geek Cohen\Desktop\Photography Sort
2015-02-20 19:44 - 2015-02-20 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-20 19:43 - 2015-02-20 19:44 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-20 19:43 - 2015-02-20 19:44 - 00000000 ____D () C:\Program Files\iTunes
2015-02-20 19:43 - 2015-02-20 19:43 - 00000000 ____D () C:\Program Files\iPod
2015-02-20 19:43 - 2015-02-20 19:43 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-18 13:46 - 2015-02-18 13:50 - 00012942 _____ () C:\Users\Geek Cohen\Documents\ptcsetup.log
2015-02-18 13:46 - 2015-02-18 13:46 - 00008305 _____ () C:\Users\Geek Cohen\Documents\ptcsetup.bak
2015-02-18 13:38 - 2015-02-18 13:38 - 00000427 _____ () C:\INSTALL.LOG
2015-02-18 13:34 - 2003-03-19 00:12 - 01047552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71u.dll
2015-02-18 13:34 - 2003-03-18 22:20 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71.dll
2015-02-18 13:34 - 2003-03-18 22:05 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl71.dll
2015-02-18 13:34 - 2003-03-18 21:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2015-02-18 13:34 - 2003-02-21 05:42 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-02-18 13:27 - 2015-02-18 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mini CAD Viewer
2015-02-18 13:27 - 2015-02-18 13:27 - 00000000 ____D () C:\Program Files (x86)\ZXT2007 Software
2015-02-18 13:27 - 2013-08-11 10:24 - 11800576 _____ (AutoDWG) C:\WINDOWS\SysWOW64\MiniCAD.dll
2015-02-18 13:11 - 2015-02-18 13:11 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\Nemetschek
2015-02-18 13:08 - 2015-02-18 13:10 - 00000000 ____D () C:\Program Files (x86)\Vectorworks2014Viewer
2015-02-18 13:08 - 2015-02-18 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vectorworks2014Viewer
2015-02-18 10:34 - 2015-03-08 09:58 - 704456096 _____ () C:\WINDOWS\MEMORY.DMP
2015-02-18 10:34 - 2015-02-18 10:35 - 00315456 _____ () C:\WINDOWS\Minidump\021815-60593-01.dmp
2015-02-18 09:49 - 2015-02-18 09:54 - 00000000 ____D () C:\Users\Geek Cohen\Documents\OBDwiz
2015-02-18 09:49 - 2015-02-18 09:54 - 00000000 ____D () C:\ProgramData\OBDwiz
2015-02-18 09:49 - 2015-02-18 09:49 - 00006418 _____ () C:\WINDOWS\DPINST.LOG
2015-02-18 09:49 - 2015-02-18 09:49 - 00000000 ____D () C:\ProgramData\OCTech, LLC
2015-02-18 09:49 - 2015-02-18 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBDwiz
2015-02-18 09:49 - 2015-02-18 09:49 - 00000000 ____D () C:\Program Files (x86)\OBDwiz
2015-02-17 16:03 - 2015-03-13 07:47 - 00005006 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for COHEN-L-HP-ENVY-Geek Cohen Cohen-L-HP-Envy
2015-02-17 15:45 - 2015-02-17 15:49 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\Autodesk
2015-02-17 15:30 - 2015-02-17 15:30 - 01691808 _____ (Microsoft Corporation) C:\WINDOWS\system32\FM20.DLL
2015-02-15 15:44 - 2015-02-19 13:06 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-02-15 15:44 - 2015-02-15 15:44 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-02-15 15:42 - 2015-02-06 08:01 - 32106640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 24768144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 20466496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 18575880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 17253848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 16017040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 13294528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 13208200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 10773704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 10713256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 10284872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-02-15 15:42 - 2015-02-06 08:01 - 03610768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 03247248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 02902784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434752.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434752.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00969872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00943760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00929936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00908104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00399504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00305136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-02-13 19:30 - 2015-02-13 22:52 - 00000000 ____D () C:\Users\Geek Cohen\Downloads\The Big Bang Theory - The Complete Season 7 [HDTV]
2015-02-11 15:33 - 2015-02-13 18:31 - 00000000 ____D () C:\f5b251b7c82ae95f6903a487537b
2015-02-11 09:42 - 2015-02-04 10:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 09:42 - 2015-02-04 10:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 09:42 - 2015-02-04 10:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 09:42 - 2015-02-03 10:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 09:42 - 2015-02-03 10:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 09:42 - 2015-02-03 10:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 09:42 - 2015-01-20 05:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 09:42 - 2015-01-16 09:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 09:42 - 2015-01-16 09:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 09:42 - 2015-01-14 15:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 09:42 - 2015-01-14 14:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 09:42 - 2014-12-19 19:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 09:42 - 2014-12-19 19:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 09:42 - 2014-12-09 14:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 09:42 - 2014-12-09 12:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 09:41 - 2015-01-12 13:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 09:41 - 2015-01-12 12:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 09:41 - 2015-01-12 12:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 09:41 - 2015-01-12 12:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-13 07:54 - 2014-01-13 15:48 - 00000000 ___RD () C:\Users\Geek Cohen\Dropbox (Cohen Lewis)
2015-03-13 07:51 - 2014-01-13 11:56 - 00000000 __RDO () C:\Users\Geek Cohen\SkyDrive
2015-03-13 07:51 - 2014-01-13 07:14 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1817333107-2215594419-2709439802-1002
2015-03-13 07:50 - 2014-01-13 15:44 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\Dropbox
2015-03-13 07:46 - 2015-02-09 08:28 - 00014931 _____ () C:\WINDOWS\setupact.log
2015-03-13 07:46 - 2014-01-13 18:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-03-13 07:46 - 2014-01-13 07:13 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-13 07:46 - 2013-08-23 01:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-13 07:46 - 2013-08-22 22:41 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-03-13 07:45 - 2015-02-09 08:28 - 00035764 _____ () C:\WINDOWS\PFRO.log
2015-03-13 07:44 - 2013-08-23 02:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-03-13 07:44 - 2013-08-23 00:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-13 07:43 - 2014-01-13 16:27 - 00000000 ____D () C:\Users\Geek Cohen\Documents\Outlook Files
2015-03-13 07:30 - 2014-03-15 09:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-13 07:26 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-13 06:17 - 2014-06-22 17:46 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2015-03-13 06:17 - 2014-01-13 19:17 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-13 06:17 - 2014-01-13 06:11 - 00003974 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A56D2572-ECBB-4F4F-9DAA-3CEE29A690FC}
2015-03-12 21:15 - 2015-02-09 08:39 - 01741641 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-12 21:00 - 2014-01-13 07:13 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 19:40 - 2013-11-14 18:28 - 00962360 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-12 19:03 - 2014-01-13 11:34 - 00000000 ____D () C:\Users\Geek Cohen
2015-03-12 14:44 - 2015-02-09 07:35 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-12 14:17 - 2015-02-09 08:28 - 05254320 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 14:11 - 2012-07-26 18:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-12 13:44 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-11 16:43 - 2014-01-13 12:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-11 16:43 - 2014-01-13 11:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 16:29 - 2014-01-13 09:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-11 16:29 - 2013-08-23 00:25 - 00000167 _____ () C:\WINDOWS\win.ini
2015-03-11 16:22 - 2014-01-13 09:30 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-11 16:02 - 2014-01-13 19:16 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\vlc
2015-03-11 10:14 - 2014-01-13 18:57 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\uTorrent
2015-03-10 20:41 - 2014-01-21 21:21 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-03-10 20:40 - 2013-05-26 11:48 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-03-10 20:40 - 2012-08-04 11:02 - 00000000 ____D () C:\SWSetup
2015-03-10 20:39 - 2013-08-22 22:33 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2015-03-10 12:05 - 2014-01-14 13:19 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\FileZilla
2015-03-09 14:51 - 2013-08-23 00:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-08 12:00 - 2014-01-13 06:08 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\Packages
2015-03-08 09:58 - 2014-01-24 17:17 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-07 11:18 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-07 08:19 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-06 09:22 - 2014-06-22 17:45 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2015-03-06 08:20 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\Resources
2015-03-06 02:04 - 2013-08-22 23:01 - 00000000 ____D () C:\ProgramData\install_clap
2015-03-06 02:03 - 2013-08-22 22:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-03-05 08:24 - 2013-08-23 02:38 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-05 08:24 - 2013-08-23 02:38 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-05 07:06 - 2014-01-13 06:09 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\VirtualStore
2015-03-04 19:42 - 2014-10-23 18:07 - 00000000 ____D () C:\ProgramData\AVG2015
2015-02-26 09:44 - 2014-06-26 17:44 - 00000000 ___SD () C:\Users\Geek Cohen\Documents\My Shapes
2015-02-21 06:00 - 2014-01-13 07:14 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-20 19:43 - 2014-01-14 12:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-19 10:50 - 2014-12-27 10:52 - 00003543 _____ () C:\Users\Geek Cohen\Documents\coffeecup_scd.log
2015-02-18 13:27 - 2014-05-27 20:07 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\filestore
2015-02-18 13:26 - 2014-01-14 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-18 13:25 - 2014-04-27 18:57 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\Sounddrain Downloader
2015-02-18 13:10 - 2013-08-22 22:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-15 15:44 - 2014-09-30 19:10 - 00000000 ____D () C:\Temp
2015-02-15 15:44 - 2014-01-13 11:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-13 15:53 - 2014-01-14 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-02-13 15:53 - 2014-01-14 13:17 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-02-12 09:53 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-11 15:04 - 2014-12-11 19:54 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 15:04 - 2014-07-10 11:33 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 13:31 - 2014-01-13 15:45 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
==================== Files in the root of some directories =======
 
2014-01-22 21:39 - 2015-01-16 14:14 - 0000132 _____ () C:\Users\Geek Cohen\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-12-27 10:24 - 2015-01-14 08:49 - 0039936 _____ () C:\Users\Geek Cohen\AppData\Roaming\SharedSettings.ccs
2014-02-11 17:02 - 2014-07-29 15:52 - 0001456 _____ () C:\Users\Geek Cohen\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-03-24 21:11 - 2014-03-24 21:27 - 0000600 _____ () C:\Users\Geek Cohen\AppData\Local\PUTTY.RND
2014-01-20 09:36 - 2014-01-20 09:36 - 0000877 _____ () C:\Users\Geek Cohen\AppData\Local\recently-used.xbel
 
Some content of TEMP:
====================
C:\Users\Geek Cohen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfmdpwr.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-12 16:59
 
==================== End Of Log ============================


#8 geekcohen

geekcohen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 12 March 2015 - 03:57 PM

Please uninstall the cracked software now.

Just completed that now.



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:52 PM

Posted 12 March 2015 - 04:01 PM


Step 1


Don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 geekcohen

geekcohen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 12 March 2015 - 04:28 PM

Hitman Pro
 

HitmanPro 3.7.9.238
www.hitmanpro.com
 
   Computer name . . . . : COHEN-L-HP-ENVY
   Windows . . . . . . . : 6.3.0.9600.X64/8
   User name . . . . . . : COHEN-L-HP-ENVY\Geek Cohen
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2015-03-13 08:13:00
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 14m 19s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 81
 
   Objects scanned . . . : 2,816,501
   Files scanned . . . . : 203,063
   Remnants scanned  . . : 1,114,165 files / 1,499,273 keys
 
Suspicious files ____________________________________________________________
 
   C:\$Recycle.Bin\S-1-5-21-1817333107-2215594419-2709439802-1002\$RO4HVTW.exe
      Size . . . . . . . : 415,232 bytes
      Age  . . . . . . . : 0.7 days (2015-03-12 14:28:39)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : CF5F35213C6434469F1B4F614A2366A2A88F3CBC7C9965A458F64545A76C5AC1
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\$Recycle.Bin\S-1-5-21-1817333107-2215594419-2709439802-1002\$RO4HVTW.exe
          1.7s C:\$Recycle.Bin\S-1-5-21-1817333107-2215594419-2709439802-1002\$RS8VGH8.exe
 
   C:\$Recycle.Bin\S-1-5-21-1817333107-2215594419-2709439802-1002\$RS8VGH8.exe
      Size . . . . . . . : 402,944 bytes
      Age  . . . . . . . : 0.7 days (2015-03-12 14:28:40)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 04505690D3A8C561ADA2C87568627A7ABB2D3AB0937BFD853652D3C61621AA57
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -1.7s C:\$Recycle.Bin\S-1-5-21-1817333107-2215594419-2709439802-1002\$RO4HVTW.exe
          0.0s C:\$Recycle.Bin\S-1-5-21-1817333107-2215594419-2709439802-1002\$RS8VGH8.exe
 
   C:\Users\Geek Cohen\Documents\Radio Programming\MOTOROLA\astro_XTS\RVN4182 ASTRO Saber & XTS3000 CPS R05.03.00-AA & ASTRO Tuner R01.03.00 Win\Support\com32upd.exe
      Size . . . . . . . : 332,808 bytes
      Age  . . . . . . . : 344.5 days (2014-04-02 21:16:06)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : 230DCE1D030061B8464DA738E4408B9140B1BDF2966C07DB8F86885913063A2A
      Product  . . . . . : Microsoft(R) Windows NT(R) Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Win32 Cabinet Self-Extractor                                           
      Version  . . . . . : 4.71.0603.0
      Copyright  . . . . : Copyright (C) Microsoft Corp. 1995
      RSA Key Size . . . : 512
      LanguageID . . . . : 1033
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 45.0
         Program is code signed with a weak certificate. This is common to malware.
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
 
   C:\Users\Geek Cohen\Documents\Radio Programming\MOTOROLA\spectra\Support\com32upd.exe
      Size . . . . . . . : 332,808 bytes
      Age  . . . . . . . : 344.5 days (2014-04-02 21:17:12)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : 230DCE1D030061B8464DA738E4408B9140B1BDF2966C07DB8F86885913063A2A
      Product  . . . . . : Microsoft(R) Windows NT(R) Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Win32 Cabinet Self-Extractor                                           
      Version  . . . . . : 4.71.0603.0
      Copyright  . . . . : Copyright (C) Microsoft Corp. 1995
      RSA Key Size . . . : 512
      LanguageID . . . . : 1033
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 45.0
         Program is code signed with a weak certificate. This is common to malware.
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
 
   C:\Users\Geek Cohen\Downloads\FRST64.exe
      Size . . . . . . . : 2,095,616 bytes
      Age  . . . . . . . : 0.1 days (2015-03-13 06:16:31)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 72AAB1C62CF0BC00F5B102954B603D1509B2AF5F0BD1911E9CAE98C4DDE2D152
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Geek Cohen\Downloads\FRST64.exe
         15.8s C:\FRST\Logs\
         15.8s C:\FRST\
         15.8s C:\FRST\Quarantine\
         15.8s C:\FRST\Hives\
         16.3s C:\FRST\Hives\ERDNT.INF
         16.3s C:\FRST\Hives\ERDNT.CON
         16.3s C:\FRST\Hives\SAM
         16.3s C:\FRST\Hives\SECURITY
         16.4s C:\FRST\Hives\SYSTEM
         16.6s C:\FRST\Hives\DEFAULT
         16.7s C:\FRST\Hives\SOFTWARE
         18.2s C:\FRST\Hives\BCD
         18.3s C:\FRST\Hives\Users\
         18.3s C:\FRST\Hives\Users\00000001\
         18.3s C:\FRST\Hives\Users\00000001\NTUSER.DAT
         18.3s C:\Windows\Prefetch\ERUNT.EXE-399FC5BA.pf
         18.5s C:\FRST\Hives\Users\00000002\
         18.5s C:\FRST\Hives\Users\00000002\UsrClass.dat
         18.6s C:\FRST\Hives\ERDNT.EXE
         18.6s C:\FRST\Hives\ERDNTWIN.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.7s C:\Users\Geek Cohen\Downloads\FRST.txt
         23.3s C:\Windows\Prefetch\FRST64.EXE-95916FF0.pf
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:3865878.fls.doubleclick.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:7search.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-apac.doubleclick.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.au.doubleclick.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.doubleclick.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.org.vn
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.pxlad.io
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adplxmd.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adsrvmedia.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediade.sk
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ookla.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.planet49.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.polmontventures.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.servebom.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:adservingml.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:brandsexclusive.co.nz
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:brandsexclusive.com.au
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:chitika.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:clickbank.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.122.2o7.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:secure.img-cdn.mediaplex.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.dealtime.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.hubrus.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:virginaustralia.122.2o7.net
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Geek Cohen\AppData\Local\Microsoft\Windows\INetCookies\0DP60P35.txt
   C:\Users\Geek Cohen\AppData\Local\Microsoft\Windows\INetCookies\3BVFFGET.txt
   C:\Users\Geek Cohen\AppData\Local\Microsoft\Windows\INetCookies\90R89T34.txt
   C:\Users\Geek Cohen\AppData\Local\Microsoft\Windows\INetCookies\BWU47KEE.txt
   C:\Users\Geek Cohen\AppData\Local\Microsoft\Windows\INetCookies\I0VBLSK4.txt
   C:\Users\Geek Cohen\AppData\Local\Microsoft\Windows\INetCookies\JNT5SOM2.txt
   C:\Users\Geek Cohen\AppData\Local\Microsoft\Windows\INetCookies\MP4EJZJB.txt
   C:\Users\Geek Cohen\AppData\Local\Microsoft\Windows\INetCookies\MW7FCPWX.txt
   C:\Users\Geek Cohen\AppData\Local\Microsoft\Windows\INetCookies\YE2Z5BMK.txt
 
 


OTHER PROGRAMS ARE STILL GOING.


#11 geekcohen

geekcohen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 12 March 2015 - 06:52 PM

Still going, might be a few hours yet.

Attached Files



#12 geekcohen

geekcohen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 12 March 2015 - 07:08 PM

DONE!
 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a3afe35febf7d641b96f3882a5dab302
# engine=22881
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-13 12:06:22
# local_time=2015-03-13 11:06:22 (+1000, AUS Eastern Daylight Time)
# country="Australia"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 0 113375166 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 51090075 0 0
# scanned=504107
# found=3
# cleaned=3
# scan_time=9858
sh=C5AA96F17ED2B68CA4C839EA7394F4534B4F5C3F ft=1 fh=57a85fb4fd4bc01c vn="a variant of Win64/Systweak.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=A8E7BEC9390FEDB5E82A92611605B4D3EDE2AD55 ft=1 fh=2410a45737336b50 vn="a variant of Win32/Injector.BONI trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\ProgramData\Microsoft\Security\Client\temp\tmp459F.exe"
sh=E057D092FBA9FE3853C74DE25B675AEB5608F8A0 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Geek Cohen\Dropbox (Cohen Lewis)\Cohen Lewis\Websites\Online Software Suites\Wordpress Files\Themes\PC_Set\footer.php"


#13 geekcohen

geekcohen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 12 March 2015 - 07:11 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Geek Cohen at 2015-03-13 11:10:53
Running from C:\Users\Geek Cohen\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe DNG Codec (HKLM-x32\...\Adobe DNG Codec) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.2 64-bit (HKLM\...\{54E6C675-3AD4-42E4-957F-31666ABF1603}) (Version: 5.2.1 - Adobe)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{A04CB48B-B82B-406B-ABAA-209F098F03A4}) (Version: 12.1.5.155 - Adobe Systems, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
AutoSketch Release 9 (HKLM-x32\...\{DB639F99-ED74-49D4-8FFD-5B8C34C00D64}) (Version: 9.0.0.88 - Autodesk)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4306 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON NX430 TX435 Series Printer Uninstall (HKLM\...\EPSON NX430 TX435 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 435 Series Printer Uninstall (HKLM\...\EPSON WorkForce 435 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.68 - NCH Software)
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
Fotor 2.0.2 (HKLM-x32\...\Fotor) (Version: 2.0.2 - Everimaging Co., Ltd.)
Free Video to MP3 Converter version 5.0.40.514 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.40.514 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{0FEE0C28-850D-4AC0-92E7-57D214134102}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.0 x64 (HKLM\...\{5D1D65C3-E6D3-4751-AEFD-CAB4E3EB85F2}) (Version: 4.0.41.2072 - Intel)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mediatek Bluetooth (HKLM\...\{904C579C-9366-D3B7-7F31-4879401DBD4A}) (Version: 11.0.756.0 - Mediatek)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mini CAD Viewer 3.1.6.0 (HKLM-x32\...\{900A3D0F-22D6-4B07-B618-43141080705A}_is1) (Version:  - zxt2007.com)
Mobile Broadband Manager (x32 Version: 3.8.11219 - Telstra) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OBDwiz (HKLM-x32\...\{2AAF92BA-E688-43F7-9A6D-96A01FF606D4}) (Version: 2.16.4 - OCTech, LLC)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Print2CAD 2014 (HKLM\...\{86930D06-D5AE-4535-B2AF-95FAD369F8D8}) (Version: 11.20.0.0 - BackToCAD Technologies, LLC)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.65 - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Telstra Mobile Broadband Manager (HKLM-x32\...\Mobile Broadband Manager) (Version: 3.8.11219 - Telstra)
TransferBigFiles Desktop Client (HKLM-x32\...\{AADBF2C6-CF3B-40DC-9939-E0FF3C74F193}) (Version: 1.3.5.1 - Axosoft, LLC)
Validity WBF DDK (HKLM\...\{B80C52A3-7666-4068-A371-7867F51E68EB}) (Version: 4.5.122.0 - Validity Sensors, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WOW Slider (HKLM-x32\...\WOW Slider_is1) (Version:  - )
ZTE LTE Device USB Driver (HKLM\...\{00C1EF09-B5B7-4082-B1F4-C35CE7A7FCA9}) (Version:  - ZTE Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
04-03-2015 06:50:19 HPSF Applying updates
05-03-2015 19:00:27 HPSF Applying updates
07-03-2015 08:12:15 Windows Modules Installer
10-03-2015 20:34:35 HPSF Applying updates
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-23 00:25 - 2015-03-08 11:22 - 00001161 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {063EF178-8778-41B9-BE7F-76A10A26AD44} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {24BB4A4A-BF31-4544-ABB1-D91D7A4B991D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)
Task: {42173F08-068B-4993-B6AF-D9065EF00F2F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-13] (Piriform Ltd)
Task: {5419EF43-69DC-4742-9ED8-C1ADF43C18B8} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-11] (Synaptics Incorporated)
Task: {65B7CF1C-10E2-40C2-97A4-8842F362BCB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {743AD3BB-A163-4269-8E9B-5C6B6C38AE14} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-10-28] (CyberLink Corp.)
Task: {806A826D-2874-464B-979D-0DBDCA21B5AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9E30EFD5-6D8F-4DFF-9888-82137D65B9BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)
Task: {A2A3EBD7-FC07-459E-8791-94290A44B677} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {A7F5B2CC-803C-44D1-907C-C3417DDD6161} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AE398F82-BBD5-4907-B917-6BDED0877CA1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for COHEN-L-HP-ENVY-Geek Cohen Cohen-L-HP-Envy => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {AE628B42-6830-4B24-8761-34834ECB57FB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B032C489-A226-448C-B6A2-5ED13EAB3AA0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {CBA888C1-915B-4645-9621-D6B12ADD8707} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D1DFBEF1-4C60-499F-9EBF-17E5AB550943} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D3355AE2-21D8-42F9-841D-EF74E3E60A50} - System32\Tasks\{EAE54B2D-763D-4EED-86E0-6A4016391C12} => Chrome.exe http://ui.skype.com/ui/0/6.22.81.105/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-01-13 11:30 - 2015-02-06 06:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-14 04:35 - 2013-02-14 04:35 - 00180200 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-02-14 04:35 - 2013-02-14 04:35 - 00060392 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-08 21:10 - 2014-12-08 21:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-03-20 08:21 - 2013-03-20 08:21 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2013-02-08 03:19 - 2013-02-08 03:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2014-01-25 02:22 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-02-11 08:00 - 2015-02-11 08:00 - 00750080 _____ () C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-13 08:03 - 2015-03-13 08:03 - 00043008 _____ () c:\Users\Geek Cohen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbtc2i7.dll
2015-02-11 08:00 - 2015-02-11 08:00 - 00047616 _____ () C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-11 08:00 - 2015-02-11 08:00 - 00865280 _____ () C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-11 08:00 - 2015-02-11 08:00 - 00200704 _____ () C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-08-22 22:27 - 2013-02-16 11:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-02-01 22:17 - 2015-02-01 22:17 - 00039200 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-25 03:41 - 2014-05-25 03:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-25 03:41 - 2014-05-25 03:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-21 06:00 - 2015-02-18 09:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-21 06:00 - 2015-02-18 09:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-21 06:00 - 2015-02-18 09:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-21 06:00 - 2015-02-18 09:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Geek Cohen\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Geek Cohen\Pictures\My Car 2014\With New Wheels\DSC_6109_edit_copy.JPG
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\Services: vToolbarUpdater18.4.0 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeBridge => 
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BigPondWirelessBroadbandCM => "C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
MSCONFIG\startupreg: EPSON (NX430 TX435) => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHBP.EXE /FU "C:\Users\GEEKCO~1\AppData\Local\Temp\E_S4CE8.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSON NX430 TX435 Series => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHBP.EXE /FU "C:\Users\GEEKCO~1\AppData\Local\Temp\E_S3D7C.tmp" /EF "HKCU"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Geek Cohen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BigPondWirelessBroadbandCM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\StartupApproved\Run: => "EPSON WorkForce 435 Series"
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\StartupApproved\Run: => "EPSON (NX430 TX435)"
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\StartupApproved\Run: => "EPSON NX430 TX435 Series"
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1817333107-2215594419-2709439802-500 - Administrator - Disabled)
Geek Cohen (S-1-5-21-1817333107-2215594419-2709439802-1002 - Administrator - Enabled) => C:\Users\Geek Cohen
Guest (S-1-5-21-1817333107-2215594419-2709439802-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/13/2015 11:00:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 5.1.0.5075 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 14a0
 
Start Time: 01d05d0e7687d0bf
 
Termination Time: 182
 
Application Path: C:\Program Files\CCleaner\CCleaner64.exe
 
Report Id: f2c38b97-c913-11e4-bef6-70188b1ae904
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (03/13/2015 10:49:28 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (03/13/2015 10:49:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (03/13/2015 10:48:29 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (03/13/2015 10:48:25 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (03/13/2015 10:48:21 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (03/13/2015 10:48:17 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (03/13/2015 10:48:13 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (03/13/2015 10:48:09 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (03/13/2015 10:48:05 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (03/13/2015 10:48:01 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
Microsoft Office Sessions:
=========================
Error: (03/13/2015 11:00:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CCleaner64.exe5.1.0.507514a001d05d0e7687d0bf182C:\Program Files\CCleaner\CCleaner64.exef2c38b97-c913-11e4-bef6-70188b1ae904
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-12 09:49:50.870
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\SETEAF5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 24%
Total physical RAM: 16315.96 MB
Available physical RAM: 12278.93 MB
Total Pagefile: 32700.02 MB
Available Pagefile: 28192.27 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:905.43 GB) (Free:404.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.97 GB) (Free:2.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Geek Cohen (administrator) on COHEN-L-HP-ENVY on 13-03-2015 11:09:29
Running from C:\Users\Geek Cohen\Desktop
Loaded Profiles: Geek Cohen (Available profiles: Geek Cohen)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Dropbox, Inc.) C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-08-07] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-06] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\Run: [EPSON WorkForce 435 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHRA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-13] (Piriform Ltd)
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\MountPoints2: {af842996-b542-11e3-be95-70188b1ae904} - "H:\Windows\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\MountPoints2: {bad9f5f3-7e42-11e3-be7b-70188b1ae904} - "E:\WIN\setup.exe" 
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\...\MountPoints2: {e240f677-9e6c-11e3-be8c-70188b1ae904} - "E:\LaunchU3.exe" -a
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-02-06] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164752 2015-02-06] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\Geek Cohen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1817333107-2215594419-2709439802-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1817333107-2215594419-2709439802-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-23] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-23] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-23] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-23] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2014-12-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-02-08] ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-23] (Apple Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.au/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP0511193C-2469-4113-B57D-A960CDC3EC73&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1402999947&from=cor&uid=TOSHIBAXMQ01ABD100_832EP3NJTXX832EP3NJT", "hxxp://mysearch.avg.com?cid={13DED49A-DC66-4C6F-8B75-B2D9C0073183}&mid=730837ebb23947d29dcda151cdfe00f7-0b6695676749f6785a2cbb375e3c77f0f9d8178a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-22 16:46:26&v=18.1.0.443&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={13DED49A-DC66-4C6F-8B75-B2D9C0073183}&mid=730837ebb23947d29dcda151cdfe00f7-0b6695676749f6785a2cbb375e3c77f0f9d8178a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-22 16:46:26&v=18.1.7.598&pid=safeguard&sg=&sap=hp", "https://mysearch.avg.com?cid={13DED49A-DC66-4C6F-8B75-B2D9C0073183}&mid=730837ebb23947d29dcda151cdfe00f7-0b6695676749f6785a2cbb375e3c77f0f9d8178a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-22 16:46:26&v=18.1.9.786&pid=safeguard&sg=&sap=hp", "https://mysearch.avg.com?cid={13DED49A-DC66-4C6F-8B75-B2D9C0073183}&mid=730837ebb23947d29dcda151cdfe00f7-0b6695676749f6785a2cbb375e3c77f0f9d8178a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-22 16:46:26&v=18.1.9.799&pid=safeguard&sg=&sap=hp"
CHR Profile: C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-03-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-13]
CHR Extension: (Invite All (for Facebook)) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih [2015-03-13]
CHR Extension: (NetBank) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnpedghacgigoamalnfnikaagobdbjp [2015-03-13]
CHR Extension: (The QR Code Generator) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2015-03-13]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-03-13]
CHR Extension: (Website Logon) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2014-01-13]
CHR Extension: (My IP) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbgmfgkdplpkdnamkjbdanfcgfeejmg [2015-03-13]
CHR Extension: (Google Maps) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-03-13]
CHR Extension: (AVG Secure Search) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]
CHR Extension: (piZap Photo Editor) - C:\Users\Geek Cohen\AppData\Local\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2015-03-13]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-08] (HP)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-23] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-02-23] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2014-08-07] (IDT, Inc.) [File not signed]
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [317296 2011-06-24] (Sierra Wireless, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-20] () [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
U3 BthHFSrv; C:\Windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
U3 BthHFSrv; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-14] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-14] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [18456 2012-01-10] (HandSet Incorporated)
S3 massfilter_lte; C:\Windows\System32\drivers\massfilter_LTE.sys [18456 2011-10-04] (HandSet Incorporated)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205872 2014-12-30] (Ralink Technology, Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2014-08-07] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-11] (Synaptics Incorporated)
S3 swg3kser00; C:\Windows\system32\DRIVERS\swg3kser00.sys [258432 2011-07-21] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\drivers\swiwdmbx64.sys [109312 2011-07-21] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\system32\DRIVERS\swnc8ua3.sys [249344 2011-07-21] (Sierra Wireless Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-09-01] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-03-13] ()
S3 zgdcat; C:\Windows\system32\DRIVERS\zgdcat.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcdiag; C:\Windows\system32\DRIVERS\zgdcdiag.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcmdm; C:\Windows\system32\DRIVERS\zgdcmdm.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcnet; C:\Windows\system32\DRIVERS\zgdcnet.sys [169496 2011-12-19] (ZTE Incorporated)
S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
S3 btUrbFilterDrv; \SystemRoot\System32\Drivers\IvtUrbBtFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-13 11:09 - 2015-03-13 11:10 - 00030871 _____ () C:\Users\Geek Cohen\Desktop\FRST.txt
2015-03-13 11:08 - 2015-03-13 11:08 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-13 11:08 - 2015-03-13 11:08 - 00000000 _____ () C:\WINDOWS\setupact.log
2015-03-13 11:07 - 2015-03-13 11:10 - 00065138 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-13 09:25 - 2015-03-13 09:25 - 07977387 _____ () C:\Users\Geek Cohen\Downloads\themeforest-7876250-landx-multipurpose-bootstrap-3-landing-page.zip
2015-03-13 08:30 - 2015-03-13 06:16 - 02095616 _____ (Farbar) C:\Users\Geek Cohen\Desktop\FRST64.exe
2015-03-13 08:27 - 2015-03-13 08:27 - 00028792 _____ () C:\Users\Geek Cohen\Downloads\HitmanPro_20150313_0827.log
2015-03-13 08:09 - 2015-03-13 08:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-13 08:08 - 2015-03-13 08:27 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-13 08:08 - 2015-03-13 08:12 - 10995632 _____ (SurfRight B.V.) C:\Users\Geek Cohen\Downloads\HitmanPro_x64.exe
2015-03-13 08:04 - 2015-03-13 08:05 - 02347384 _____ (ESET) C:\Users\Geek Cohen\Desktop\esetsmartinstaller_enu.exe
2015-03-13 08:03 - 2015-03-13 08:07 - 10085648 _____ (SurfRight B.V.) C:\Users\Geek Cohen\Downloads\HitmanPro.exe
2015-03-13 08:01 - 2015-03-13 08:01 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-03-13 06:18 - 2015-03-13 06:18 - 00036127 _____ () C:\Users\Geek Cohen\Downloads\Addition.txt
2015-03-13 06:16 - 2015-03-13 11:09 - 00000000 ____D () C:\FRST
2015-03-13 06:16 - 2015-03-13 07:56 - 00062696 _____ () C:\Users\Geek Cohen\Downloads\FRST.txt
2015-03-13 06:16 - 2015-03-13 06:16 - 02095616 _____ (Farbar) C:\Users\Geek Cohen\Downloads\FRST64.exe
2015-03-12 16:07 - 2015-03-12 16:07 - 00001002 _____ () C:\Users\Public\Desktop\Fotor.lnk
2015-03-12 16:07 - 2015-03-12 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotor
2015-03-12 16:06 - 2015-03-12 16:07 - 00000000 ____D () C:\Program Files (x86)\Fotor
2015-03-12 16:04 - 2015-03-12 16:06 - 60830872 _____ (chengdu Everimaging.Inc) C:\Users\Geek Cohen\Downloads\Fotor_v2.0.2_Setup.exe
2015-03-12 15:32 - 2015-03-12 15:33 - 00000000 ____D () C:\Users\Geek Cohen\Downloads\Big Bang Theory Season 8
2015-03-12 14:26 - 2015-03-13 07:59 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-03-11 09:19 - 2015-02-04 10:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-11 09:19 - 2015-02-04 10:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-11 09:19 - 2015-02-04 10:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-11 09:19 - 2015-02-03 10:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-11 09:19 - 2015-02-03 10:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-11 09:19 - 2015-01-27 14:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-11 09:19 - 2015-01-24 12:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-11 09:18 - 2015-03-06 13:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-11 09:18 - 2015-03-06 13:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-11 09:18 - 2015-02-07 10:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-11 09:18 - 2015-01-23 18:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-11 09:18 - 2015-01-23 16:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-11 09:17 - 2015-02-26 10:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-11 09:08 - 2015-01-29 12:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-11 09:08 - 2015-01-29 12:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-11 09:06 - 2015-02-20 14:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-11 09:06 - 2015-02-20 13:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-11 09:06 - 2015-02-20 13:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-11 09:06 - 2015-02-20 13:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-11 09:06 - 2015-02-06 07:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-11 09:06 - 2015-01-31 10:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-11 09:06 - 2015-01-31 10:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-11 09:05 - 2015-01-29 12:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-11 09:05 - 2015-01-29 12:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-11 09:04 - 2015-01-30 14:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-11 09:04 - 2015-01-30 14:00 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-11 08:59 - 2015-02-06 12:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-11 08:59 - 2015-02-06 12:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-11 08:54 - 2015-02-03 11:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-11 08:54 - 2015-02-03 11:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-11 08:54 - 2015-01-30 13:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-11 08:54 - 2015-01-30 13:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-11 08:54 - 2015-01-30 12:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-11 08:54 - 2015-01-30 12:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-11 08:54 - 2015-01-30 12:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-11 08:54 - 2015-01-29 12:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 08:54 - 2015-01-29 12:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 08:54 - 2015-01-29 11:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-11 08:54 - 2015-01-29 11:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-11 08:53 - 2015-01-29 11:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-11 08:53 - 2015-01-29 11:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-11 08:53 - 2015-01-28 13:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-11 08:53 - 2015-01-28 12:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-11 08:52 - 2015-01-29 02:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-11 08:52 - 2015-01-29 02:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-11 08:52 - 2015-01-29 02:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-11 08:51 - 2015-01-31 10:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-11 08:49 - 2015-01-27 15:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-11 08:49 - 2015-01-27 13:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-11 08:48 - 2015-01-30 13:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-11 08:48 - 2015-01-30 12:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-11 08:48 - 2015-01-30 12:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-11 08:48 - 2015-01-30 12:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-11 08:48 - 2015-01-30 12:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-11 08:48 - 2015-01-30 12:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-11 08:48 - 2015-01-30 12:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-11 08:48 - 2015-01-30 12:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-11 08:43 - 2015-02-21 12:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-11 08:43 - 2015-02-21 11:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-11 08:43 - 2015-02-21 11:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-11 08:43 - 2015-02-21 11:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-11 08:43 - 2015-02-21 11:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-11 08:43 - 2015-02-21 10:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-11 08:43 - 2015-02-21 10:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-11 08:43 - 2015-02-20 13:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-11 08:43 - 2015-02-20 13:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-11 08:43 - 2015-02-20 13:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-11 08:43 - 2015-02-20 13:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-11 08:43 - 2015-02-20 13:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-11 08:43 - 2015-02-20 13:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-11 08:43 - 2015-02-20 13:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-11 08:43 - 2015-02-20 13:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-11 08:43 - 2015-02-20 13:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-11 08:43 - 2015-02-20 13:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-11 08:43 - 2015-02-20 13:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-11 08:43 - 2015-02-20 12:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-11 08:43 - 2015-02-20 12:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-11 08:43 - 2015-02-20 12:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-11 08:43 - 2015-02-20 12:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-11 08:43 - 2015-02-20 12:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-11 08:43 - 2015-02-20 12:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-11 08:43 - 2015-02-20 12:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-11 08:43 - 2015-02-20 12:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-11 08:43 - 2015-02-20 12:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-11 08:43 - 2015-02-20 12:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-11 08:43 - 2015-02-20 12:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-11 08:43 - 2015-02-20 12:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-11 08:43 - 2015-02-20 12:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-11 08:43 - 2015-02-20 12:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-11 08:43 - 2015-02-20 12:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-11 08:43 - 2015-02-20 12:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-11 08:43 - 2015-02-20 12:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-11 08:43 - 2015-02-20 11:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-11 08:43 - 2015-02-20 11:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-11 08:42 - 2015-01-30 05:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-11 08:42 - 2015-01-30 05:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-11 08:41 - 2015-02-13 04:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-11 08:41 - 2015-02-13 04:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-11 08:41 - 2014-12-11 16:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-11 08:40 - 2015-02-08 10:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-11 08:40 - 2015-02-08 10:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-11 08:40 - 2015-01-28 12:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-11 08:40 - 2015-01-28 12:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-11 08:40 - 2015-01-28 10:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-11 08:40 - 2015-01-28 10:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-11 08:39 - 2015-01-21 16:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-11 08:39 - 2015-01-21 16:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-10 08:08 - 2015-03-10 08:08 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\Macromedia
2015-03-08 11:18 - 2015-03-08 11:18 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\7AA11498.sys
2015-03-08 10:41 - 2015-03-08 10:45 - 00000000 ____D () C:\AdwCleaner
2015-03-06 09:23 - 2015-03-06 09:23 - 00000000 ____D () C:\Users\Public\CyberLink
2015-03-06 08:30 - 2015-03-06 08:30 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2015-03-06 02:03 - 2015-03-06 02:03 - 00003154 _____ () C:\WINDOWS\System32\Tasks\YCMServiceAgent
2015-03-06 02:03 - 2014-01-28 14:58 - 00041704 _____ (CyberLink Corporation) C:\WINDOWS\system32\Drivers\clwvd.sys
2015-03-05 21:40 - 2015-03-06 02:03 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-03-05 19:13 - 2014-02-26 22:29 - 00001288 _____ () C:\Users\Geek Cohen\Desktop\AVS Video Converter.lnk
2015-02-26 10:30 - 2015-02-26 10:30 - 00003120 _____ () C:\WINDOWS\SysWOW64\9DH5FCCP.ocx
2015-02-26 10:30 - 2015-02-26 10:30 - 00003120 _____ () C:\WINDOWS\IMG7TI73.ocx
2015-02-26 10:30 - 2015-02-26 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Print2CAD 2014
2015-02-26 10:29 - 2015-02-26 10:30 - 00000000 ____D () C:\Program Files (x86)\Print2CAD 2014
2015-02-26 10:25 - 2015-03-04 18:51 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-02-26 10:17 - 2015-02-26 10:17 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-26 10:17 - 2012-02-10 13:48 - 00114688 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl80.dll
2015-02-26 10:16 - 2015-03-05 07:08 - 00000000 ____D () C:\ProgramData\InstallMate
2015-02-26 10:12 - 2015-03-08 19:29 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\Insoft
2015-02-26 10:11 - 2015-03-12 14:56 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\YdPack
2015-02-26 10:01 - 2015-02-26 10:01 - 00003120 _____ () C:\WINDOWS\SysWOW64\Y9KYQRHU.ocx
2015-02-26 10:01 - 2015-02-26 10:01 - 00003120 _____ () C:\WINDOWS\PK3VLI4G.ocx
2015-02-26 09:59 - 2015-03-05 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Print2CAD 2015 6th Generation
2015-02-26 09:52 - 2015-02-26 09:52 - 00000000 ____D () C:\Output Files
2015-02-26 09:51 - 2015-03-05 07:07 - 00000000 ____D () C:\Program Files (x86)\Convert Pdf to Wmf Psd Jpeg
2015-02-25 17:55 - 2014-12-14 08:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 17:55 - 2014-12-14 08:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-24 16:19 - 2015-03-05 19:55 - 00000000 ____D () C:\Users\Geek Cohen\Desktop\Photography Sort
2015-02-20 19:44 - 2015-02-20 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-20 19:43 - 2015-02-20 19:44 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-20 19:43 - 2015-02-20 19:44 - 00000000 ____D () C:\Program Files\iTunes
2015-02-20 19:43 - 2015-02-20 19:43 - 00000000 ____D () C:\Program Files\iPod
2015-02-20 19:43 - 2015-02-20 19:43 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-18 13:46 - 2015-02-18 13:50 - 00012942 _____ () C:\Users\Geek Cohen\Documents\ptcsetup.log
2015-02-18 13:46 - 2015-02-18 13:46 - 00008305 _____ () C:\Users\Geek Cohen\Documents\ptcsetup.bak
2015-02-18 13:38 - 2015-02-18 13:38 - 00000427 _____ () C:\INSTALL.LOG
2015-02-18 13:34 - 2003-03-19 00:12 - 01047552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71u.dll
2015-02-18 13:34 - 2003-03-18 22:20 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71.dll
2015-02-18 13:34 - 2003-03-18 22:05 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl71.dll
2015-02-18 13:34 - 2003-03-18 21:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2015-02-18 13:34 - 2003-02-21 05:42 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-02-18 13:27 - 2015-02-18 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mini CAD Viewer
2015-02-18 13:27 - 2015-02-18 13:27 - 00000000 ____D () C:\Program Files (x86)\ZXT2007 Software
2015-02-18 13:27 - 2013-08-11 10:24 - 11800576 _____ (AutoDWG) C:\WINDOWS\SysWOW64\MiniCAD.dll
2015-02-18 13:11 - 2015-02-18 13:11 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\Nemetschek
2015-02-18 13:08 - 2015-02-18 13:10 - 00000000 ____D () C:\Program Files (x86)\Vectorworks2014Viewer
2015-02-18 13:08 - 2015-02-18 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vectorworks2014Viewer
2015-02-18 09:49 - 2015-02-18 09:54 - 00000000 ____D () C:\Users\Geek Cohen\Documents\OBDwiz
2015-02-18 09:49 - 2015-02-18 09:54 - 00000000 ____D () C:\ProgramData\OBDwiz
2015-02-18 09:49 - 2015-02-18 09:49 - 00000000 ____D () C:\ProgramData\OCTech, LLC
2015-02-18 09:49 - 2015-02-18 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBDwiz
2015-02-18 09:49 - 2015-02-18 09:49 - 00000000 ____D () C:\Program Files (x86)\OBDwiz
2015-02-17 16:03 - 2015-03-13 08:29 - 00005004 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for COHEN-L-HP-ENVY-Geek Cohen Cohen-L-HP-Envy
2015-02-17 15:45 - 2015-02-17 15:49 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\Autodesk
2015-02-17 15:30 - 2015-02-17 15:30 - 01691808 _____ (Microsoft Corporation) C:\WINDOWS\system32\FM20.DLL
2015-02-15 15:44 - 2015-02-19 13:06 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-02-15 15:44 - 2015-02-15 15:44 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-02-15 15:42 - 2015-02-06 08:01 - 32106640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 24768144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 20466496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 18575880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 17253848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 16017040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 13294528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 13208200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 10773704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 10713256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 10284872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-02-15 15:42 - 2015-02-06 08:01 - 03610768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 03247248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 02902784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434752.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434752.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00969872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00943760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00929936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00908104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00399504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00305136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-02-15 15:42 - 2015-02-06 08:01 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-02-13 19:30 - 2015-02-13 22:52 - 00000000 ____D () C:\Users\Geek Cohen\Downloads\The Big Bang Theory - The Complete Season 7 [HDTV]
2015-02-11 15:33 - 2015-02-13 18:31 - 00000000 ____D () C:\f5b251b7c82ae95f6903a487537b
2015-02-11 09:42 - 2015-02-04 10:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 09:42 - 2015-02-04 10:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 09:42 - 2015-02-04 10:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 09:42 - 2015-02-03 10:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 09:42 - 2015-02-03 10:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 09:42 - 2015-02-03 10:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 09:42 - 2015-01-20 05:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 09:42 - 2015-01-16 09:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 09:42 - 2015-01-16 09:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 09:42 - 2015-01-14 15:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 09:42 - 2015-01-14 14:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 09:42 - 2014-12-19 19:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 09:42 - 2014-12-19 19:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 09:42 - 2014-12-09 14:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 09:42 - 2014-12-09 12:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 09:41 - 2015-01-12 13:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 09:41 - 2015-01-12 12:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 09:41 - 2015-01-12 12:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 09:41 - 2015-01-12 12:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-13 11:10 - 2014-01-13 12:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-13 11:08 - 2014-01-13 11:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-13 11:07 - 2014-01-13 16:27 - 00000000 ____D () C:\Users\Geek Cohen\Documents\Outlook Files
2015-03-13 11:07 - 2014-01-13 07:14 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1817333107-2215594419-2709439802-1002
2015-03-13 11:00 - 2014-01-13 07:13 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-13 11:00 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-13 10:30 - 2014-03-15 09:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-13 09:21 - 2014-01-13 07:14 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-13 08:56 - 2014-01-13 18:57 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\uTorrent
2015-03-13 08:55 - 2014-01-24 17:17 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-13 08:25 - 2014-01-13 06:11 - 00003974 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A56D2572-ECBB-4F4F-9DAA-3CEE29A690FC}
2015-03-13 08:06 - 2014-01-13 15:48 - 00000000 ___RD () C:\Users\Geek Cohen\Dropbox (Cohen Lewis)
2015-03-13 08:06 - 2014-01-13 11:56 - 00000000 ___DO () C:\Users\Geek Cohen\SkyDrive
2015-03-13 08:03 - 2014-01-13 15:44 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\Dropbox
2015-03-13 08:02 - 2014-01-13 07:13 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-13 08:01 - 2013-08-23 01:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-13 08:01 - 2013-08-22 22:41 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-03-13 08:00 - 2013-08-23 00:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-13 07:57 - 2014-02-11 13:45 - 00000000 ____D () C:\Program Files\KMSpico
2015-03-13 07:46 - 2014-01-13 18:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-03-13 07:44 - 2013-08-23 02:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-03-13 06:17 - 2014-06-22 17:46 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2015-03-13 06:17 - 2014-01-13 19:17 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-12 19:40 - 2013-11-14 18:28 - 00962360 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-12 19:03 - 2014-01-13 11:34 - 00000000 ____D () C:\Users\Geek Cohen
2015-03-12 14:44 - 2015-02-09 07:35 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 14:13 - 2013-08-23 02:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 14:11 - 2012-07-26 18:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-12 13:44 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-11 16:29 - 2014-01-13 09:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-11 16:29 - 2013-08-23 00:25 - 00000167 _____ () C:\WINDOWS\win.ini
2015-03-11 16:22 - 2014-01-13 09:30 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-11 16:02 - 2014-01-13 19:16 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\vlc
2015-03-10 20:41 - 2014-01-21 21:21 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-03-10 20:40 - 2013-05-26 11:48 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-03-10 20:40 - 2012-08-04 11:02 - 00000000 ____D () C:\SWSetup
2015-03-10 20:39 - 2013-08-22 22:33 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2015-03-10 12:05 - 2014-01-14 13:19 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\FileZilla
2015-03-09 14:51 - 2013-08-23 00:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-08 12:00 - 2014-01-13 06:08 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\Packages
2015-03-07 11:18 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-07 08:19 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-06 09:22 - 2014-06-22 17:45 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2015-03-06 08:20 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\Resources
2015-03-06 02:04 - 2013-08-22 23:01 - 00000000 ____D () C:\ProgramData\install_clap
2015-03-06 02:03 - 2013-08-22 22:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-03-05 08:24 - 2013-08-23 02:38 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-05 08:24 - 2013-08-23 02:38 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-05 07:06 - 2014-01-13 06:09 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\VirtualStore
2015-03-04 19:42 - 2014-10-23 18:07 - 00000000 ____D () C:\ProgramData\AVG2015
2015-02-26 09:44 - 2014-06-26 17:44 - 00000000 ___SD () C:\Users\Geek Cohen\Documents\My Shapes
2015-02-20 19:43 - 2014-01-14 12:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-19 10:50 - 2014-12-27 10:52 - 00003543 _____ () C:\Users\Geek Cohen\Documents\coffeecup_scd.log
2015-02-18 13:27 - 2014-05-27 20:07 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\filestore
2015-02-18 13:26 - 2014-01-14 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-18 13:25 - 2014-04-27 18:57 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Local\Sounddrain Downloader
2015-02-18 13:10 - 2013-08-22 22:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-15 15:44 - 2014-09-30 19:10 - 00000000 ____D () C:\Temp
2015-02-15 15:44 - 2014-01-13 11:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-13 15:53 - 2014-01-14 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-02-13 15:53 - 2014-01-14 13:17 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-02-12 09:53 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-11 15:04 - 2014-12-11 19:54 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 15:04 - 2014-07-10 11:33 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 13:31 - 2014-01-13 15:45 - 00000000 ____D () C:\Users\Geek Cohen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
==================== Files in the root of some directories =======
 
2014-01-22 21:39 - 2015-01-16 14:14 - 0000132 _____ () C:\Users\Geek Cohen\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-12-27 10:24 - 2015-01-14 08:49 - 0039936 _____ () C:\Users\Geek Cohen\AppData\Roaming\SharedSettings.ccs
2014-02-11 17:02 - 2014-07-29 15:52 - 0001456 _____ () C:\Users\Geek Cohen\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-03-24 21:11 - 2014-03-24 21:27 - 0000600 _____ () C:\Users\Geek Cohen\AppData\Local\PUTTY.RND
2014-01-20 09:36 - 2014-01-20 09:36 - 0000877 _____ () C:\Users\Geek Cohen\AppData\Local\recently-used.xbel
 
Some content of TEMP:
====================
C:\Users\Geek Cohen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbtc2i7.dll
C:\Users\Geek Cohen\AppData\Local\Temp\UNINSTALL.EXE
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-13 11:07
 
==================== End Of Log ============================


#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:52 PM

Posted 13 March 2015 - 12:16 PM

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Step 1

zoek.jpg

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    systemspecs;
    startupall;
    filesrcm;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 geekcohen

geekcohen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 13 March 2015 - 03:20 PM

 
Zoek.exe v5.0.0.0 Updated 13-March-2015
Tool run by Geek Cohen on Sat 14/03/2015 at  7:00:55.06.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Geek Cohen\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
14/03/2015 7:03:50 AM Zoek.exe System Restore Point Created Successfully.
 
==== Running Processes ======================
 
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Users\Geek Cohen\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Geek Cohen\Downloads\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
 
==== Services(whitelist) ======================
Powered by E Dev
 
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [Apple Mobile Device Service] - Apple Mobile Device Service - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files (x86)\avg\avg2015\avgidsagent.exe
R2 - [avgwd] - AVG WatchDog - c:\program files (x86)\avg\avg2015\avgwdsvc.exe
R2 - [Bonjour Service] - Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
R2 - [FPLService] - TrueSuiteService - c:\program files (x86)\hp simplepass\truesuiteservice.exe
R2 - [GfExperienceService] - NVIDIA GeForce Experience Service - c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe
R2 - [HP Support Assistant Service] - HP Support Assistant Service - c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
R2 - [hpsrv] - HP Service - c:\windows\system32\hpservice.exe
R2 - [IAStorDataMgrSvc] - Intel® Rapid Storage Technology - c:\program files\intel\intel® rapid storage technology\iastordatamgrsvc.exe
R2 - [igfxCUIService1.0.0.0] - Intel® HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe
R2 - [Intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
R2 - [Intel® ME Service] - Intel® ME Service - c:\program files (x86)\intel\intel® management engine components\fwservice\intelmefwservice.exe
R2 - [ISCTAgent] - Intel® Smart Connect Technology Agent - c:\program files\intel\intel® smart connect technology agent\isctagent.exe
R2 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe
R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe
R2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [STacSV] - Audio Service - c:\program files\idt\wdm\stacsv64.exe
R2 - [SwiCardDetectSvc] - Sierra Wireless Card Detection Service - c:\program files (x86)\sierra wireless inc\common\swicarddetect64.exe
R2 - [TeamViewer9] - TeamViewer 9 - c:\program files (x86)\teamviewer\version9\teamviewer_service.exe
R2 - [valWBFPolicyService] - Validity WBF Policy Service - c:\windows\system32\valwbfpolicyservice.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
R3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
R3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S2 - [vToolbarUpdater18.3.0] - vToolbarUpdater18.3.0 - c:\program files (x86)\common files\avg secure search\vtoolbarupdater\18.3.0\toolbarupdater.exe [x]
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [cphs] - Intel® Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Intel® Capability Licensing Service TCP IP Interface] - Intel® Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
S3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [SwitchBoard] - SwitchBoard - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
S3 - [TrueService] - TrueAPI Service component - c:\program files\common files\authentec\trueservice.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
S4 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S4 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
 
==== System Specs ======================
 
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 16316 MB
CPU Info: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
CPU Speed: 2431.7 MHz
Sound Card: Speakers / HP (IDT High Definit | 
Display Adapters: Intel® HD Graphics 4600 | Intel® HD Graphics 4600 | Intel® HD Graphics 4600 | NVIDIA GeForce GT 740M
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Bluetooth Device (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter #3 | Ralink RT3290 802.11bgn Wi-Fi Adapter #2 | Realtek PCIe GBE Family Controller
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  905.4GB | D:  25.0GB
Hard Disks - Free: C:  404.0GB | D:  2.5GB
Manufacturer *: Insyde
BIOS Info: AT/AT COMPATIBLE |  | HPQOEM - 1
Time Zone: AUS Eastern Standard Time
Motherboard *: Hewlett-Packard 1963
Country: Australia 
Language: ENA 
 
==== System Specs (Software) ======================
 
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2015 disabled (Outdated)
Default Browser: Google Chrome 41.0.2272.89
Internet Explorer Version: 11.0.9600.17690 
Google Chrome version: 41.0.2272.89
Adobe Reader version: 11.0.10.32
Sun Java version: 1.7.0_72 (32-bit) 
Sun Java version: 1.7.0_72 (64-bit) 
Flash Player version: 16.0.0.305
Shockwave Player version: 12.1.5r155
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
2015-03-10 21:40:27 C10A66189DC8C090E7C84873EDCEBC88 2501368 ----a-w- C:\WINDOWS\explorer.exe
2015-02-25 23:30:55 5D4F627D96C0AF02997949778D1AA37E 3120 ----a-w- C:\WINDOWS\IMG7TI73.ocx
2015-02-25 23:01:10 30B834074369CAE8C103EF6337B5D8C4 3120 ----a-w- C:\WINDOWS\PK3VLI4G.ocx
====== C:\Users\GEEKCO~1\AppData\Local\Temp ====
2015-03-13 04:43:22 12C0789B30AD2425D9F5B63FFFAAEEA6 43008 ----a-w- C:\Users\Geek Cohen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxa8djg.dll
2015-03-12 20:58:29 70595A37D9C4647C195CDA11EDC2D251 2909720 ----a-w- C:\Users\Geek Cohen\AppData\Local\Temp\UNINSTALL.EXE
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2015-03-10 22:19:24 E26D49197CA9E38BCC6033DE53F720BD 816128 ----a-w- C:\WINDOWS\SysWOW64\calc.exe
2015-03-10 22:19:12 F8B2956CE0F98289F5A8D3FBF638D989 12800 ----a-w- C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-10 22:18:35 19920B416F3274640B3DE9A5248F0E74 560392 ----a-w- C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-10 22:18:03 9E39AC33607AAF228686FA15249E5C42 358912 ----a-w- C:\WINDOWS\SysWOW64\schannel.dll
2015-03-10 22:08:40 45804906FFF3DD025BC725BE0DC98797 290816 ----a-w- C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-10 22:06:44 8F3E99586FDAD25BD0DA0C37C6DBE1EC 2484224 ----a-w- C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-10 22:06:24 EB75202872E2A233CA0C4E84D122B266 35840 ----a-w- C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-10 22:06:24 1E14074826BCDAC8764743D8F92E6CFE 301056 ----a-w- C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-10 21:59:42 B004C599E9DFE8A4C4A7421E80B94FBD 1943040 ----a-w- C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-10 21:54:42 FCF02D20B26118DD7E4E871323AAAB58 35840 ----a-w- C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-10 21:54:42 E094D21FE482A0DC59056B6B9D421B07 1230336 ----a-w- C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-10 21:54:42 5EB5142C178BED2C4372406203B9BC1D 1204224 ----a-w- C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-10 21:54:42 08B8F2E5FAAC73EF1AFD99B2AEC104FD 3551744 ----a-w- C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-10 21:54:21 6A978C77BADD838D8A5347DBC06142A7 811008 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-10 21:53:57 C443536D9279B74A162E3C39A83CB226 60928 ----a-w- C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-10 21:53:41 154BC2F7D00DA9790A99787B6019535E 2459136 ----a-w- C:\WINDOWS\SysWOW64\authui.dll
2015-03-10 21:52:08 93F59EDC3602F47840631BB7F334B66C 1498360 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-10 21:48:56 C561022F4E2882B44BDB65AE2B0756C0 266752 ----a-w- C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-10 21:48:56 958A5388C05106844C80AEB95948A32B 91648 ----a-w- C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-10 21:48:56 4720D1AF566E7C2127B4EEDDD070CA87 278016 ----a-w- C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-10 21:48:56 20A130BE26CBB3B50C5B19B91BED669B 250880 ----a-w- C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-10 21:43:14 95CB6079B3E62D4301958023C2070A48 19720192 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-10 21:43:12 FC5FE9F2D140435FC95CB3EF6724EF0A 4300288 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-10 21:43:12 E868396BC5F8957A9E39BD9A28EA814D 12827648 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-10 21:43:11 EA6EA6912F27F05C61D8D747517EB47E 1888256 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll
2015-03-10 21:43:11 BC9CE46C3F05CCC40F8F1EFC7E4B41C7 503296 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-10 21:43:11 B35C35C55FED3DD7F995C77F63CBC29B 1311232 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-10 21:43:11 52B4DECDC70B8758380D37EA2CDD4254 2278400 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-10 21:43:11 1F53B89EDB383115B4DE44019CA6D2E1 880128 ----a-w- C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-10 21:43:10 AD1BA932AC31D2BC8C9105DA59BEA6BE 689152 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-10 21:43:10 A34897A1A39316BDECCA3E61986F98F2 2052608 ----a-w- C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-10 21:43:09 CFAB72035AC43BE256A750D1C788D092 128000 ----a-w- C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-10 21:43:09 B59AD24271B8CA366001B52243930E86 664064 ----a-w- C:\WINDOWS\SysWOW64\jscript.dll
2015-03-10 21:43:09 AD13E719AE506AA0E0BB5D49E0D5B44A 285696 ----a-w- C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-10 21:43:09 A41C85FDB2275FA9AAA821A118807FDB 710144 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-10 21:43:09 6458965ED7A412AA6B4A3C5197EEBBD7 230400 ----a-w- C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-10 21:43:09 6108ED659B5962DE73DACB3B04D86ED3 64000 ----a-w- C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-10 21:43:09 00F39165D6D14302618C20CDD7BB213A 76288 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-10 21:42:12 4B56EAB79339F37E0C5B325405C4FF95 1488040 ----a-w- C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-10 21:41:48 64FDBD1F4955DA132578392754AA1A79 19731824 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2015-03-10 21:40:48 D5496CF5DF8921CFC1EF1770F98C2192 791040 ----a-w- C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-10 21:40:27 498D5BC0289F8DD995FEEE8E7CD906CA 357376 ----a-w- C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-10 21:40:26 91E24273FCA076EA9E65DAFA98901225 2207488 ----a-w- C:\WINDOWS\SysWOW64\explorer.exe
2015-03-10 21:39:47 5BD6BE549A4C267D69E86160E3100C14 1123848 ----a-w- C:\WINDOWS\SysWOW64\msctf.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2015-03-13 04:39:50 8265CD5C67D0A35DFC40F3D1A8AC994C 94656 ----a-w- C:\WINDOWS\Sysnative\WPRO_41_2001woem.tmp
2015-03-13 00:13:40 6246D2DBFBDAEA3A271D091591BAF789 5254320 ----a-w- C:\WINDOWS\Sysnative\FNTCACHE.DAT
2015-03-10 22:19:25 D82C445E3D484F31CD2638A4338E5FD9 933888 ----a-w- C:\WINDOWS\Sysnative\calc.exe
2015-03-10 22:19:12 72BEE6C5173218A8846D31DF68D2AE4F 14848 ----a-w- C:\WINDOWS\Sysnative\winshfhc.dll
2015-03-10 22:18:44 BDE6152B584ABDA7DA102B363E58354F 396419 ----a-w- C:\WINDOWS\Sysnative\ApnDatabase.xml
2015-03-10 22:18:35 EEB76824DC14283A010CAE4E2B5AB852 723072 ----a-w- C:\WINDOWS\Sysnative\SHCore.dll
2015-03-10 22:18:03 E63FD4AED397626B314B96EA11341220 430080 ----a-w- C:\WINDOWS\Sysnative\schannel.dll
2015-03-10 22:17:43 35A579220C411DED00E0DA5AFB755178 4178944 ----a-w- C:\WINDOWS\Sysnative\win32k.sys
2015-03-10 22:08:40 DF55E2D7D045BA1A2C43029DEDF0B59D 347136 ----a-w- C:\WINDOWS\Sysnative\photowiz.dll
2015-03-10 22:06:44 C08E7F8AC41901403799B237DA7BA10E 3097600 ----a-w- C:\WINDOWS\Sysnative\msftedit.dll
2015-03-10 22:06:24 BBBE2BA24785E3A7ED1FF706B01C7770 358912 ----a-w- C:\WINDOWS\Sysnative\atmfd.dll
2015-03-10 22:06:24 85012538999DC5628E67B7579FF5034F 44032 ----a-w- C:\WINDOWS\Sysnative\atmlib.dll
2015-03-10 22:05:43 7F586D08E965FA00EE085319EF5BBAF1 864256 ----a-w- C:\WINDOWS\Sysnative\win32spl.dll
2015-03-10 22:05:43 2AE4D70A3657FA4FA734B370E79F83FF 1091072 ----a-w- C:\WINDOWS\Sysnative\localspl.dll
2015-03-10 21:59:42 77F28E71B2C0297AB67EA81878B1FA83 2257408 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll
2015-03-10 21:54:43 81CB7FF2FF19D639FD75B6B992BABC43 4298240 ----a-w- C:\WINDOWS\Sysnative\D3DCompiler_47.dll
2015-03-10 21:54:42 60629FA01E0CAE23DA527DFA5ECAD5C7 1464832 ----a-w- C:\WINDOWS\Sysnative\mfc42.dll
2015-03-10 21:54:42 20433FD8C8F460567DE93F472A4D749F 1488896 ----a-w- C:\WINDOWS\Sysnative\mfc42u.dll
2015-03-10 21:54:21 40CBEB7C0051036CBC1C243A025F206D 971776 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll
2015-03-10 21:53:57 613438C2C3D899F50719B6878579C66D 75264 ----a-w- C:\WINDOWS\Sysnative\StorageContextHandler.dll
2015-03-10 21:53:42 68DF7D160987CF3E0A03A64E5A8F087D 2773504 ----a-w- C:\WINDOWS\Sysnative\authui.dll
2015-03-10 21:52:09 9F2265288BCA4EF9B34FAD2D0078070E 7472960 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe
2015-03-10 21:52:08 44AA550C6B46C80E430A3D29820D629E 1733440 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll
2015-03-10 21:51:24 92360C5E0D86B027377381E867BD055A 203264 ----a-w- C:\WINDOWS\Sysnative\ubpm.dll
2015-03-10 21:49:14 EA10446D574CB8A20D913BF500E34192 3547648 ----a-w- C:\WINDOWS\Sysnative\rdpcorets.dll
2015-03-10 21:49:13 66F962AE94FF268070ED2325DAEE88BA 131584 ----a-w- C:\WINDOWS\Sysnative\rdpudd.dll
2015-03-10 21:48:56 992A0252586D9D946535DDBBEF9AB7D5 346112 ----a-w- C:\WINDOWS\Sysnative\eappcfg.dll
2015-03-10 21:48:56 62F00DA98A4ABDA58254DB936C1D2D73 339456 ----a-w- C:\WINDOWS\Sysnative\eapphost.dll
2015-03-10 21:48:56 4E32C419A8B3CC19FCD2CACDEF1BD492 102912 ----a-w- C:\WINDOWS\Sysnative\eappgnui.dll
2015-03-10 21:48:56 4644F62E41B054A1787225D1210108B2 331776 ----a-w- C:\WINDOWS\Sysnative\eapp3hst.dll
2015-03-10 21:43:14 1193400D8E29A5A010135FB09A4EB1E8 25021440 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2015-03-10 21:43:13 40DF85D8B2B0171EF5F23AA1B5CD9A62 6035456 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
2015-03-10 21:43:13 2335F6BF8A127E31EB0E2D9A82F188A0 14398976 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll
2015-03-10 21:43:12 36F99BD8A0F09BDBB7850A138845A014 2358784 ----a-w- C:\WINDOWS\Sysnative\wininet.dll
2015-03-10 21:43:11 A03AF8AD44CAE309908557F5724BC808 1032704 ----a-w- C:\WINDOWS\Sysnative\inetcomm.dll
2015-03-10 21:43:11 62269DEFF17AB006217330A24EA8577B 2886144 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll
2015-03-10 21:43:11 501A38B72FA264605123B4FACF53F057 1548288 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll
2015-03-10 21:43:10 80B3AD73027A2CCD42C47EBF5C89124F 316928 ----a-w- C:\WINDOWS\Sysnative\dxtrans.dll
2015-03-10 21:43:10 7E16095C0BEEF62D1A2674D6A232DEE1 145408 ----a-w- C:\WINDOWS\Sysnative\iepeers.dll
2015-03-10 21:43:10 687E11F36832BFF65EF0CD2FA3DB1966 584192 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll
2015-03-10 21:43:10 5443F21A33DB376734DBE47F7635542C 801280 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll
2015-03-10 21:43:10 22C4867C690C38B18B2C1A0B072CD0C4 2125824 ----a-w- C:\WINDOWS\Sysnative\inetcpl.cpl
2015-03-10 21:43:09 DF9BF7D44E9EC59924B642AB478E72DA 374272 ----a-w- C:\WINDOWS\Sysnative\iedkcs32.dll
2015-03-10 21:43:09 D373113A84C12BA7F07CE1E9CAF4747F 92160 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll
2015-03-10 21:43:09 C010D371BC7FE8ECC01EFE5E92D8E996 2865152 ----a-w- C:\WINDOWS\Sysnative\actxprxy.dll
2015-03-10 21:43:09 A9190899A35431CF8ABBEF5E1BB0C8F9 814080 ----a-w- C:\WINDOWS\Sysnative\jscript9diag.dll
2015-03-10 21:43:09 9E9B757A677927110393A505822D9174 800768 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll
2015-03-10 21:43:09 3DE5D78D843D3F44B5D9189D61C2725E 262144 ----a-w- C:\WINDOWS\Sysnative\webcheck.dll
2015-03-10 21:43:09 3541B433422C3FEEB8ABFC8386D95275 816128 ----a-w- C:\WINDOWS\Sysnative\jscript.dll
2015-03-10 21:43:09 1C393E42928BF55B3796E732B678CD5B 88064 ----a-w- C:\WINDOWS\Sysnative\MshtmlDac.dll
2015-03-10 21:42:12 5A1F895338418DF8C1D31E590DC1BAA5 1763352 ----a-w- C:\WINDOWS\Sysnative\WindowsCodecs.dll
2015-03-10 21:41:48 B9109627AA19B15BA4BFA5255AAECBF2 22291584 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2015-03-10 21:41:48 55E39907F34D14E0794DD17C915795E5 46456 ----a-w- C:\WINDOWS\Sysnative\LockScreenContentServer.exe
2015-03-10 21:40:48 F91E83532107E8B0A1819DB2D96366CB 1090048 ----a-w- C:\WINDOWS\Sysnative\MrmCoreR.dll
2015-03-10 21:40:27 6334135544739B49C776DFE0B6F0FA9F 402432 ----a-w- C:\WINDOWS\Sysnative\WMPhoto.dll
2015-03-10 21:39:48 D103F021B60F27DEBAEC4D316C7A0F42 1384712 ----a-w- C:\WINDOWS\Sysnative\msctf.dll
====== C:\WINDOWS\Sysnative\drivers =====
2015-03-10 22:19:12 D296D0F0DB2CD1504F90405603664493 264000 ----a-w- C:\WINDOWS\Sysnative\drivers\WdFilter.sys
2015-03-10 22:19:12 9F4DF0043965808973023A9B51A11136 114496 ----a-w- C:\WINDOWS\Sysnative\drivers\WdNisDrv.sys
2015-03-10 22:19:12 1751F6B031ADAC34724511057D2E455D 44024 ----a-w- C:\WINDOWS\Sysnative\drivers\WdBoot.sys
2015-03-10 22:06:04 6D3A2565E01B3E4B0F1BEDB0D4B00B3F 1113920 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys
2015-03-10 22:04:42 DC66AE45816614D2999DCD3834DCCC4E 167424 ----a-w- C:\WINDOWS\Sysnative\drivers\rfcomm.sys
2015-03-10 22:04:42 42F88B57CAE42FC10059C887B3FCFCEA 97792 ----a-w- C:\WINDOWS\Sysnative\drivers\hidbth.sys
2015-03-08 00:18:08 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\WINDOWS\Sysnative\drivers\7AA11498.sys
2015-03-05 15:03:46 9731DAFDC7B690B2C7752FDFF045BFD8 41704 ----a-w- C:\WINDOWS\Sysnative\drivers\clwvd.sys
2015-02-19 10:26:58 1B83A1187BA5B509EA9D55478014823E 270816 ----a-w- C:\WINDOWS\Sysnative\drivers\avgidsdrivera.sys
2015-02-15 04:42:17 6DBDE7A7C81F05C20C82291401627503 31376 ----a-w- C:\WINDOWS\Sysnative\drivers\nvpciflt.sys
2015-02-15 04:42:16 3B99271224C43ADAB5A7F8D4B574AE3F 10284872 ----a-w- C:\WINDOWS\Sysnative\drivers\nvlddmkm.sys
====== C:\WINDOWS\Tasks ======
2015-03-05 15:03:55 BD513288AC6E34045578C704FD05963C 3154 ----a-w- C:\WINDOWS\Sysnative\Tasks\YCMServiceAgent
2015-02-17 05:03:56 1944CEF2F846E74455152B9899682F21 5004 ----a-w- C:\WINDOWS\Sysnative\Tasks\Microsoft Office 15 Sync Maintenance for COHEN-L-HP-ENVY-Geek Cohen Cohen-L-HP-Envy
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2015-02-20 08:43:55 -------- d-----w- C:\Program Files\iTunes
2015-02-20 08:43:55 -------- d-----w- C:\Program Files\iPod
======= C:\PROGRA~2 =====
2015-03-12 21:09:47 -------- d-----w- C:\PROGRA~2\ESET
2015-03-12 05:06:37 -------- d-----w- C:\PROGRA~2\Fotor
2015-03-12 03:26:19 -------- d-----w- C:\PROGRA~2\AVG Web TuneUp
2015-03-05 10:40:26 -------- d-----w- C:\PROGRA~2\CyberLink
2015-02-25 23:29:12 -------- d-----w- C:\PROGRA~2\Print2CAD 2014
2015-02-25 22:51:21 -------- d-----w- C:\PROGRA~2\Convert Pdf to Wmf Psd Jpeg
2015-02-20 08:43:55 -------- d-----w- C:\PROGRA~2\iTunes
2015-02-18 02:27:09 -------- d-----w- C:\PROGRA~2\ZXT2007 Software
2015-02-18 02:08:24 -------- d-----w- C:\PROGRA~2\Vectorworks2014Viewer
2015-02-17 22:49:50 -------- d-----w- C:\PROGRA~2\OBDwiz
======= C: =====
====== C:\Users\Geek Cohen\AppData\Roaming ======
2015-03-13 00:12:43 7ACDA308751D54B06065F0AF767B87F1 4882968 ----a-w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2015-03-12 03:26:22 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Locallow\AVG Web TuneUp
2015-02-25 23:12:08 -------- d-----w- C:\Users\Geek Cohen\AppData\Local\Insoft
2015-02-25 23:11:59 -------- d-----w- C:\Users\Geek Cohen\AppData\Local\YdPack
2015-02-18 02:11:36 -------- d-----w- C:\Users\Geek Cohen\AppData\Roaming\Nemetschek
2015-02-17 04:45:36 -------- d-----w- C:\Users\Geek Cohen\AppData\Roaming\Autodesk
====== C:\Users\Geek Cohen ======
2015-03-12 21:30:14 F58676DE827DD9A5F3A44A698E8B4663 2095616 ----a-w- C:\Users\Geek Cohen\Desktop\FRST64.exe
2015-03-12 21:08:18 30EB4B0B974B83C488D78EE19F42916A 10995632 ----a-w- C:\Users\Geek Cohen\Downloads\HitmanPro_x64.exe
2015-03-12 21:08:08 -------- d-----w- C:\ProgramData\HitmanPro
2015-03-12 21:04:55 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\Geek Cohen\Desktop\esetsmartinstaller_enu.exe
2015-03-12 21:03:54 DB8DCC4B4403D3363C618A16AEC0DF14 10085648 ----a-w- C:\Users\Geek Cohen\Downloads\HitmanPro.exe
2015-03-12 19:16:31 F58676DE827DD9A5F3A44A698E8B4663 2095616 ----a-w- C:\Users\Geek Cohen\Downloads\FRST64.exe
2015-03-12 05:07:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotor
2015-03-12 05:04:56 0B33D129C1ECEF2510738A0D60A4D134 60830872 ----a-w- C:\Users\Geek Cohen\Downloads\Fotor_v2.0.2_Setup.exe
2015-03-07 23:47:09 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp
2015-03-05 22:23:56 -------- d-----w- C:\Users\Public\CyberLink
2015-03-05 21:30:12 -------- d-----w- C:\Users\Public\Documents\CyberLink
2015-02-25 23:30:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Print2CAD 2014
2015-02-25 23:16:48 -------- d-----w- C:\ProgramData\InstallMate
2015-02-25 22:59:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Print2CAD 2015 6th Generation
2015-02-20 08:44:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-20 08:43:55 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-18 02:27:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mini CAD Viewer
2015-02-18 02:08:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vectorworks2014Viewer
2015-02-17 22:49:51 -------- d-----w- C:\ProgramData\OCTech, LLC
2015-02-17 22:49:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBDwiz
2015-02-17 22:49:50 -------- d-----w- C:\ProgramData\OBDwiz
 
====== C: exe-files ==
2015-03-13 08:36:05 6629328B79836615684AF0159C9F26DC 5233016 ----a-w- C:\Users\Geek Cohen\AppData\Local\NVIDIA\NvBackend\Packages\0000711f\DAO.19394195.exe
2015-03-13 00:19:57 C4F6E6368421ED9F59B7056E5F18EB96 22992 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtestx.exe
2015-03-13 00:19:57 6EFF5AE0C8E7C0D86AEA3CEB3089D2C7 70096 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avguirux.exe
2015-03-13 00:19:57 497550900AA7EDB99A742833321D46FE 6264208 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
2015-03-13 00:19:57 13B68124D1028A229702A69D4055564C 24016 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtesta.exe
2015-03-12 22:03:44 7DF547F2E361A6ADC8DFAF9544C6A283 10033232 ----a-w- C:\Program Files (x86)\Google\Update\Install\{A770A0B2-F6BD-471C-AF78-56A1A7362E1D}\41.0.2272.89_40.0.2214.115_chrome_updater.exe
2015-03-12 22:03:37 7DF547F2E361A6ADC8DFAF9544C6A283 10033232 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.89\41.0.2272.89_40.0.2214.115_chrome_updater.exe
2015-03-12 21:30:14 F58676DE827DD9A5F3A44A698E8B4663 2095616 ----a-w- C:\Users\Geek Cohen\Desktop\FRST64.exe
2015-03-12 21:10:02 E273331224005C5A8A504164373DE1DC 535304 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2015-03-12 21:10:02 9E47522861242EE002D7F385C35D1322 2887824 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2015-03-12 21:10:02 5B3DE7968D23B476AFB256D8014B25B9 333424 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2015-03-12 21:10:02 47B06E473B78A792DF07D226E0537D63 119184 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2015-03-12 21:10:02 3C3F35C91F230493B088B334E39D1F7A 358144 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2015-03-12 21:08:18 30EB4B0B974B83C488D78EE19F42916A 10995632 ----a-w- C:\Users\Geek Cohen\Downloads\HitmanPro_x64.exe
2015-03-12 21:04:55 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\Geek Cohen\Desktop\esetsmartinstaller_enu.exe
2015-03-12 21:03:54 DB8DCC4B4403D3363C618A16AEC0DF14 10085648 ----a-w- C:\Users\Geek Cohen\Downloads\HitmanPro.exe
2015-03-12 20:58:29 70595A37D9C4647C195CDA11EDC2D251 2909720 ----a-w- C:\Users\Geek Cohen\AppData\Local\Temp\UNINSTALL.EXE
2015-03-12 19:16:31 F58676DE827DD9A5F3A44A698E8B4663 2095616 ----a-w- C:\Users\Geek Cohen\Downloads\FRST64.exe
2015-03-12 08:05:38 E05AA5F22B9F3124B3D16304F549A1DC 439696 ----a-w- C:\Users\Geek Cohen\AppData\Local\NVIDIA\NvBackend\Packages\00007107\CoProc update.19389532.exe
2015-03-12 05:06:59 0D6FE861827E1E0CC8565656D3CC81AC 228269 ----a-w- C:\Program Files (x86)\Fotor\uninstall.exe
2015-03-12 05:04:56 0B33D129C1ECEF2510738A0D60A4D134 60830872 ----a-w- C:\Users\Geek Cohen\Downloads\Fotor_v2.0.2_Setup.exe
2015-03-10 22:19:25 D82C445E3D484F31CD2638A4338E5FD9 933888 ----a-w- C:\Windows\System32\calc.exe
2015-03-10 22:19:24 E26D49197CA9E38BCC6033DE53F720BD 816128 ----a-w- C:\Windows\SysWOW64\calc.exe
2015-03-10 21:52:09 9F2265288BCA4EF9B34FAD2D0078070E 7472960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-03-10 21:43:11 EF3BE302619A2C85A1E33FBFAB4C60F8 484864 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2015-03-10 21:43:11 5CC34CBBBD90696FD82DB670C38B13FD 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2015-03-10 21:41:48 55E39907F34D14E0794DD17C915795E5 46456 ----a-w- C:\Windows\System32\LockScreenContentServer.exe
2015-03-10 21:40:27 C10A66189DC8C090E7C84873EDCEBC88 2501368 ----a-w- C:\Windows\explorer.exe
2015-03-10 21:40:26 91E24273FCA076EA9E65DAFA98901225 2207488 ----a-w- C:\Windows\SysWOW64\explorer.exe
2015-03-10 19:47:52 7CE7EA8E3CF09EFCD3ACB3A161E31438 7151984 ----a-w- C:\Program Files (x86)\AVG\AVG2015\Notification\Launcher.exe
2015-03-10 09:40:52 1D66FA205FA9D9433D38D4D2495054C2 213816 ----a-w- C:\SWSetup\sp70439\HPSetup.exe
2015-03-10 09:39:29 01B9068DA462B1FBEDA62318824CED24 16923410 ----a-w- C:\SWSetup\sp69840\setup.exe
=== C: other files ==
2015-03-12 22:25:03 E01D2266B4F308B98DA38FC7084C9772 7977387 ----a-w- C:\Users\Geek Cohen\Downloads\themeforest-7876250-landx-multipurpose-bootstrap-3-landing-page.zip
2015-03-10 22:19:12 D296D0F0DB2CD1504F90405603664493 264000 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
2015-03-10 22:19:12 9F4DF0043965808973023A9B51A11136 114496 ----a-w- C:\Windows\System32\drivers\WdNisDrv.sys
2015-03-10 22:19:12 1751F6B031ADAC34724511057D2E455D 44024 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2015-03-10 22:17:43 35A579220C411DED00E0DA5AFB755178 4178944 ----a-w- C:\Windows\System32\win32k.sys
2015-03-10 22:06:04 6D3A2565E01B3E4B0F1BEDB0D4B00B3F 1113920 ----a-w- C:\Windows\System32\drivers\ndis.sys
2015-03-10 22:04:42 DC66AE45816614D2999DCD3834DCCC4E 167424 ----a-w- C:\Windows\System32\drivers\rfcomm.sys
2015-03-10 22:04:42 42F88B57CAE42FC10059C887B3FCFCEA 97792 ----a-w- C:\Windows\System32\drivers\hidbth.sys
2015-03-10 09:40:52 4E5620927DB1254FDD1A8A5646641758 1272 ----a-w- C:\SWSetup\sp70439\Install.bat
2015-03-10 09:40:52 29AB48FAD9A4DA7743918DBE4439724A 741 ----a-w- C:\SWSetup\sp70439\TPSSOff.bat
2015-03-08 00:18:08 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\7AA11498.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-1817333107-2215594419-2709439802-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON WorkForce 435 Series"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHRA.EXE /FU C:\Users\GEEKCO~1\AppData\Local\Temp\E_SB1CB.tmp /EF HKCU"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"
"AccelerometerSysTrayApplet"="C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe"
"Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true"
"HPMessageService"="C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON WorkForce 435 Series"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHRA.EXE /FU C:\Users\GEEKCO~1\AppData\Local\Temp\E_SB1CB.tmp /EF HKCU"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\SysWOW64\\nvinit.dll"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\\WINDOWS\\system32\\nvinitx.dll"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"item"="Adobe ARM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"hkey"="HKLM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"item"="AdobeAAMUpdater-1.0"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""
"hkey"="HKLM"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeBridge]
"item"="AdobeBridge"
"command"=""
"hkey"="HKLM"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCEPServiceManager]
"item"="AdobeCEPServiceManager"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CEPServiceManager4\\CEPServiceManager.exe\" -launchedbylogin"
"hkey"="HKLM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager]
"item"="AdobeCS6ServiceManager"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin"
"hkey"="HKLM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"item"="APSDaemon"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"hkey"="HKLM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BigPondWirelessBroadbandCM]
"item"="BigPondWirelessBroadbandCM"
"command"="\"C:\\Program Files (x86)\\Telstra\\Mobile Broadband Manager\\TelstraUCM.exe\" -tsr"
"hkey"="HKLM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON (NX430 TX435)]
"item"="EPSON (NX430 TX435)"
"command"="C:\\WINDOWS\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIHBP.EXE /FU \"C:\\Users\\GEEKCO~1\\AppData\\Local\\Temp\\E_S4CE8.tmp\" /EF \"HKCU\""
"hkey"="HKLM"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON NX430 TX435 Series]
"item"="EPSON NX430 TX435 Series"
"command"="C:\\WINDOWS\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIHBP.EXE /FU \"C:\\Users\\GEEKCO~1\\AppData\\Local\\Temp\\E_S3D7C.tmp\" /EF \"HKCU\""
"hkey"="HKLM"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"item"="iTunesHelper"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
"hkey"="HKLM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"item"="QuickTime Task"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
"hkey"="HKLM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"item"="Skype"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"
"hkey"="HKLM"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"item"="Spotify Web Helper"
"command"="\"C:\\Users\\Geek Cohen\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""
"hkey"="HKLM"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"item"="SunJavaUpdateSched"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"hkey"="HKLM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]
"item"="SwitchBoard"
"command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"
"hkey"="HKLM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Service KMSELDI]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\vToolbarUpdater18.4.0]
 
 
==== Startup Folders ======================
 
2014-08-13 22:54:49 1215 ----a-w- C:\Users\Geek Cohen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-08-22 11:37:07 2061 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [05/02/2015 09:30 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13/01/2014 07:13 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13/01/2014 07:13 AM]
 
==== Other Scheduled Tasks ======================
 
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{A56D2572-ECBB-4F4F-9DAA-3CEE29A690FC}" [C:\Windows\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\YCMServiceAgent" [C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe]
"C:\WINDOWS\SysNative\tasks\{EAE54B2D-763D-4EED-86E0-6A4016391C12}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Sat 14/03/2015 at  7:07:58.77 ======================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users