Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Edeals virus in all browsers Windows 7


  • This topic is locked This topic is locked
4 replies to this topic

#1 Anon_

Anon_

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 26 May 2015 - 02:44 PM

I can't get rid of it, I tried booting in safe mode and scanning with malwarebytes, ccleaner, spybot, combofix and they can't find it.

 

I looked through the forum and found that most people who get it ran FRST and posted their log so here is mine. Also addition.txt is attached.

 

Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-05-2015
Ran by Owner (administrator) on OWNER-PC on 26-05-2015 11:46:30
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner &  (Available Profiles: Owner & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Scarlet.Crush Productions) C:\Program Files\PS3 Controller\ScpService.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
() C:\Windows\system\3DG4me.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel) C:\Program Files (x86)\Common Files\Intel\PCSDK\bin\win32\notification_tool.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Users\Owner\AppData\Local\nativeosapi\nativeosapi.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\nav.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Apache Software Foundation) C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apache Software Foundation) C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\nav.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
() C:\Users\Owner\AppData\Local\nativeosapi\debuggerfrozenMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
() C:\Windows\SysWOW64\snapshotutility_86\snapshotutility_86.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543912 2011-11-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [CAHS1Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [3DG4me] => C:\Windows\System\3DG4me.exe [151552 2013-05-28] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2011-10-11] (Intel Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2013-01-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336952 2012-04-18] (Power Software Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [Intel Privacy Notification Tool] => C:\Program Files (x86)\Common Files\Intel\PCSDK\bin\win32\notification_tool.exe [2124432 2014-03-07] (Intel)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\C2MP\CodecUACManager.exe [60416 2015-03-05] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-449798531-1453499996-790220993-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation)
HKU\S-1-5-21-449798531-1453499996-790220993-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-449798531-1453499996-790220993-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-449798531-1453499996-790220993-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation)
HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation)
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BitTorrent] => "C:\Users\Owner\Downloads\BitTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2012-11-14] (Spotify Ltd)
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\Launcher.exe
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {92f22f39-9945-11e1-a783-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c1ae1c21-9950-11e1-900e-806e6f6e6963} - D:\SETUP.EXE
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c822b3bf-9b8e-11e1-93f2-c860009f0feb} - "E:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2015-04-09]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-05-12]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2012-10-29]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-02-03] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [P4EXPCheckoutOverlay] -> {80E008A4-EAE7-4867-AEB0-1A245F070F25} => C:\Program Files\Perforce\p4exp64.dll [2013-03-20] (Perforce Software Inc.)
ShellIconOverlayIdentifiers: [P4EXPSyncdOverlay] -> {ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9} => C:\Program Files\Perforce\p4exp64.dll [2013-03-20] (Perforce Software Inc.)
ShellIconOverlayIdentifiers: [P4EXPUpdateOverlay] -> {C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2} => C:\Program Files\Perforce\p4exp64.dll [2013-03-20] (Perforce Software Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [P4EXPCheckoutOverlay] -> {80E008A4-EAE7-4867-AEB0-1A245F070F25} => C:\Program Files\Perforce\p4exp.dll [2013-03-20] (Perforce Software Inc.)
ShellIconOverlayIdentifiers-x32: [P4EXPSyncdOverlay] -> {ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9} => C:\Program Files\Perforce\p4exp.dll [2013-03-20] (Perforce Software Inc.)
ShellIconOverlayIdentifiers-x32: [P4EXPUpdateOverlay] -> {C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2} => C:\Program Files\Perforce\p4exp.dll [2013-03-20] (Perforce Software Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-449798531-1453499996-790220993-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-449798531-1453499996-790220993-1000] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-449798531-1453499996-790220993-1000] => http=127.0.0.1:13105
ProxyEnable: [S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:13105
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-449798531-1453499996-790220993-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={73CBF6BE-D006-463B-A630-3B2F508C2C71}&mid=8c3433098d0847d08ae41929467be618-621e6b3f153aab4587936c3fc053a23c7025eb79&lang=en&ds=st011&pr=sa&d=2012-05-10 16:39:36&v=12.2.5.32&sap=hp
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-449798531-1453499996-790220993-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={73CBF6BE-D006-463B-A630-3B2F508C2C71}&mid=8c3433098d0847d08ae41929467be618-621e6b3f153aab4587936c3fc053a23c7025eb79&lang=en&ds=st011&pr=sa&d=2012-05-10 16:39:36&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={73CBF6BE-D006-463B-A630-3B2F508C2C71}&mid=8c3433098d0847d08ae41929467be618-621e6b3f153aab4587936c3fc053a23c7025eb79&lang=en&ds=st011&pr=sa&d=2012-05-10 16:39:36&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-14] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-05] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-05] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-449798531-1453499996-790220993-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-449798531-1453499996-790220993-1000 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\qmztzyiy.default-1432657338053
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-09-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-05-15] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-05-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\TELUS_Activation_11\npMotive.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-10-29] (Google)
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-10-29] (Google)
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-12-21] ()
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-10-29] (Google)
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-10-29] (Google)
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-12-21] ()
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-05-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2014-12-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2014-12-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-10-29] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-10-29] (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-11]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-05-12]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2015-05-26]
FF HKU\S-1-5-21-449798531-1453499996-790220993-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-03]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-03]
CHR Extension: (Bookmark Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-03]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-03]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2013-01-14] (Adobe Systems Incorporated)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 Ds3Service; C:\Program Files\PS3 Controller\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) []
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) []
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) []
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) []
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2011-10-11] (Intel Corporation) []
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2011-03-16] (Alcatel-Lucent) []
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-03-16] (Alcatel-Lucent) []
R2 nativeosapi.exe; C:\Users\Owner\AppData\Local\nativeosapi\nativeosapi.exe [214016 2015-05-20] () []
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\NAV.exe [262928 2015-03-06] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) []
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2683736 2014-07-02] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) []
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 snapshotutility_86; C:\Windows\SysWOW64\snapshotutility_86\snapshotutility_86.exe [68608 2014-12-11] () []
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) []
R2 VisualSVNServer; C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [24904 2013-11-25] (Apache Software Foundation)
S3 vrepocfgsvc; C:\Program Files (x86)\VisualSVN Server\bin\vrepocfgsvc.exe [121672 2013-11-25] (VisualSVN Ltd.)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\BASHDefs\20150519.001\BHDrvx64.sys [1639128 2015-05-01] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 CorsairCAHS1; C:\Windows\System32\drivers\CAHS164.sys [1308160 2011-06-16] (C-Media Electronics Inc)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-04-29] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [23832 2011-10-11] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\IPSDefs\20150521.003\IDSvia64.sys [671448 2015-04-01] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-26] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-03-16] (Printing Communications Assoc., Inc. (PCAUSA)) []
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-03-16] (Printing Communications Assoc., Inc. (PCAUSA)) []
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\VirusDefs\20150525.001\ENG64.SYS [129752 2015-04-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\VirusDefs\20150525.001\EX64.SYS [2137304 2015-04-29] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1507000.00B\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-02-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 USBADVAU; C:\Windows\System32\drivers\cm11264.sys [1308160 2009-11-25] (C-Media Electronics Inc)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 catchme; \??\C:\combofix\catchme.sys [X]
S0 gbws; System32\drivers\mxnu.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-26 11:46 - 2015-05-26 11:46 - 00051161 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-05-26 11:45 - 2015-05-26 11:46 - 00000000 ____D () C:\FRST
2015-05-26 11:45 - 2015-05-26 11:45 - 02108928 _____ (Farbar) C:\Users\Owner\Desktop\frst64.exe
2015-05-26 11:37 - 2015-05-26 11:39 - 00031230 _____ () C:\Windows\WindowsUpdate.log
2015-05-26 11:31 - 2015-05-26 11:31 - 00000552 _____ () C:\Windows\PFRO.log
2015-05-26 11:31 - 2015-05-26 11:31 - 00000056 _____ () C:\Windows\setupact.log
2015-05-26 11:31 - 2015-05-26 11:31 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-26 09:38 - 2015-05-26 09:38 - 00041726 _____ () C:\ComboFix.txt
2015-05-26 09:22 - 2015-05-26 09:22 - 00000000 ____D () C:\Users\Owner\Desktop\Old Firefox Data
2015-05-26 09:13 - 2015-05-26 09:38 - 00000000 ____D () C:\Qoobox
2015-05-25 09:56 - 2015-05-25 09:57 - 185676677 _____ () C:\Users\Owner\Desktop\ConstellationOBJ.obj
2015-05-25 09:56 - 2015-05-25 09:57 - 00000119 _____ () C:\Users\Owner\Desktop\ConstellationOBJ.mtl
2015-05-24 12:33 - 2015-05-24 12:33 - 05628291 ____R (Swearware) C:\Users\Owner\Downloads\combofix.exe
2015-05-24 11:44 - 2015-05-24 11:44 - 00000000 ____D () C:\Windows\pss
2015-05-24 01:16 - 2015-05-24 01:16 - 00002790 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-05-24 01:16 - 2015-05-24 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-24 01:16 - 2015-05-24 01:16 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-24 01:15 - 2015-05-24 01:15 - 06482752 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup505pro.exe
2015-05-23 00:03 - 2015-05-23 00:03 - 00243344 _____ () C:\Users\Owner\Downloads\Firefox Setup Stub 38.0.1.exe
2015-05-22 22:35 - 2015-05-24 00:44 - 00000000 ____D () C:\AdwCleaner
2015-05-22 22:34 - 2015-05-22 22:34 - 02223104 _____ () C:\Users\Owner\Downloads\adwcleaner_4.205.exe
2015-05-21 12:14 - 2015-05-21 12:14 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-21 11:37 - 2015-05-21 11:37 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-21 11:37 - 2015-05-21 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-21 11:37 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-05-21 11:35 - 2015-05-21 11:36 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Owner\Downloads\spybot-2.4.exe
2015-05-21 00:35 - 2015-05-24 01:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TS3Client
2015-05-21 00:35 - 2015-05-21 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-05-21 00:35 - 2015-05-21 00:35 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2015-05-21 00:32 - 2015-05-21 00:34 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Owner\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2015-05-20 23:19 - 2015-05-22 23:23 - 00000000 ____D () C:\Users\Owner\AppData\Local\nativeosapi
2015-05-20 15:14 - 2015-05-20 15:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Free Video Cutter 1.3
2015-05-20 15:09 - 2015-05-20 15:09 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2015-05-20 15:09 - 2015-05-20 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-05-20 15:09 - 2015-05-20 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2015-05-20 15:09 - 2015-05-20 15:09 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2015-05-20 15:09 - 2015-05-20 15:09 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-05-20 15:09 - 2012-06-09 10:21 - 00178688 _____ () C:\Windows\SysWOW64\unrar.dll
2015-05-20 10:47 - 2015-05-20 10:48 - 00000000 ____D () C:\Users\Owner\Downloads\Riot Games - 20 05 2015 00-46-09 - LCK Champions Summer _ Week 1 Day 1
2015-05-20 10:46 - 2015-05-20 10:46 - 00000000 ____D () C:\Users\Owner\Downloads\ffmpeg-20150520-git-b8e7f2b-win64-static
2015-05-20 10:45 - 2015-05-20 10:46 - 32391503 _____ () C:\Users\Owner\Downloads\ffmpeg-20150520-git-b8e7f2b-win64-static.7z
2015-05-20 10:33 - 2015-05-20 10:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\Chromium
2015-05-18 21:06 - 2015-05-18 21:44 - 00000000 ____D () C:\Users\Owner\Downloads\Silicon.Valley.S02E04.HDTV.x264-ASAP[ettv]
2015-05-18 21:06 - 2015-05-18 21:17 - 00000000 ____D () C:\Users\Owner\Downloads\Silicon.Valley.S02E03.HDTV.x264-KILLERS[ettv]
2015-05-18 21:05 - 2015-05-18 22:44 - 00000000 ____D () C:\Users\Owner\Downloads\Silicon.Valley.S02E06.HDTV.x264-ASAP[ettv]
2015-05-18 21:05 - 2015-05-18 22:12 - 00000000 ____D () C:\Users\Owner\Downloads\Silicon.Valley.S02E05.HDTV.x264-ASAP[ettv]
2015-05-14 04:35 - 2015-05-14 04:35 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-14 03:13 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:13 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:38 - 2015-05-13 21:44 - 00000000 ____D () C:\Users\Owner\Documents\StarCitizen
2015-05-13 21:38 - 2015-05-13 21:38 - 00001085 _____ () C:\Users\Owner\Desktop\StarCitizen.lnk
2015-05-13 21:38 - 2015-05-13 21:38 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCitizen
2015-05-13 19:36 - 2015-05-13 19:36 - 00000201 _____ () C:\Users\Owner\Desktop\Bryan.txt
2015-05-13 09:53 - 2015-05-04 18:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 09:53 - 2015-05-04 18:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 09:53 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 09:53 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 09:53 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 09:52 - 2015-04-27 12:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 09:52 - 2015-04-27 12:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 09:52 - 2015-04-27 12:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 09:52 - 2015-04-27 12:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 09:52 - 2015-04-27 12:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 09:52 - 2015-04-27 12:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 09:52 - 2015-04-27 12:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 09:52 - 2015-04-27 12:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 09:52 - 2015-04-27 12:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 09:52 - 2015-04-27 12:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 09:52 - 2015-04-27 12:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 09:52 - 2015-04-27 12:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 09:52 - 2015-04-27 12:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 09:52 - 2015-04-27 12:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 09:52 - 2015-04-27 12:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 09:52 - 2015-04-27 12:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 09:52 - 2015-04-27 12:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 12:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 09:52 - 2015-04-27 12:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 09:52 - 2015-04-27 12:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 09:52 - 2015-04-27 12:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 09:52 - 2015-04-27 12:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 09:52 - 2015-04-27 12:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 09:52 - 2015-04-27 12:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 09:52 - 2015-04-27 12:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 09:52 - 2015-04-27 12:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 09:52 - 2015-04-27 12:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 09:52 - 2015-04-27 12:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 09:52 - 2015-04-27 12:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 09:52 - 2015-04-27 12:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 09:52 - 2015-04-27 12:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 09:52 - 2015-04-27 12:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 09:52 - 2015-04-27 12:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 09:52 - 2015-04-27 12:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 09:52 - 2015-04-27 12:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 09:52 - 2015-04-27 12:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 09:52 - 2015-04-27 12:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 09:52 - 2015-04-27 12:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 09:52 - 2015-04-27 12:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 09:52 - 2015-04-27 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 09:52 - 2015-04-27 12:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 09:52 - 2015-04-27 12:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 09:52 - 2015-04-27 12:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 09:52 - 2015-04-27 12:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 09:52 - 2015-04-27 12:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 11:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 09:52 - 2015-04-27 10:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 09:52 - 2015-04-27 10:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 09:52 - 2015-04-27 10:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 10:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 09:52 - 2015-04-27 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 09:52 - 2015-04-21 07:33 - 14374400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 09:52 - 2015-04-21 07:33 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 09:52 - 2015-04-21 07:33 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 09:52 - 2015-04-21 07:33 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 09:52 - 2015-04-21 07:33 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 09:52 - 2015-04-21 07:33 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 09:52 - 2015-04-21 07:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 09:52 - 2015-04-21 06:53 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 09:52 - 2015-04-21 06:53 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 09:52 - 2015-04-21 06:53 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 09:52 - 2015-04-21 06:52 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 09:52 - 2015-04-21 06:52 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 09:52 - 2015-04-21 06:52 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 09:52 - 2015-04-21 06:52 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 09:52 - 2015-04-21 06:52 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 09:52 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 09:52 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 09:52 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 09:52 - 2015-04-19 19:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 09:52 - 2015-04-07 20:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 09:52 - 2015-04-07 20:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 09:52 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 09:52 - 2015-03-03 21:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 09:52 - 2015-03-03 21:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 09:52 - 2015-03-03 21:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 09:52 - 2015-03-03 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 09:52 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 09:52 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 09:52 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 09:52 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 09:52 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 09:52 - 2015-01-28 20:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 09:52 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 09:51 - 2015-04-21 07:33 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 09:51 - 2015-04-21 07:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 09:51 - 2015-04-21 07:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 09:51 - 2015-04-21 07:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 09:51 - 2015-04-21 07:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 09:51 - 2015-04-21 07:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 09:51 - 2015-04-21 07:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 09:51 - 2015-04-21 07:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-05-13 09:51 - 2015-04-21 07:33 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 09:51 - 2015-04-21 07:33 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 09:51 - 2015-04-21 07:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 09:51 - 2015-04-21 07:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 09:51 - 2015-04-21 07:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 09:51 - 2015-04-21 06:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 09:51 - 2015-04-21 06:53 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 09:51 - 2015-04-21 06:52 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 09:51 - 2015-04-21 06:52 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 09:51 - 2015-04-21 06:52 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 09:51 - 2015-04-21 06:52 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 09:51 - 2015-04-21 06:52 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 09:51 - 2015-04-21 06:52 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 09:51 - 2015-04-21 06:52 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-05-13 09:51 - 2015-04-21 06:52 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 09:51 - 2015-04-21 06:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 09:51 - 2015-04-21 06:52 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 09:51 - 2015-04-21 06:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 09:51 - 2015-04-17 20:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 09:51 - 2015-04-17 19:59 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 09:51 - 2015-04-17 19:37 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 09:51 - 2015-04-17 19:34 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 09:51 - 2015-04-17 19:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-05-13 09:51 - 2015-04-17 19:09 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-05-11 12:59 - 2015-05-12 10:00 - 00000000 ____D () C:\Users\Owner\Documents\New Unity Project
2015-05-07 15:20 - 2015-05-07 15:20 - 00000000 ____D () C:\Users\Owner\Downloads\C, C++ and C# For Dummies
2015-05-07 12:32 - 2015-05-07 12:32 - 00774281 _____ (Program ) C:\Users\Owner\Downloads\mediainfo_gui_0.7.71_windows.exe
2015-05-05 12:57 - 2015-05-05 12:57 - 33022708 _____ () C:\Users\Owner\Downloads\TSN_BG.psd
2015-05-03 15:30 - 2015-05-03 15:41 - 00000000 ____D () C:\Program Files\Cryengine
2015-05-03 15:23 - 2015-05-03 15:23 - 07514090 _____ () C:\Users\Owner\Downloads\mayace3_2.2.5.exe
2015-04-30 16:27 - 2015-04-30 16:29 - 208623896 _____ (${PRODUCT_PUBLISHER}) C:\Users\Owner\Downloads\UnityStandardAssetsSetup.exe
2015-04-30 16:27 - 2015-04-30 16:27 - 07206648 _____ (Unity Technologies ApS) C:\Users\Owner\Downloads\UnityWebPlayerDevelopment.exe
2015-04-30 16:26 - 2015-04-30 16:26 - 00000901 _____ () C:\Users\Public\Desktop\Unity 5.0.1f1 (64-bit).lnk
2015-04-30 16:26 - 2015-04-30 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.0.1f1 (64-bit)
2015-04-30 16:07 - 2015-04-30 16:26 - 00000000 ____D () C:\Program Files\Unity 5
2015-04-30 16:07 - 2015-04-30 16:19 - 1248285320 _____ (Unity Technologies ApS) C:\Users\Owner\Downloads\UnitySetup64.exe
2015-04-30 16:06 - 2015-04-30 16:06 - 00653952 _____ () C:\Users\Owner\Downloads\UnityDownloadAssistant-5.0.1f1.exe
2015-04-28 11:14 - 2015-04-28 11:20 - 270457818 _____ () C:\Users\Owner\Downloads\SC-0411-0050.zip
2015-04-26 17:27 - 2015-04-26 17:27 - 00000000 ____D () C:\Users\Owner\Documents\Guild Wars 2
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-26 11:44 - 2015-01-20 10:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-26 11:43 - 2009-07-13 21:45 - 00036048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-26 11:43 - 2009-07-13 21:45 - 00036048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-26 11:41 - 2012-05-10 12:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-05-26 11:38 - 2009-07-13 19:34 - 00000513 _____ () C:\Windows\win.ini
2015-05-26 11:34 - 2012-05-10 17:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2015-05-26 11:32 - 2015-04-09 21:12 - 00260096 ___SH () C:\Users\Owner\Desktop\Thumbs.db
2015-05-26 11:32 - 2014-12-16 14:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-26 11:32 - 2014-08-14 21:53 - 00000000 ____D () C:\Program Files\PS3 Controller
2015-05-26 11:32 - 2013-09-05 12:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-26 11:32 - 2012-05-11 11:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\TSVNCache
2015-05-26 11:32 - 2012-05-10 23:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-26 11:31 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 09:35 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-26 09:08 - 2014-09-19 09:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-25 23:28 - 2014-12-16 14:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 21:42 - 2015-02-13 15:16 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-05-25 21:42 - 2014-04-04 20:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\Battle.net
2015-05-25 18:59 - 2014-12-15 16:12 - 00000000 ____D () C:\Windows\SysWOW64\snapshotutility_86
2015-05-25 17:48 - 2012-05-11 13:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2015-05-25 17:36 - 2012-11-05 11:04 - 00000000 ____D () C:\ProgramData\Unity
2015-05-25 09:56 - 2009-07-13 22:13 - 00788438 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-24 12:35 - 2012-11-25 15:18 - 02578432 ___SH () C:\Users\Owner\Downloads\Thumbs.db
2015-05-24 12:06 - 2011-02-25 20:07 - 00000000 ____D () C:\Users\Owner\Desktop\INVOICES
2015-05-24 01:46 - 2012-05-13 20:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\FileZilla
2015-05-24 01:46 - 2012-05-10 11:38 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\BitTorrent
2015-05-24 01:44 - 2015-03-07 18:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2015-05-24 01:44 - 2012-05-08 13:39 - 00000000 ____D () C:\Windows\Panther
2015-05-24 00:38 - 2012-05-08 12:55 - 00000000 ____D () C:\Users\Owner
2015-05-24 00:33 - 2013-08-16 16:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-21 15:28 - 2014-10-01 12:52 - 00000000 ____D () C:\Users\Owner\Documents\Visual Studio 2013
2015-05-21 15:14 - 2012-05-08 13:51 - 00000000 ____D () C:\Windows\AsusInstAll
2015-05-21 12:19 - 2014-12-15 17:16 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-21 12:15 - 2015-01-20 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-21 12:15 - 2015-01-20 10:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-21 11:37 - 2012-11-08 12:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-20 16:23 - 2015-02-26 15:35 - 00000000 ____D () C:\Users\Owner\Desktop\Clips
2015-05-20 15:25 - 2013-04-30 09:48 - 00000219 _____ () C:\Windows\SysWOW64\lsprst7.tgz
2015-05-20 15:25 - 2013-04-30 09:48 - 00000087 _____ () C:\Windows\SysWOW64\ssprs.tgz
2015-05-20 15:25 - 2013-04-30 09:48 - 00000021 _____ () C:\Windows\SurCode.INI
2015-05-16 16:23 - 2014-12-16 14:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 16:23 - 2014-12-16 14:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 14:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 04:28 - 2009-07-13 21:45 - 03137056 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 04:26 - 2013-04-10 22:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 04:26 - 2013-04-10 22:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 04:18 - 2010-11-21 00:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 04:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 03:54 - 2013-08-15 01:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 03:54 - 2012-05-10 17:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 03:36 - 2012-11-27 16:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-14 03:36 - 2012-06-08 00:37 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 03:12 - 2013-04-10 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 21:38 - 2013-05-17 14:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-05-11 13:01 - 2014-04-04 20:45 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-04 09:47 - 2012-05-10 17:24 - 00000000 ____D () C:\ProgramData\Skype
2015-04-30 17:21 - 2012-05-10 17:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Unity
2015-04-30 16:27 - 2012-05-10 17:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\Unity
2015-04-28 12:24 - 2015-03-02 10:44 - 00001226 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2014.lnk
 
==================== Files in the root of some directories =======
 
2013-08-02 11:10 - 2014-06-23 09:11 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-12-17 10:10 - 2013-09-16 00:16 - 0012005 _____ () C:\Users\Owner\AppData\Roaming\alsoft.ini
2012-05-11 14:59 - 2012-05-11 14:59 - 0305854 _____ () C:\Users\Owner\AppData\Roaming\CodecsLE_Install.log
2012-08-21 22:42 - 2014-07-06 17:59 - 0026112 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-16 15:20 - 2014-12-16 15:20 - 0000218 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2012-11-08 13:04 - 2015-02-23 01:38 - 0007604 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2012-11-05 12:01 - 2012-09-06 12:01 - 0000032 ____R () C:\ProgramData\hash.dat
2012-05-12 15:38 - 2013-09-03 14:49 - 0004460 _____ () C:\ProgramData\hpzinstall.log
2013-04-19 14:34 - 2013-04-19 14:34 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Owner\DSETUP.dll
C:\Users\Owner\dsetup32.dll
C:\Users\Owner\DXSETUP.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-14 02:52
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 28 May 2015 - 07:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
() C:\Users\Owner\AppData\Local\nativeosapi\nativeosapi.exe
() C:\Users\Owner\AppData\Local\nativeosapi\debuggerfrozenMonitor.exe
() C:\Windows\SysWOW64\snapshotutility_86\snapshotutility_86.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [codec Settings UAC Manager] => C:\Windows\SysWOW64\C2MP\CodecUACManager.exe [60416 2015-03-05] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2015-04-09]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-449798531-1453499996-790220993-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-449798531-1453499996-790220993-1000] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-449798531-1453499996-790220993-1000] => http=127.0.0.1:13105
ProxyEnable: [S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:13105
HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={73CBF6BE-D006-463B-A630-3B2F508C2C71}&mid=8c3433098d0847d08ae41929467be618-621e6b3f153aab4587936c3fc053a23c7025eb79&lang=en&ds=st011&pr=sa&d=2012-05-10 16:39:36&v=12.2.5.32&sap=hp
SearchScopes: HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={73CBF6BE-D006-463B-A630-3B2F508C2C71}&mid=8c3433098d0847d08ae41929467be618-621e6b3f153aab4587936c3fc053a23c7025eb79&lang=en&ds=st011&pr=sa&d=2012-05-10 16:39:36&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={73CBF6BE-D006-463B-A630-3B2F508C2C71}&mid=8c3433098d0847d08ae41929467be618-621e6b3f153aab4587936c3fc053a23c7025eb79&lang=en&ds=st011&pr=sa&d=2012-05-10 16:39:36&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
Toolbar: HKU\S-1-5-21-449798531-1453499996-790220993-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-449798531-1453499996-790220993-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\TELUS_Activation_11\npMotive.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-449798531-1453499996-790220993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
R2 nativeosapi.exe; C:\Users\Owner\AppData\Local\nativeosapi\nativeosapi.exe [214016 2015-05-20] () []
R2 snapshotutility_86; C:\Windows\SysWOW64\snapshotutility_86\snapshotutility_86.exe [68608 2014-12-11] () []
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 catchme; \??\C:\combofix\catchme.sys [X]
S0 gbws; System32\drivers\mxnu.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
C:\Windows\SysWOW64\C2MP
C:\Users\Owner\AppData\Local\nativeosapi
C:\Windows\SysWOW64\snapshotutility_86
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk
Task: {04D95D8E-3516-4CED-A3C0-7D713D109CDC} - \{5AFEB26F-7F35-4E98-98E3-7F0234A0CBC8} No Task File <==== ATTENTION
Task: {08E813AB-4FEF-47C9-81A2-29C5AEB358FA} - \{C017BD07-CF18-414A-BEFD-6C409A645AAA} No Task File <==== ATTENTION
Task: {301C9ED8-5B26-4E6A-878F-1D55353F65C9} - \{ECEA1F20-8FD4-4BF3-BE9F-CAB2F152C505} No Task File <==== ATTENTION
Task: {87276026-7541-408C-8991-9121B649DDB4} - \{584C5585-5FD0-4971-9540-BCFD801BB426} No Task File <==== ATTENTION
Task: {A8A6902F-23C4-48F5-B778-D5D12070B797} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {BF2C50A7-AC23-4B1B-A792-BB22B0CBFDF4} - \{97A7D7D5-81EC-4C5A-BBE9-42B2BAE31774} No Task File <==== ATTENTION
Task: {C6F8AD20-0601-41BD-BA0F-469CC5BC5027} - \{B3A64316-4963-479F-AD56-AA4AA067D3A4} No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Microsoft:6fOv9zJZY0U3Z7WABFz
AlternateDataStreams: C:\ProgramData\Microsoft:RhUuVpZrRpI9qwbsHMKfAMCKB
AlternateDataStreams: C:\ProgramData\TEMP:0D4FD08A
AlternateDataStreams: C:\ProgramData\TEMP:BC7A2734
AlternateDataStreams: C:\ProgramData\TEMP:FDA2F63C

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 Anon_

Anon_
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 28 May 2015 - 12:27 PM

Wow it worked! Thank you so much! I don't see the highlighted words anymore!

 

Here is my log:

 

# AdwCleaner v4.205 - Logfile created 28/05/2015 at 10:18:16
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\adwcleaner_4.205.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*origin.com;*ea.com;*akamaihd.net
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17356
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
 
-\\ Google Chrome v43.0.2357.81
 
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={73CBF6BE-D006-463B-A630-3B2F508C2C71}&mid=8c3433098d0847d08ae41929467be618-621e6b3f153aab4587936c3fc053a23c7025eb79&lang=en&ds=st011&pr=sa&d=2012-05-10%2016:39:36&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [4532 bytes] - [22/05/2015 22:35:14]
AdwCleaner[R1].txt - [2115 bytes] - [24/05/2015 00:41:28]
AdwCleaner[R2].txt - [1739 bytes] - [28/05/2015 10:12:47]
AdwCleaner[S0].txt - [4449 bytes] - [22/05/2015 23:23:20]
AdwCleaner[S1].txt - [1672 bytes] - [28/05/2015 10:18:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1731  bytes] ##########


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 28 May 2015 - 12:36 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 03 June 2015 - 08:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users