Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 Hannibal Rage

Hannibal Rage

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 31 March 2015 - 03:59 PM

Hello, when I go to check task manager sometimes I'll see a lot of svchost running at once or just random names I don't normally see in there. I also had something called Anywhere Access popping up. I've scanned with malwayrebytes, jrt, adwcleaner, rkill, and ccleaner, but its still not clean.



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 PM

Posted 01 April 2015 - 07:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 Hannibal Rage

Hannibal Rage
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 01 April 2015 - 11:08 AM

Thanks for responding nasdaq, here are my txt files.

 

FRST

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Chris (administrator) on CHRIS-PC on 01-04-2015 11:57:29
Running from C:\Users\Chris\Desktop\Clean
Loaded Profiles: Chris (Available profiles: Chris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\Chris\AppData\Local\45443439-1427750521-4543-3636-4635FFFFFFFF\cnsv2371.tmp
() C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\jnsp42A0.tmp
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\nstF46E.tmp
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(UC-Logic Technology Corp.) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Users\Chris\AppData\Local\45443439-1427750537-4543-3636-4635FFFFFFFF\snsf66B5.tmp
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skillbrains) C:\Users\Chris\AppData\Local\Skillbrains\lightshot\5.1.4.34\Lightshot.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(                                                            ) C:\Users\Chris\AppData\Local\Temp\nsn7D5.tmp


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5675184 2013-05-10] (VIA)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2009-06-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-662125380-580819888-2351019072-1000\...\Run: [LightShot] => C:\Users\Chris\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] ()
HKU\S-1-5-21-662125380-580819888-2351019072-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-662125380-580819888-2351019072-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yqKoWb2HU7.lnk
ShortcutTarget: yqKoWb2HU7.lnk -> C:\ProgramData\{9d0e9bf5-1ba3-287f-9d0e-e9bf51ba6fd4}\yqKoWb2HU7.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-662125380-580819888-2351019072-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-662125380-580819888-2351019072-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine:
FF Homepage: https://www.youtube.com/feed/subscriptions
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-17] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-03-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-03-07] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-662125380-580819888-2351019072-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-662125380-580819888-2351019072-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-662125380-580819888-2351019072-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2015-03-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2015-03-07] (RealPlayer Cloud)
FF Extension: ClipConverter Desktop - C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\desktop@clipconverter.cc.xpi [2014-02-11]
FF Extension: No Name - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\Extensions\googledictionary@toptip.ca.xpi [2014-08-05]
FF Extension: Adblock Edge - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-11-17]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-03-07]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1427765624&from=cmi&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S582269422694"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSearchURL: Default -> http://www.mystartsearch.com/web/?type=ds&ts=1427765624&from=cmi&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S582269422694&q={searchTerms}
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-31]
CHR Extension: (BetterTTV) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-11-10]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-31]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-31]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-31]
CHR Extension: (Adblock Plus) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-05]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-31]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-31]
CHR Extension: (AirDroid Notifier) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\imlonnilcaednlloaadgddbjfliioklh [2015-03-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-31]
CHR Extension: (CinemaPlus-3.2cV30.03) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-03-30]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-31]
CHR HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-11-26] (Autodesk Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 dukomoqe; C:\Users\Chris\AppData\Local\45443439-1427750521-4543-3636-4635FFFFFFFF\cnsv2371.tmp [195584 2015-03-30] () [File not signed]
R2 fereqolu; C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\jnsp42A0.tmp [169984 2015-03-30] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-15] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-04] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-07] ()
R2 qulyripy; C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\nstF46E.tmp [134144 2015-04-01] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-03-07] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1096424 2014-07-09] (Corel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [82160 2014-02-20] (UC-Logic Technology Corp.)
R2 zudibono; C:\Users\Chris\AppData\Local\45443439-1427750537-4543-3636-4635FFFFFFFF\snsf66B5.tmp [273920 2015-03-30] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-07-03] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2012-07-04] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 H5xUSB; C:\Windows\System32\Drivers\uth5x64.sys [109568 2014-07-24] (UT)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [22912 2012-12-22] (UC-Logic Technology Corp.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-10-30] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-10-30] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700680 2014-10-30] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 14 Free\program\BioNTDrv.SYS [X]
S3 MFE_RR; \??\C:\Users\Chris\AppData\Local\Temp\mfe_rr.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 11:57 - 2015-04-01 11:57 - 00000000 ____D () C:\FRST
2015-04-01 11:53 - 2015-04-01 11:53 - 00001090 _____ () C:\Users\Chris\Desktop\Continue Live Installation.lnk
2015-04-01 11:31 - 2015-04-01 11:32 - 05212912 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-31 19:46 - 2015-04-01 11:33 - 00000224 _____ () C:\Windows\setupact.log
2015-03-31 19:46 - 2015-03-31 19:46 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-31 18:39 - 2015-03-31 18:39 - 00139696 _____ () C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-31 17:47 - 2015-03-31 17:47 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-03-31 14:15 - 2015-03-31 14:15 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer.exe
2015-03-30 21:35 - 2015-04-01 11:32 - 00001336 _____ () C:\Windows\Tasks\EFDWJ.job
2015-03-30 21:35 - 2015-03-30 21:35 - 00004362 _____ () C:\Windows\System32\Tasks\EFDWJ
2015-03-30 21:34 - 2015-04-01 11:34 - 00001686 _____ () C:\Windows\Tasks\ABSKFMZZ.job
2015-03-30 21:34 - 2015-03-30 21:50 - 00000000 ____D () C:\Program Files (x86)\6cf3ea74-5848-47ab-bd6a-6e8ac6f0abb8
2015-03-30 21:34 - 2015-03-30 21:34 - 00004712 _____ () C:\Windows\System32\Tasks\ABSKFMZZ
2015-03-30 21:22 - 2015-04-01 11:38 - 00000000 ____D () C:\Users\Chris\AppData\Local\45443439-1427750537-4543-3636-4635FFFFFFFF
2015-03-30 21:22 - 2015-03-30 21:22 - 00000000 ____D () C:\Users\Chris\AppData\Local\45443439-1427750521-4543-3636-4635FFFFFFFF
2015-03-30 21:20 - 2015-03-30 21:20 - 00003032 _____ () C:\Windows\System32\Tasks\easyVPN
2015-03-30 21:19 - 2015-03-30 21:19 - 00027136 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-03-30 21:19 - 2015-03-30 21:19 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\EasyVpn
2015-03-30 21:19 - 2015-03-30 21:19 - 00000000 ____D () C:\Users\Chris\AppData\Local\45443439-1427750380-4543-3636-4635FFFFFFFF
2015-03-30 21:18 - 2015-04-01 00:51 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF
2015-03-30 21:17 - 2015-03-30 21:17 - 00003262 _____ () C:\Windows\System32\Tasks\GlobalUpdate-mwy2yzfxzgs2bwn
2015-03-30 21:16 - 2015-03-30 21:50 - 00000000 ____D () C:\Program Files (x86)\AirDroid Notifier
2015-03-30 21:15 - 2015-03-30 21:15 - 00000000 ____D () C:\ProgramData\5104325185124313170
2015-03-30 21:11 - 2015-03-30 21:11 - 03561464 _____ (ColorShow LLC) C:\Users\Chris\Downloads\Cage,_Depart_From_Me..._full_album_zip_downloader.exe
2015-03-26 15:14 - 2015-03-26 15:14 - 00005542 _____ () C:\Users\Chris\AppData\Roaming\ABSKFMZZ
2015-03-26 15:14 - 2015-03-26 15:14 - 00004185 _____ () C:\Users\Chris\AppData\Roaming\EFDWJ
2015-03-25 09:04 - 2015-03-11 00:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 09:04 - 2015-03-11 00:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 09:04 - 2015-03-11 00:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 09:04 - 2015-03-11 00:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 09:04 - 2015-03-11 00:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 09:04 - 2015-03-11 00:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 09:04 - 2015-03-11 00:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 09:04 - 2015-03-11 00:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 23:59 - 2015-03-23 23:59 - 00000000 ____D () C:\Users\Chris\Tracing
2015-03-22 01:15 - 2015-03-22 01:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-20 20:35 - 2015-03-20 20:35 - 00497172 _____ () C:\Users\Chris\Downloads\perler-2010-10-24-1032-c.jar
2015-03-19 01:02 - 2015-03-19 01:02 - 00012762 _____ () C:\Users\Chris\Downloads\FinalRoundSchedule.xlsx
2015-03-18 14:17 - 2015-03-18 14:17 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-18 14:16 - 2015-03-13 11:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-18 14:14 - 2015-03-13 15:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-18 14:14 - 2015-03-13 15:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-18 14:14 - 2015-03-13 15:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-12 13:50 - 2015-03-29 16:23 - 00000000 ____D () C:\Users\Chris\AppData\Local\PAYDAY 2
2015-03-12 13:31 - 2015-03-31 05:09 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2015-03-12 13:28 - 2015-03-12 13:28 - 00745904 _____ (Prog app ) C:\Users\Chris\Downloads\SetupImgBurn_2.5.8.0_downloader.exe
2015-03-12 12:00 - 2015-03-12 12:03 - 18406754 _____ (Dennis Meuwissen ) C:\Users\Chris\Downloads\dvdflick_setup_1.3.0.9.exe
2015-03-12 11:54 - 2007-08-31 18:36 - 00036864 _____ (Robdogg Inc.) C:\Windows\SysWOW64\trayicon_handler.ocx
2015-03-12 11:54 - 2003-01-26 13:41 - 00040960 _____ (vbAccelerator) C:\Windows\SysWOW64\ssubtmr6.dll
2015-03-12 11:53 - 2015-03-12 11:53 - 12951423 _____ (Dennis Meuwissen ) C:\Users\Chris\Downloads\dvdflick_setup_1.3.0.7.exe
2015-03-11 11:54 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 11:54 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 11:54 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 11:54 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 11:54 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 11:54 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 11:54 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 11:54 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 11:54 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 11:54 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 11:54 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 11:54 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 11:54 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 11:54 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 11:54 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 11:54 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 11:54 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 11:54 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 11:54 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 11:54 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 11:54 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 11:54 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 11:54 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 11:54 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 11:54 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 11:54 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 11:54 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 11:54 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 11:54 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 11:54 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 11:54 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 11:54 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 11:54 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 11:54 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 11:54 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 11:54 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 11:54 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 11:54 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 11:54 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 11:54 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 11:54 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 11:54 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 11:54 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 11:54 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 11:54 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 11:54 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 11:54 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 11:54 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 11:54 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 11:54 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 11:54 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 11:54 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 11:54 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 11:54 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 11:54 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 11:54 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 11:54 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 11:54 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 11:54 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 11:54 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 11:54 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 11:54 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 11:54 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 11:54 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 11:54 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 11:54 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 11:54 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 11:54 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 11:54 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 11:54 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 11:54 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 11:54 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 11:54 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 11:54 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 11:54 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 11:54 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 11:54 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 11:54 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 11:54 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 11:54 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 11:54 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 11:54 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 11:54 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 11:54 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 11:54 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 11:54 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 11:54 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 11:54 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 11:54 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 11:54 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 11:54 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 11:54 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 11:54 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 11:54 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 11:54 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 11:54 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 11:54 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 11:54 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 11:54 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 11:54 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 11:54 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 11:54 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 11:54 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 11:54 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 11:54 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 11:54 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 11:54 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 11:54 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 11:54 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 11:54 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 11:54 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 11:54 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 11:54 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 11:54 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 11:54 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 11:54 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 11:54 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 11:54 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 11:54 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 11:54 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 11:54 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 11:54 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 11:54 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 11:54 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 11:54 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 11:53 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 11:53 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 11:53 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 11:53 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 11:53 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 11:53 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 11:53 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 11:53 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 11:53 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 11:53 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 11:53 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 11:53 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 11:53 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 11:53 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 11:53 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 11:53 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 11:53 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 11:52 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 11:52 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 11:51 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 11:51 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 11:51 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 10:01 - 2015-03-10 10:01 - 00000000 ____D () C:\Users\Chris\Documents\Any Video Converter
2015-03-10 10:00 - 2015-03-10 10:01 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Anvsoft
2015-03-10 10:00 - 2015-03-10 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2015-03-10 10:00 - 2015-03-10 10:00 - 00000000 ____D () C:\Program Files (x86)\Anvsoft
2015-03-10 09:59 - 2015-03-10 10:00 - 34592048 _____ (Any-Video-Converter.com ) C:\Users\Chris\Downloads\avc-free.exe
2015-03-08 20:26 - 2015-03-08 20:26 - 05134124 _____ () C:\Users\Chris\Downloads\UD100.zip
2015-03-07 06:30 - 2015-03-07 06:30 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2015-03-07 06:29 - 2015-03-07 06:30 - 00000000 ____D () C:\Program Files (x86)\real
2015-03-07 05:41 - 2015-03-07 06:31 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\RealNetworks
2015-03-07 05:39 - 2015-03-07 06:30 - 00000000 ____D () C:\ProgramData\RealNetworks
2015-03-07 05:38 - 2015-03-07 05:38 - 00692512 _____ (RealNetworks, Inc.) C:\Users\Chris\Downloads\RealDownloader.exe
2015-03-05 15:44 - 2015-03-05 15:44 - 00000000 ____D () C:\Users\Chris\AppData\Local\UnrealEngineLauncher
2015-03-05 13:33 - 2015-03-05 15:45 - 00000000 ____D () C:\Users\Chris\Documents\Unreal Projects
2015-03-05 13:31 - 2015-03-05 13:32 - 00000000 ____D () C:\Users\Chris\AppData\Local\UnrealEngine
2015-03-05 13:31 - 2015-03-05 13:31 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Unreal Engine
2015-03-05 04:31 - 2015-03-05 04:31 - 00000000 ____D () C:\Users\Chris\AppData\Local\EpicGamesLauncher
2015-03-05 04:30 - 2015-03-05 15:44 - 00000000 ____D () C:\ProgramData\Epic
2015-03-05 04:30 - 2015-03-05 04:32 - 00000000 ____D () C:\Program Files\Epic Games
2015-03-05 04:30 - 2015-03-05 04:30 - 00001200 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2015-03-05 04:29 - 2015-03-05 04:30 - 63463424 _____ () C:\Users\Chris\Downloads\EpicGamesLauncherInstaller-2.0.1-2467307.msi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 11:57 - 2014-11-23 03:23 - 00000000 ____D () C:\Users\Chris\Desktop\Clean
2015-04-01 11:55 - 2013-11-16 16:02 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Skype
2015-04-01 11:51 - 2013-11-07 15:32 - 01049572 _____ () C:\Windows\WindowsUpdate.log
2015-04-01 11:47 - 2015-02-13 01:20 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-01 11:46 - 2009-07-14 00:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-01 11:46 - 2009-07-14 00:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 11:35 - 2014-04-08 14:39 - 00000000 ___RD () C:\Users\Chris\Google Drive
2015-04-01 11:32 - 2013-12-12 02:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-01 11:32 - 2013-11-07 15:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-01 11:32 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-01 02:25 - 2013-11-16 18:02 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\uTorrent
2015-04-01 02:23 - 2014-06-23 14:52 - 00000000 ____D () C:\Users\Chris\Desktop\TO
2015-04-01 02:23 - 2014-03-24 04:07 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\vlc
2015-04-01 02:20 - 2013-12-12 02:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 01:32 - 2014-01-30 15:21 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000UA.job
2015-03-31 17:54 - 2014-09-24 05:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-31 17:53 - 2014-11-23 03:21 - 00000000 ____D () C:\AdwCleaner
2015-03-31 17:51 - 2013-11-19 17:48 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
2015-03-31 10:32 - 2014-01-30 15:21 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000Core.job
2015-03-31 05:15 - 2015-01-14 15:17 - 00000000 ____D () C:\Users\Chris\Desktop\New folder
2015-03-30 21:52 - 2014-10-31 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-30 21:52 - 2014-03-02 21:58 - 00001068 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-30 21:52 - 2014-03-02 19:26 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
2015-03-30 21:52 - 2013-11-16 15:40 - 00000996 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-30 21:50 - 2014-12-24 11:22 - 00000000 ____D () C:\Program Files (x86)\Adobe Media Player
2015-03-30 21:23 - 2014-01-18 09:20 - 00000000 ____D () C:\Windows\Minidump
2015-03-30 21:13 - 2014-11-08 04:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-28 16:42 - 2014-09-07 15:50 - 00000224 _____ () C:\Users\Chris\BullseyeCoverageError.txt
2015-03-25 17:42 - 2013-12-03 18:12 - 00000132 _____ () C:\Users\Chris\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-25 17:35 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-25 09:15 - 2014-12-10 02:40 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 09:15 - 2014-05-06 15:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 01:24 - 2015-02-11 19:44 - 00001161 _____ () C:\Users\Chris\ggpo-ng.ini
2015-03-23 23:59 - 2014-09-29 15:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-23 23:59 - 2013-11-16 16:02 - 00000000 ____D () C:\ProgramData\Skype
2015-03-23 23:59 - 2013-11-16 15:40 - 00000000 ____D () C:\Users\Chris
2015-03-23 00:50 - 2013-11-21 20:02 - 00000000 __RHD () C:\Users\Chris\AppData\Roaming\Balloons
2015-03-23 00:36 - 2013-11-22 15:18 - 00000000 ____D () C:\Users\Chris\AppData\Local\Mirillis
2015-03-22 06:36 - 2014-03-02 21:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-18 14:17 - 2014-04-12 04:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-18 14:15 - 2013-11-07 15:32 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-17 22:02 - 2014-08-16 01:57 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe
2015-03-17 21:54 - 2013-11-16 16:37 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-17 21:54 - 2013-11-16 16:37 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-14 11:58 - 2015-02-18 04:17 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Dropbox
2015-03-14 11:48 - 2015-02-18 04:19 - 00000000 ___RD () C:\Users\Chris\Dropbox
2015-03-14 01:50 - 2013-12-04 15:24 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2015-03-13 15:41 - 2014-11-20 04:35 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 15:41 - 2014-11-20 04:35 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-13 15:41 - 2014-04-12 04:21 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 15:41 - 2014-04-12 04:21 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 15:41 - 2014-04-12 04:21 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 15:41 - 2014-04-12 04:21 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 15:41 - 2013-11-07 15:33 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-13 15:41 - 2013-11-07 15:33 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-13 12:16 - 2014-03-18 16:14 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 12:16 - 2013-11-07 15:33 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 12:16 - 2013-11-07 15:33 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 12:16 - 2013-11-07 15:33 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 12:16 - 2013-11-07 15:33 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 12:16 - 2013-11-07 15:33 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-12 12:06 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-11 15:21 - 2014-04-08 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-11 13:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 13:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 12:16 - 2014-04-29 21:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 12:15 - 2014-04-29 22:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-11 12:09 - 2009-07-13 22:34 - 00000580 _____ () C:\Windows\win.ini
2015-03-11 12:08 - 2013-11-29 17:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 12:03 - 2013-11-29 17:04 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 09:10 - 2013-11-07 15:33 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-07 06:31 - 2014-09-07 00:06 - 00003382 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-662125380-580819888-2351019072-1000
2015-03-07 06:31 - 2014-09-06 23:52 - 00000000 ____D () C:\ProgramData\Real
2015-03-07 06:30 - 2015-02-13 00:49 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2015-03-07 06:30 - 2014-12-01 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2015-03-07 06:29 - 2015-02-13 00:49 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2015-03-07 06:29 - 2015-02-13 00:49 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-03-07 06:29 - 2015-02-13 00:49 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2015-03-04 12:10 - 2014-11-02 16:24 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\inkscape
2015-03-03 22:50 - 2013-11-17 05:26 - 00000000 ____D () C:\Users\Chris\AppData\Local\Warframe
2015-03-03 09:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-03-26 15:14 - 2015-03-26 15:14 - 0005542 _____ () C:\Users\Chris\AppData\Roaming\ABSKFMZZ
2013-12-03 18:12 - 2015-03-25 17:42 - 0000132 _____ () C:\Users\Chris\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-12-07 00:27 - 2015-02-22 03:29 - 0000132 _____ () C:\Users\Chris\AppData\Roaming\Adobe Targa Format CS6 Prefs
2015-03-26 15:14 - 2015-03-26 15:14 - 0004185 _____ () C:\Users\Chris\AppData\Roaming\EFDWJ
2014-01-26 17:45 - 2015-01-09 07:54 - 0000022 _____ () C:\Users\Chris\AppData\Roaming\SoundCloudDownloaderSettings.ini
2013-11-19 17:08 - 2013-11-19 17:08 - 0000096 _____ () C:\Users\Chris\AppData\Roaming\version2.xml
2014-07-24 09:06 - 2014-10-23 22:43 - 0001456 _____ () C:\Users\Chris\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-02-26 23:31 - 2015-02-26 23:31 - 0001805 _____ () C:\Users\Chris\AppData\Local\recently-used.xbel
2014-03-01 21:05 - 2014-09-24 05:37 - 0007606 _____ () C:\Users\Chris\AppData\Local\resmon.resmoncfg
2013-11-16 18:07 - 2013-11-16 18:07 - 0000003 _____ () C:\Users\Chris\AppData\Local\updater.log
2013-11-16 18:07 - 2014-11-21 22:33 - 0000437 _____ () C:\Users\Chris\AppData\Local\UserProducts.xml
2014-09-27 14:50 - 2014-09-27 14:50 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-25 21:12 - 2015-02-25 21:12 - 0000924 _____ () C:\ProgramData\HirezPipeError.txt

Files to move or delete:
====================
C:\Users\Chris\jagex_cl_runescape_LIVE.dat
C:\Users\Chris\random.dat


Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\EsgInstallerx64Stub.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2011-11-21 21:26

==================== End Of Log ============================

 

 

 

 

 

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Chris at 2015-04-01 12:00:06
Running from C:\Users\Chris\Desktop\Clean
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-662125380-580819888-2351019072-1000\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Professional (HKLM-x32\...\Adobe_a68eec966ce913ddaa63251dc82ed31) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-662125380-580819888-2351019072-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Any Video Converter 5.7.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
Autodesk 3ds Max 2015 (HKLM\...\Autodesk 3ds Max 2015) (Version: 17.2.259.0 - Autodesk)
Autodesk 3ds Max 2015 (Version: 17.2.259.0 - Autodesk) Hidden
Autodesk 3ds Max 2015 Populate Data (HKLM\...\{57E92DED-DC6C-41E5-B9E1-76D83BD2EABE}) (Version: 17.0.0.0 - Autodesk)
Autodesk 3ds Max 2015 SP1 (Version: 17.1.149.0 - Autodesk) Hidden
Autodesk 3ds Max 2015 SP2 (HKLM\...\Autodesk 3ds Max 2015 SP2) (Version: 17.2.259.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.66.0 - Autodesk)
Autodesk Backburner 2015 (HKLM-x32\...\{8C5F38D2-8EFE-49A4-B3F5-BF3210FED168}) (Version: 15.0.0.0 - Autodesk)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)
Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden
Autodesk DirectConnect 2015 64-bit Hotfix1 (HKLM\...\Autodesk DirectConnect 2015 64-bit_9001) (Version: 9.0.56.4 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2015 (HKLM\...\{9167CA34-4E48-49E3-8892-3C439739D2D3}) (Version: 17.0.2 - Autodesk)
Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.9.100 - Autodesk)
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
Autodesk Maya 2014 (Version: 16.0.0.0 - Autodesk) Hidden
Autodesk Maya 2015 (HKLM\...\Autodesk Maya 2015) (Version: 15.5.2119.0 - Autodesk)
Autodesk Maya 2015 (Version: 15.5.2119.0 - Autodesk) Hidden
Autodesk Maya 2015 SP2 (Version: 15.2.1633.0 - Autodesk) Hidden
Autodesk Maya 2015 SP3 (Version: 15.3.1808.0 - Autodesk) Hidden
Autodesk Maya 2015 SP5 (HKLM\...\Autodesk Maya 2015 SP5) (Version: 15.5.2119.0 - Autodesk)
Autodesk Mudbox 2014 (HKLM\...\Autodesk Mudbox 2014) (Version: 8.0.0.1010 - Autodesk)
Autodesk Mudbox 2014 (Version: 8.0.0.1010 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max 2015 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2015) (Version: 15.0.166.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2015 (Version: 15.0.166.0 - Autodesk) Hidden
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Editor 7.0 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Blocks That Matter (HKLM-x32\...\Steam App 111800) (Version:  - Swing Swing Submarine)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version:  - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
ClipConverter (HKLM-x32\...\{86134348-6422-4486-AB6A-0E01DBA39DE6}) (Version: 1.1.0 - Lunaweb)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Convert Audio Free FLAC to MP3 version 1.0 (HKLM-x32\...\Convert Audio Free FLAC to MP3_is1) (Version: 1.0 - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crazybump (remove only) (HKLM-x32\...\Crazybump) (Version:  - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Daylight (HKLM-x32\...\Steam App 230840) (Version:  - Zombie Studios)
Defiance (HKLM-x32\...\Steam App 224600) (Version:  - Trion Worlds, Inc.)
Double Action: Boogaloo (HKLM-x32\...\Steam App 317360) (Version:  - Double Action Factory)
Epic Games Launcher (HKLM\...\{325AC861-EDAF-440B-97DD-259906E216D3}) (Version: 1.1.24.0 - Epic Games, Inc.)
F.E.A.R. Online (HKLM-x32\...\F.E.A.R. Online) (Version:  - )
FEAR (HKLM-x32\...\{2B653229-9854-4989-B780-D978F5F13EAB}) (Version: 1.00.0000 - Vivendi Universal Games, Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free CBR Reader (HKLM-x32\...\{B9240DAE-EFA1-4A0E-824F-17B3F99194F8}) (Version: 1.0.0 - Free Picture Solutions)
Free Soundcloud Downloader (HKLM-x32\...\{4D2F193D-4725-4518-9F23-AAF5A3475875}) (Version: 1.0.0 - Convert Audio Free)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Honeyview (HKLM\...\Honeyview) (Version: 5.07 - Bandisoft.com)
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Livestreamer 1.11.1 (HKLM-x32\...\Livestreamer) (Version:  - )
Local Subtitles for 64-bit WMP (HKLM\...\{190BC83F-D54E-4494-830E-7FB4A5F4B964}) (Version: 1.6.0.0 - Alexander Demidov)
Luxology modo 701 64-bit build 58358 (HKLM-x32\...\701_64) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{4F5AD3FF-38C6-43FB-BB6F-8EF830DEDF16}) (Version: 13.0.0.0 - mental ray)
mental ray renderer for Autodesk Maya 2015 (HKLM\...\{BDF821F0-D64C-421D-0052-A9B995B20873}) (Version: 15.5.2119.0 - mental ray)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Halo (HKLM-x32\...\Halo) (Version:  - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PES Sound File Converter 1.8 (HKLM-x32\...\PES Sound File Converter 1.8) (Version:  - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Game Capture HD PRO (HKLM-x32\...\{2DD84AB2-8BF4-49FA-9D62-E3F93D4F56FB}) (Version: 2.0 - Roxio)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.3.2660.0 - Hi-Rez Studios)
Snagit 11 (HKLM-x32\...\{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}) (Version: 11.0.0 - TechSmith Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Splash Lite (HKLM-x32\...\{8B4A6011-BB10-4918-B561-3F6CF5712B37}) (Version: 1.7.1 - Mirillis)
Spy Chameleon - RGB Agent (HKLM-x32\...\Steam App 297490) (Version:  - Unfinished Pixel)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Super Street Fighter IV: Arcade Edition (HKLM-x32\...\GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}) (Version: 1.0.0000.129 - CAPCOM U.S.A., INC)
Super Street Fighter IV: Arcade Edition (x32 Version: 1.0.0000.129 - CAPCOM U.S.A., INC) Hidden
SUPER STREET FIGHTER IV: ARCADE EDITION (x32 Version: 1.0.0005.129 - CAPCOM U.S.A., INC) Hidden
Tablet Driver V8.0 (HKLM-x32\...\TabletDriver) (Version:  - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version:  - Capcom)
Unity (HKLM-x32\...\Unity) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-662125380-580819888-2351019072-1000\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Unreal Development Kit: 2014-05 (HKLM\...\UDK-e7a45892-3343-4322-bb9d-f3ae85797e4b) (Version:  - Epic Games, Inc.)
Unreal Development Kit: 2014-08 (HKLM\...\UDK-b20393ca-cc41-4167-a8a1-4771531f5779) (Version:  - Epic Games, Inc.)
Unreal Development Kit: 2015-01 (HKLM\...\UDK-66607db3-d72a-4249-99d6-0f2a8f6e5be6) (Version:  - Epic Games, Inc.)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warframe (HKLM-x32\...\{2937C578-0CDD-4936-A869-912FD029436E}) (Version: 1.0.0 - Digital Extremes)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zombies Monsters Robots (HKLM-x32\...\Steam App 306830) (Version:  - En Masse Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-662125380-580819888-2351019072-1000_Classes\CLSID\{9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF}\InprocServer32 -> C:\Program Files\Honeyview\HVShell64.dll (Bandisoft.com)

==================== Restore Points  =========================

23-03-2015 11:51:12 Windows Update
25-03-2015 09:04:34 Windows Update
29-03-2015 12:18:30 Windows Update
30-03-2015 21:19:59 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
31-03-2015 17:45:59 Removed System Requirements Lab CYRI
31-03-2015 17:46:27 Removed XSplit

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-31 14:16 - 2015-03-31 14:16 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03A93FE4-E5DD-48FE-B38A-91F9F1F3343B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-662125380-580819888-2351019072-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {04200284-0010-4612-9739-A62287861C9E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-662125380-580819888-2351019072-1000
Task: {05DBECFC-D80D-496B-8926-9C93AF595231} - System32\Tasks\EFDWJ => C:\Users\Chris\AppData\Roaming\EFDWJ.exe <==== ATTENTION
Task: {0B4C19F6-5F95-48C1-B226-71517207CEE0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0F9868D4-FB76-4F74-B3F0-A5BA6DBEC57E} - System32\Tasks\{DE0FA215-76B0-4D20-B8B8-A19E425E18B2} => pcalua.exe -a D:\AUTORUN\DEMO32.EXE -d D:\AUTORUN
Task: {1E160B20-83E9-4855-96E7-79CA18975731} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {2101DF96-072E-4AE5-A0E5-02B0DC812566} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000UA => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {2B0C57A2-3147-47F5-9123-220925675B65} - System32\Tasks\GlobalUpdate-mwy2yzfxzgs2bwn => C:\Users\Chris\AppData\Roaming\mwy2yzfxzgs2bwn\mwy2yzfxzgs2bwn.exe <==== ATTENTION
Task: {48B9031D-1285-4008-865B-07A123F1786B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {55ADA45F-0793-4728-A870-333706232B25} - System32\Tasks\{1889A8D4-AA6B-4AEA-94A1-78ECC262D9F1} => pcalua.exe -a C:\Users\Chris\Downloads\InstallWoW.exe -d C:\Users\Chris\Downloads
Task: {5B202745-7F4C-40E2-992A-6B86399FE811} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5F228A34-FE98-43E0-B5E7-AD74E870A842} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-12] (Google Inc.)
Task: {61677293-BF2E-40B1-A8DA-ADA3B28A58EA} - System32\Tasks\{E266EDB9-887B-46C7-A53E-50A254301AB4} => pcalua.exe -a "C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe" -d "C:\Program Files (x86)\Real\RealPlayer\Update"
Task: {61E7F8DD-26AB-4838-9D67-81F8EF8DFD28} - System32\Tasks\ABSKFMZZ => C:\Users\Chris\AppData\Roaming\ABSKFMZZ.exe <==== ATTENTION
Task: {64DC06FC-EA22-4FBE-ACC2-CF2BE94EC04A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6C5532E0-5AFA-4691-B208-CA252F42ABD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-12] (Google Inc.)
Task: {76833E2C-2CA5-4FE2-A97B-97133085CA51} - System32\Tasks\easyVPN => C:\Program Files (x86)\EasyVpn\app\easyvpn.exe
Task: {7FD128EB-E833-4285-8DA7-DBB07800CD69} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-662125380-580819888-2351019072-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {94CBFF57-B477-4DFA-90AA-FD4548C15E79} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000Core => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {998C7B76-5A0E-4E14-ACC0-7AAA2D07F958} - System32\Tasks\{C533DD53-85B6-47D5-B939-4CF5B52996CA} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {9B4711EA-D633-446E-8595-7B92863B2CA7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {BF86A8D2-E1AB-4008-A61E-3B28FEB3B06D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-662125380-580819888-2351019072-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {D5D319AA-9E97-40E1-BB85-569F24D83C2C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {E75C1DF8-114F-43A3-A477-C4649BF30B74} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-17] (Adobe Systems Incorporated)
Task: {F9FD2381-F654-424D-899E-15995B43592C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: C:\Windows\Tasks\ABSKFMZZ.job => C:\Users\Chris\AppData\Roaming\ABSKFMZZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EFDWJ.job => C:\Users\Chris\AppData\Roaming\EFDWJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000Core.job => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000UA.job => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-11-07 15:33 - 2015-03-13 12:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-21 15:59 - 2015-01-21 15:59 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-30 21:22 - 2015-03-30 21:22 - 00195584 _____ () C:\Users\Chris\AppData\Local\45443439-1427750521-4543-3636-4635FFFFFFFF\cnsv2371.tmp
2015-03-30 21:19 - 2015-03-30 21:19 - 00169984 _____ () C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\jnsp42A0.tmp
2014-01-05 13:17 - 2014-05-07 02:18 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-04-01 00:51 - 2015-04-01 00:51 - 00134144 _____ () C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\nstF46E.tmp
2014-10-26 23:59 - 2014-10-26 23:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-30 06:41 - 2014-10-30 06:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-03-30 21:22 - 2015-03-30 21:22 - 00273920 _____ () C:\Users\Chris\AppData\Local\45443439-1427750537-4543-3636-4635FFFFFFFF\snsf66B5.tmp
2013-11-07 15:32 - 2012-11-14 10:22 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-11-07 15:32 - 2012-11-14 10:22 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-04-12 04:26 - 2015-01-16 02:42 - 00715080 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-04-12 04:26 - 2015-01-16 02:42 - 00854344 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2014-07-18 15:10 - 2014-11-26 05:35 - 00055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-07-18 15:10 - 2014-11-26 05:35 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2015-03-07 06:29 - 2015-03-07 06:29 - 00865880 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2015-01-21 15:58 - 2015-01-21 15:58 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-01 11:34 - 2015-04-01 11:34 - 00098816 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\win32api.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00110080 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\pywintypes27.dll
2015-04-01 11:34 - 2015-04-01 11:34 - 00364544 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\pythoncom27.dll
2015-04-01 11:34 - 2015-04-01 11:34 - 00045568 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\_socket.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 01161216 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\_ssl.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00320512 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\win32com.shell.shell.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00713216 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\_hashlib.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 01175040 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\wx._core_.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00805888 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\wx._gdi_.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00811008 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\wx._windows_.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 01062400 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\wx._controls_.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00735232 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\wx._misc_.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00682496 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\pysqlite2._sqlite.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00128512 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\_elementtree.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00127488 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\pyexpat.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00087552 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\_ctypes.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00119808 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\win32file.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00108544 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\win32security.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00007168 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\hashobjs_ext.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00167936 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\win32gui.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00018432 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\win32event.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00038912 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\win32inet.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00011264 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\win32crypt.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00070656 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\wx._html2.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00027136 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\_multiprocessing.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00020480 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\_yappi.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00035840 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\win32process.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00686080 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\unicodedata.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00122368 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\wx._wizard.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00024064 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\win32pipe.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00010240 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\select.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00025600 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\win32pdh.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00525640 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\windows._lib_cacheinvalidation.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00017408 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\win32profile.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00022528 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\win32ts.pyd
2015-04-01 11:34 - 2015-04-01 11:34 - 00078336 _____ () C:\Users\Chris\AppData\Local\Temp\_MEI51442\wx._animate.pyd
2015-03-07 06:29 - 2015-03-07 06:29 - 00573528 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll
2015-03-17 21:54 - 2015-03-17 21:54 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll
2015-02-13 01:23 - 2015-03-10 02:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-13 01:23 - 2014-12-01 20:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-02-13 01:23 - 2014-12-01 20:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-13 01:23 - 2014-12-01 20:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-02-13 01:23 - 2015-03-30 15:40 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2015-02-13 01:22 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-02-13 01:22 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-02-13 01:22 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-02-13 01:22 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-02-13 01:22 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-02-13 01:22 - 2015-03-30 15:40 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-02-13 01:22 - 2015-02-24 21:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-02-13 01:22 - 2015-02-24 21:58 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-02-25 10:55 - 2014-02-25 10:55 - 00151040 ____N () C:\Users\Chris\AppData\Local\Temp\is45637729\1346071_stp\RAM.dll
2015-02-16 13:59 - 2015-02-16 13:59 - 00106496 ____N () C:\Users\Chris\AppData\Local\Temp\is45637729\1346058_stp\icc.dll
2014-12-02 16:09 - 2014-12-02 16:09 - 00643948 ____N () C:\Users\Chris\AppData\Local\Temp\is45637729\1346058_stp\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VCL => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-662125380-580819888-2351019072-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ADSKAppManager => "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MonitorTuner => C:\PROGRAM FILES (X86)\TABLET\MonitorTuner.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: uTorrent => "C:\Users\Chris\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: WmiPrv => C:\Users\Chris\AppData\Roaming\Adobe\WmiPrv\WmiPrvSE.exe
MSCONFIG\startupreg: WTClient => WTClient.exe

==================== Accounts: =============================

Administrator (S-1-5-21-662125380-580819888-2351019072-500 - Administrator - Disabled)
Chris (S-1-5-21-662125380-580819888-2351019072-1000 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-662125380-580819888-2351019072-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-662125380-580819888-2351019072-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2015 11:33:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 05:55:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2015 04:51:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 04:47:46 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 1.  The machine must now be restarted.


System errors:
=============
Error: (04/01/2015 11:39:27 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (04/01/2015 11:33:45 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
UimBus
Uim_DEVIM
Uim_IM

Error: (03/31/2015 04:50:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
UimBus
Uim_DEVIM
Uim_IM

Error: (03/31/2015 04:50:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Button service failed to start due to the following error:
%%2

Error: (03/31/2015 04:49:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:48:04 PM on ‎3/‎31/‎2015 was unexpected.

Error: (03/31/2015 04:47:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/31/2015 04:47:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Hi-Rez Studios Authenticate and Update Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (04/01/2015 11:33:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 05:55:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe

Error: (03/31/2015 04:51:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 04:47:46 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: C:\Windows\system32\lsass.exe1


==================== Memory info ===========================

Processor: AMD FX™-8350 Eight-Core Processor
Percentage of memory in use: 43%
Total physical RAM: 8173.54 MB
Available physical RAM: 4582.12 MB
Total Pagefile: 16345.26 MB
Available Pagefile: 12337.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:298.52 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:931.41 GB) (Free:546.28 GB) NTFS
Drive f: (System) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 74697CAA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DF8950DD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 PM

Posted 01 April 2015 - 12:54 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

() C:\Users\Chris\AppData\Local\45443439-1427750521-4543-3636-4635FFFFFFFF\cnsv2371.tmp
() C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\jnsp42A0.tmp
() C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\nstF46E.tmp
() C:\Users\Chris\AppData\Local\45443439-1427750537-4543-3636-4635FFFFFFFF\snsf66B5.tmp
(                                                            ) C:\Users\Chris\AppData\Local\Temp\nsn7D5.tmp
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yqKoWb2HU7.lnk
ShortcutTarget: yqKoWb2HU7.lnk -> C:\ProgramData\{9d0e9bf5-1ba3-287f-9d0e-e9bf51ba6fd4}\yqKoWb2HU7.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-662125380-580819888-2351019072-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-662125380-580819888-2351019072-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-662125380-580819888-2351019072-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1427765624&from=cmi&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S582269422694"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSearchURL: Default -> http://www.mystartsearch.com/web/?type=ds&ts=1427765624&from=cmi&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S582269422694&q={searchTerms}
CHR Extension: (CinemaPlus-3.2cV30.03) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-03-30]
R2 dukomoqe; C:\Users\Chris\AppData\Local\45443439-1427750521-4543-3636-4635FFFFFFFF\cnsv2371.tmp [195584 2015-03-30] () [File not signed]
R2 fereqolu; C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\jnsp42A0.tmp [169984 2015-03-30] () [File not signed]
R2 qulyripy; C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\nstF46E.tmp [134144 2015-04-01] () [File not signed]
R2 zudibono; C:\Users\Chris\AppData\Local\45443439-1427750537-4543-3636-4635FFFFFFFF\snsf66B5.tmp [273920 2015-03-30] () [File not signed]
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 14 Free\program\BioNTDrv.SYS [X]
S3 MFE_RR; \??\C:\Users\Chris\AppData\Local\Temp\mfe_rr.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Task: {61E7F8DD-26AB-4838-9D67-81F8EF8DFD28} - System32\Tasks\ABSKFMZZ => C:\Users\Chris\AppData\Roaming\ABSKFMZZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\ABSKFMZZ.job => C:\Users\Chris\AppData\Roaming\ABSKFMZZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\EFDWJ.job => C:\Users\Chris\AppData\Roaming\EFDWJ.exe <==== ATTENTION
C:\Users\Chris\AppData\Local\45443439-1427750521-4543-3636-4635FFFFFFFF
C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF
C:\Users\Chris\AppData\Local\45443439-1427750537-4543-3636-4635FFFFFFFF
C:\Users\Chris\AppData\Roaming\ABSKFMZZ.exe
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your chrome program was compromised.


Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Reinstall Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

How is the computer running now.

#5 Hannibal Rage

Hannibal Rage
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 01 April 2015 - 01:13 PM

My computer seems to be running smooth again, so far no random pop ups from access anywhere as well. Thank you for your help and your time!

 

Fix

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Chris at 2015-04-01 14:02:42 Run:1
Running from C:\Users\Chris\Desktop\Clean
Loaded Profiles: Chris (Available profiles: Chris)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

() C:\Users\Chris\AppData\Local\45443439-1427750521-4543-3636-4635FFFFFFFF\cnsv2371.tmp
() C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\jnsp42A0.tmp
() C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\nstF46E.tmp
() C:\Users\Chris\AppData\Local\45443439-1427750537-4543-3636-4635FFFFFFFF\snsf66B5.tmp
(                                                            ) C:\Users\Chris\AppData\Local\Temp\nsn7D5.tmp
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yqKoWb2HU7.lnk
ShortcutTarget: yqKoWb2HU7.lnk -> C:\ProgramData\{9d0e9bf5-1ba3-287f-9d0e-e9bf51ba6fd4}\yqKoWb2HU7.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-662125380-580819888-2351019072-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-662125380-580819888-2351019072-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-662125380-580819888-2351019072-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1427765624&from=cmi&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S582269422694"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSearchURL: Default -> http://www.mystartsearch.com/web/?type=ds&ts=1427765624&from=cmi&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S582269422694&q={searchTerms}
CHR Extension: (CinemaPlus-3.2cV30.03) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-03-30]
R2 dukomoqe; C:\Users\Chris\AppData\Local\45443439-1427750521-4543-3636-4635FFFFFFFF\cnsv2371.tmp [195584 2015-03-30] () [File not signed]
R2 fereqolu; C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\jnsp42A0.tmp [169984 2015-03-30] () [File not signed]
R2 qulyripy; C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\nstF46E.tmp [134144 2015-04-01] () [File not signed]
R2 zudibono; C:\Users\Chris\AppData\Local\45443439-1427750537-4543-3636-4635FFFFFFFF\snsf66B5.tmp [273920 2015-03-30] () [File not signed]
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 14 Free\program\BioNTDrv.SYS [X]
S3 MFE_RR; \??\C:\Users\Chris\AppData\Local\Temp\mfe_rr.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Task: {61E7F8DD-26AB-4838-9D67-81F8EF8DFD28} - System32\Tasks\ABSKFMZZ => C:\Users\Chris\AppData\Roaming\ABSKFMZZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\ABSKFMZZ.job => C:\Users\Chris\AppData\Roaming\ABSKFMZZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\EFDWJ.job => C:\Users\Chris\AppData\Roaming\EFDWJ.exe <==== ATTENTION
C:\Users\Chris\AppData\Local\45443439-1427750521-4543-3636-4635FFFFFFFF
C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF
C:\Users\Chris\AppData\Local\45443439-1427750537-4543-3636-4635FFFFFFFF
C:\Users\Chris\AppData\Roaming\ABSKFMZZ.exe
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp

End
*****************

Processes closed successfully.
C:\Users\Chris\AppData\Local\45443439-1427750521-4543-3636-4635FFFFFFFF\cnsv2371.tmp => No running process found
C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\jnsp42A0.tmp => No running process found
C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF\nstF46E.tmp => No running process found
C:\Users\Chris\AppData\Local\45443439-1427750537-4543-3636-4635FFFFFFFF\snsf66B5.tmp => No running process found
C:\Users\Chris\AppData\Local\Temp\nsn7D5.tmp => No running process found
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yqKoWb2HU7.lnk => Moved successfully.
C:\ProgramData\{9d0e9bf5-1ba3-287f-9d0e-e9bf51ba6fd4}\yqKoWb2HU7.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-662125380-580819888-2351019072-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKU\S-1-5-21-662125380-580819888-2351019072-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll not found.
"HKU\S-1-5-21-662125380-580819888-2351019072-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll not found.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword not detected.
Chrome DefaultSearchURL not detected.
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp => Moved successfully.
dukomoqe => Service deleted successfully.
fereqolu => Service deleted successfully.
qulyripy => Service not found.
zudibono => Service deleted successfully.
BioNTDrv => Service deleted successfully.
MFE_RR => Service deleted successfully.
Tablet2k => Service deleted successfully.
xhunter1 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61E7F8DD-26AB-4838-9D67-81F8EF8DFD28}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61E7F8DD-26AB-4838-9D67-81F8EF8DFD28}" => Key deleted successfully.
C:\Windows\System32\Tasks\ABSKFMZZ => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ABSKFMZZ" => Key deleted successfully.
C:\Windows\Tasks\ABSKFMZZ.job => Moved successfully.
C:\Windows\Tasks\EFDWJ.job => Moved successfully.
C:\Users\Chris\AppData\Local\45443439-1427750521-4543-3636-4635FFFFFFFF => Moved successfully.
C:\Users\Chris\AppData\Roaming\45443439-1427764709-4543-3636-4635FFFFFFFF => Moved successfully.
C:\Users\Chris\AppData\Local\45443439-1427750537-4543-3636-4635FFFFFFFF => Moved successfully.
"C:\Users\Chris\AppData\Roaming\ABSKFMZZ.exe" => File/Directory not found.
"C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog 14:02:45 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 PM

Posted 02 April 2015 - 06:32 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 PM

Posted 08 April 2015 - 07:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users