Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser infected with ads


  • This topic is locked This topic is locked
12 replies to this topic

#1 talick

talick

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 03 July 2015 - 06:53 AM

Hi there, 

 

I've done what I can but adware keeps coming back. I've been affected by deals4now and gifr which just cause pop ups to come up in chrome. I don't use any other browser but I'd imagine they are also infected. I don't have specific repro steps, just that they come up randomly. I also have some software that self installs without even downloading anything so it may be actively living somewhere.

 

I've ran bitdefender, malware bytes and spybot scans. It helped a bit but it still comes up. Less frequently though...

 

Here is my hijackthis log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:44:54 AM, on 7/3/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
 
FIREFOX: 31.0 (x86 en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Talek\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
O4 - HKCU\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
O4 - HKCU\..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Google Update] "C:\Users\Talek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [PC Remote Server] C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_21638E2EF2F0F200A3503589A96E9416] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')
O4 - Startup: SoundSwitch.appref-ms
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ADU Service (Nokia Software Recovery Tool) (ADUServiceNSRT) - Unknown owner - C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FortiClient SSLVPN (FortiSslvpnDaemon) - Fortinet Inc. - C:\WINDOWS\SysWOW64\FortiSSLVPNdaemon.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 14186 bytes
 


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:55 PM

Posted 03 July 2015 - 06:56 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop. Don't kill any malicious processes at your own.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked before you press the Scan button.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 talick

talick
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 03 July 2015 - 07:11 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Talek (administrator) on TALEK-PC on 03-07-2015 08:04:02
Running from C:\Users\Talek\Downloads
Loaded Profiles: Talek (Available Profiles: Talek)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Fortinet Inc.) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(PC Remote) C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Jeroen Pelgrims) C:\Users\Talek\AppData\Local\Apps\2.0\30OL0RMW.8BT\ELJHMVR0.PYR\soun..tion_0000000000000000_0002.0004_f839aedc2aa2d7a7\SoundSwitch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1757520 2014-12-08] (Bitdefender)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-03-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-07-01] (Electronic Arts)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [Google Update] => C:\Users\Talek\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-22] (Google Inc.)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [PC Remote Server] => C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe [1189624 2014-05-07] (PC Remote)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28787840 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [GoogleChromeAutoLaunch_21638E2EF2F0F200A3503589A96E9416] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\MountPoints2: {bc952157-0e15-11e4-be66-806e6f6e6963} - "D:\setup.exe" 
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
Startup: C:\Users\Talek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundSwitch.appref-ms [2015-02-10] ()
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 64.140.114.21 64.140.114.22 64.140.114.23
Tcpip\..\Interfaces\{7F35CD55-23DF-4E6C-AF7D-6E0D6C45D1B7}: [DhcpNameServer] 64.140.114.21 64.140.114.22 64.140.114.23
 
FireFox:
========
FF ProfilePath: C:\Users\Talek\AppData\Roaming\Mozilla\Firefox\Profiles\68eaxt15.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll [2014-07-22] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll [2014-04-09] (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccpluginex.dll [2014-04-09] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll [2014-04-09] (Fortinet Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2012007196-1499415457-4251682393-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Talek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2012007196-1499415457-4251682393-1001: @talk.google.com/O1DPlugin -> C:\Users\Talek\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2012007196-1499415457-4251682393-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2012007196-1499415457-4251682393-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2012007196-1499415457-4251682393-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Talek\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2014-08-28] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Talek\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Talek\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Selenium IDE: C# Formatters - C:\Users\Talek\AppData\Roaming\Mozilla\Firefox\Profiles\68eaxt15.default\Extensions\csharpformatters@seleniumhq.org.xpi [2014-08-21]
FF Extension: Selenium IDE: Java Formatters - C:\Users\Talek\AppData\Roaming\Mozilla\Firefox\Profiles\68eaxt15.default\Extensions\javaformatters@seleniumhq.org.xpi [2014-08-21]
FF Extension: Selenium IDE: Python Formatters - C:\Users\Talek\AppData\Roaming\Mozilla\Firefox\Profiles\68eaxt15.default\Extensions\pythonformatters@seleniumhq.org.xpi [2014-08-21]
FF Extension: Selenium IDE: Ruby Formatters - C:\Users\Talek\AppData\Roaming\Mozilla\Firefox\Profiles\68eaxt15.default\Extensions\rubyformatters@seleniumhq.org.xpi [2014-08-21]
FF Extension: Selenium IDE Button - C:\Users\Talek\AppData\Roaming\Mozilla\Firefox\Profiles\68eaxt15.default\Extensions\selenium_ide_buttons@egarracingteam.com.ar.xpi [2014-08-21]
FF Extension: Selenium IDE - C:\Users\Talek\AppData\Roaming\Mozilla\Firefox\Profiles\68eaxt15.default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2014-08-21]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-07-18]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-07-18]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]
CHR Extension: (Adblock Plus) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-29]
CHR Extension: (Google Search) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-17]
CHR Extension: (Pin It Button) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-05-29]
CHR Extension: (Fade to White Aero Skin (by Skarv)) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekemfmehiakocmomemagciajlikigkl [2014-07-20]
CHR Extension: (Gmail) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]
CHR Profile: C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (No Scroll Bars Please) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahnbemfjhoibkhlijfbbjdjafbmhimdn [2015-05-07]
CHR Extension: (Google Docs) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-31]
CHR Extension: (Redirect Path) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aomidfkchockcldhbkggjokdkkebmdll [2015-05-25]
CHR Extension: (Google Drive) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31]
CHR Extension: (YouTube) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-31]
CHR Extension: (Bitdefender Wallet) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-08-31]
CHR Extension: (Google Search) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-31]
CHR Extension: (Google Wallet) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-31]
CHR Extension: (Photo download for Facebook) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oaeofonahpollpigknepbpnabhgbpcjc [2015-04-17]
CHR Extension: (Gmail) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-31]
CHR Profile: C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (No Scroll Bars Please) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ahnbemfjhoibkhlijfbbjdjafbmhimdn [2015-05-07]
CHR Extension: (Google Docs) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-31]
CHR Extension: (Redirect Path) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aomidfkchockcldhbkggjokdkkebmdll [2015-05-25]
CHR Extension: (Google Drive) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31]
CHR Extension: (YouTube) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-31]
CHR Extension: (Bitdefender Wallet) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-08-31]
CHR Extension: (Google Search) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-31]
CHR Extension: (Google Wallet) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-31]
CHR Extension: (Photo download for Facebook) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oaeofonahpollpigknepbpnabhgbpcjc [2015-04-17]
CHR Extension: (Gmail) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-31]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-12-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe [100984 2014-08-22] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 FortiSslvpnDaemon; C:\WINDOWS\SysWOW64\FortiSSLVPNdaemon.exe [954080 2014-04-09] (Fortinet Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-01] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-02-05] ()
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1538672 2014-12-08] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-12-20] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-12-08] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [263032 2014-12-08] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-01-30] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-07-17] (Disc Soft Ltd)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-09-27] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 pppop; C:\Windows\system32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-12-08] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-07-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-03 08:04 - 2015-07-03 08:04 - 00029636 _____ C:\Users\Talek\Downloads\FRST.txt
2015-07-03 08:03 - 2015-07-03 08:04 - 00000000 ____D C:\FRST
2015-07-03 08:03 - 2015-07-03 08:03 - 02112512 _____ (Farbar) C:\Users\Talek\Downloads\FRST64.exe
2015-07-03 07:44 - 2015-07-03 07:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Talek\Downloads\HijackThis.exe
2015-07-03 07:44 - 2015-07-03 07:44 - 00014188 _____ C:\Users\Talek\Downloads\hijackthis.log
2015-06-25 23:04 - 2015-06-25 23:04 - 00018234 _____ C:\Users\Talek\Downloads\[kat.cr]flo.rida.my.house.2015.torrent
2015-06-25 22:45 - 2015-06-25 22:45 - 00014050 _____ C:\Users\Talek\Downloads\[kat.cr]tiesto.kshmr.feat.vassy.secrets.original.mix.320.kbps.edm.rg.torrent
2015-06-25 22:45 - 2015-06-25 22:45 - 00010943 _____ C:\Users\Talek\Downloads\[kat.cr]r3hab.kshmr.karate.original.mix.spinnin.records.edm.rg.320kbps.torrent
2015-06-25 22:29 - 2015-06-25 22:29 - 00003619 _____ C:\Users\Talek\Downloads\[kat.cr]fall.out.boy.american.beauty.american.psycho.2015.320kbps.mp3.sneakytpb.torrent
2015-06-25 22:25 - 2015-06-25 22:25 - 00017048 _____ C:\Users\Talek\Downloads\[kat.cr]steve.aoki.neon.future.i.ii.cdrip.torrent
2015-06-25 22:23 - 2015-06-25 22:23 - 00019874 _____ C:\Users\Talek\Downloads\[kat.cr]awolnation.run.2015.itunes.plus.m4a.pirate.shovon.torrent
2015-06-25 22:21 - 2015-06-25 22:21 - 00019783 _____ C:\Users\Talek\Downloads\[kat.cr]zedd.true.colors.2015.album.320.kbps.edm.rg.torrent
2015-06-25 22:19 - 2015-06-25 22:19 - 00024023 _____ C:\Users\Talek\Downloads\[kat.cr]richy.nix.discography.channel.neo.torrent
2015-06-25 22:17 - 2015-06-25 22:17 - 00001848 _____ C:\Users\Talek\Downloads\[kat.cr]major.lazer.peace.is.the.mission.2015.album.cdrip.mp3.320.kbps.tx.torrent
2015-06-25 22:16 - 2015-06-25 22:16 - 00018465 _____ C:\Users\Talek\Downloads\[kat.cr]nicki.minaj.pinkprint.deluxe.mp3.2014.torrent
2015-06-25 22:14 - 2015-06-25 22:15 - 00013843 _____ C:\Users\Talek\Downloads\[kat.cr]jason.derulo.everything.is.4.2015.l.audio.l.album.track.l.256.320kbps.l.vbr.l.mp3.l.sn3h1t87.torrent
2015-06-25 08:38 - 2015-06-27 01:50 - 00000219 _____ C:\Users\Talek\Desktop\ktown.txt
2015-06-17 22:48 - 2015-06-19 20:13 - 00002357 _____ C:\Users\Talek\Desktop\rebecca.txt
2015-06-17 22:27 - 2015-06-17 22:27 - 21288533 _____ C:\Users\Talek\Downloads\Salsa by Rebecca of SalsaOlé.mp4
2015-06-17 08:54 - 2015-06-17 08:54 - 00082824 _____ (BitDefender SRL) C:\WINDOWS\system32\Drivers\bdsandbox.sys
2015-06-17 08:25 - 2015-06-17 08:25 - 00000000 ____D C:\Users\Talek\AppData\Local\GWX
2015-06-17 08:21 - 2015-07-02 08:21 - 00000024 _____ C:\Users\Talek\AppData\Roaming\appdataFr25.bin
2015-06-17 08:21 - 2015-06-17 08:21 - 00003128 _____ C:\Users\Talek\Desktop\JRT.txt
2015-06-17 08:19 - 2015-06-17 08:19 - 02231296 _____ C:\Users\Talek\Downloads\adwcleaner_4.206 (1).exe
2015-06-17 08:18 - 2015-06-17 08:18 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-TALEK-PC-Windows-8.1-Pro-(64-bit).dat
2015-06-17 08:18 - 2015-06-17 08:18 - 00000000 ____D C:\RegBackup
2015-06-17 08:17 - 2015-06-17 08:17 - 02949914 _____ (Thisisu) C:\Users\Talek\Downloads\JRT.exe
2015-06-17 08:17 - 2015-06-17 08:17 - 02231296 _____ C:\Users\Talek\Downloads\adwcleaner_4.206.exe
2015-06-14 23:16 - 2015-06-14 23:16 - 00003576 _____ C:\WINDOWS\System32\Tasks\Bitdefender Autoscan
2015-06-14 23:09 - 2015-06-14 23:11 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-06-14 23:09 - 2015-06-14 23:09 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-06-14 23:09 - 2015-06-14 23:09 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-14 19:48 - 2015-06-14 20:04 - 00000000 ____D C:\Users\Talek\Desktop\New folder
2015-06-14 11:22 - 2015-06-14 11:22 - 15250314 _____ C:\Users\Talek\Downloads\Talek.zip
2015-06-14 11:22 - 2015-06-14 11:22 - 00000000 ____D C:\Users\Talek\Desktop\Talek
2015-06-12 19:17 - 2015-06-12 19:17 - 00484888 _____ C:\Users\Talek\Downloads\download.htm
2015-06-11 09:10 - 2015-01-05 23:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-06-11 09:10 - 2015-01-05 22:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-06-11 09:10 - 2015-01-05 21:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-06-11 09:10 - 2015-01-05 21:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-06-11 09:08 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-06-11 09:08 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-06-11 09:07 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-11 09:07 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-11 09:07 - 2015-05-22 09:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-11 09:07 - 2015-05-21 09:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-11 09:07 - 2015-05-21 09:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-11 09:07 - 2015-05-21 09:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-11 09:07 - 2015-05-21 09:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-11 09:07 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-11 09:07 - 2015-05-21 09:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-11 09:07 - 2015-04-16 18:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-11 09:07 - 2015-04-16 02:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-11 09:07 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-11 09:07 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-11 09:07 - 2015-04-08 18:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-11 09:07 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-11 09:07 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-11 09:07 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-11 09:07 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-11 09:07 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-11 09:07 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-11 09:07 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-11 09:07 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-11 09:07 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-06-11 09:06 - 2015-05-15 18:01 - 00133288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-06-11 09:06 - 2015-05-15 17:05 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-06-11 09:06 - 2015-05-15 16:47 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-06-11 09:06 - 2015-05-15 16:23 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-06-11 09:06 - 2015-05-15 15:42 - 03682304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-06-11 09:06 - 2015-05-15 15:32 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-06-11 09:06 - 2015-05-15 15:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-06-11 09:06 - 2015-05-15 15:28 - 02223104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-06-11 09:06 - 2015-05-15 15:28 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-06-11 09:06 - 2015-05-15 15:28 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-06-11 09:06 - 2015-05-15 15:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-06-11 09:06 - 2015-05-15 15:21 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-06-11 09:06 - 2015-05-15 15:21 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-06-11 09:06 - 2015-05-15 15:19 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-06-11 09:06 - 2015-05-15 15:19 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-06-11 09:06 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-11 09:06 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-11 09:06 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-11 09:06 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-11 09:06 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-11 09:06 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-11 09:06 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-11 09:06 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-11 09:06 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-11 09:06 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-11 09:06 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-11 09:06 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-11 09:06 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-11 09:06 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-11 09:06 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-11 09:06 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-11 09:06 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-06-11 09:06 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-06-11 09:06 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-06-11 09:06 - 2015-03-08 22:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-06-11 09:06 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-06-11 09:06 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-06-11 09:06 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-06-11 09:06 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-06-11 09:06 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-06-11 09:05 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-06-11 09:05 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-06-11 09:05 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-06-11 09:05 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-06-11 09:05 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-06-11 09:05 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-06-11 09:05 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-06-11 09:05 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-06-11 09:05 - 2015-03-17 13:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-06-11 09:05 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-06-11 09:05 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-06-11 09:05 - 2015-03-13 00:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-06-11 09:05 - 2015-03-13 00:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-06-11 09:05 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-06-11 09:05 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-06-11 09:05 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-06-11 09:05 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-06-11 09:05 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-06-11 09:05 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-06-11 09:05 - 2014-11-15 15:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-06-11 09:05 - 2014-11-15 02:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-06-11 09:05 - 2014-11-14 02:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-06-11 09:05 - 2014-11-14 01:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-06-11 09:05 - 2014-11-10 14:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-06-11 09:05 - 2014-11-10 14:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-06-11 09:05 - 2014-11-10 14:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-06-11 09:05 - 2014-11-10 14:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-06-11 09:05 - 2014-11-09 22:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-06-11 09:05 - 2014-11-09 21:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-06-11 09:05 - 2014-11-09 21:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-06-11 09:05 - 2014-11-09 21:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-06-11 09:05 - 2014-11-09 21:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-06-11 09:05 - 2014-11-09 21:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-06-11 09:05 - 2014-11-09 21:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-06-11 09:05 - 2014-11-09 21:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-06-11 09:05 - 2014-11-09 20:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-06-11 09:05 - 2014-11-09 20:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-06-11 09:05 - 2014-11-08 00:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-06-11 09:05 - 2014-11-07 23:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-06-11 09:05 - 2014-11-07 23:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-06-11 09:05 - 2014-11-07 23:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-06-11 09:05 - 2014-11-07 23:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-06-11 09:05 - 2014-11-07 23:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-06-11 09:05 - 2014-11-07 23:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-06-11 09:05 - 2014-11-07 23:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-06-11 09:05 - 2014-11-07 23:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-06-11 09:05 - 2014-11-07 22:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-06-11 09:05 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-06-11 09:05 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-06-11 09:05 - 2014-11-07 22:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-06-11 09:05 - 2014-11-07 21:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-06-11 09:05 - 2014-11-07 21:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-06-11 09:05 - 2014-11-06 23:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-06-11 09:05 - 2014-11-06 23:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-06-11 09:05 - 2014-11-04 22:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-06-11 09:05 - 2014-11-04 22:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-06-11 09:05 - 2014-11-04 22:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-06-11 09:05 - 2014-11-04 21:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-06-11 09:05 - 2014-11-04 21:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-06-11 09:05 - 2014-11-04 21:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-06-11 09:05 - 2014-11-04 21:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-06-11 09:05 - 2014-11-04 21:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-06-11 09:05 - 2014-11-04 21:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-06-11 09:05 - 2014-11-04 21:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-06-11 09:05 - 2014-11-04 21:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-06-11 09:05 - 2014-11-04 21:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-06-11 09:05 - 2014-11-04 21:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-06-11 09:05 - 2014-11-04 21:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-06-11 09:05 - 2014-11-04 15:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-06-11 09:05 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-06-11 09:05 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-06-11 09:05 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-06-11 09:05 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-06-11 09:05 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-06-11 09:05 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-06-11 09:05 - 2014-11-04 02:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-06-11 09:05 - 2014-11-04 01:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-06-11 09:05 - 2014-10-30 20:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-06-11 09:05 - 2014-10-30 20:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-06-11 09:05 - 2014-10-28 23:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-06-11 09:05 - 2014-10-28 21:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-06-11 09:05 - 2014-10-28 21:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-06-11 09:05 - 2014-10-20 21:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-06-11 09:05 - 2014-10-20 21:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-06-11 09:05 - 2014-10-20 20:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-06-11 09:05 - 2014-10-20 20:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-06-11 09:05 - 2014-10-20 20:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-06-11 09:05 - 2014-10-20 20:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-06-11 09:05 - 2014-10-20 20:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-06-11 09:05 - 2014-10-17 00:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-06-11 09:05 - 2014-10-16 23:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-06-11 09:04 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-06-11 09:04 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-06-11 09:04 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-06-11 09:04 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-06-11 09:04 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-06-11 09:04 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-06-11 09:04 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-06-11 09:04 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-06-11 09:04 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-06-11 09:04 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-06-11 09:04 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-11 09:04 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-11 09:04 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-06-11 09:04 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-06-11 09:04 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-06-11 09:04 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-06-11 09:04 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-06-11 09:04 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-06-11 09:04 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-06-11 09:04 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-06-11 09:03 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-06-11 09:03 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-06-11 09:03 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-06-11 09:03 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-06-11 09:03 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-06-11 09:03 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-06-11 09:03 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-06-11 09:03 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-06-11 09:03 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-06-11 09:03 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-06-11 09:03 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-06-11 09:03 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-06-11 09:03 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-06-11 09:03 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-06-11 09:03 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-06-11 09:03 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-06-11 09:03 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-06-11 09:03 - 2014-12-13 17:28 - 00513488 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-06-11 09:03 - 2014-12-13 17:28 - 00513488 _____ C:\WINDOWS\system32\locale.nls
2015-06-11 09:03 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-06-11 09:02 - 2014-11-17 16:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-06-11 09:02 - 2014-11-17 16:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-06-11 09:02 - 2014-11-14 02:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-06-11 09:02 - 2014-11-14 02:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-06-11 09:02 - 2014-11-09 22:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-06-11 09:02 - 2014-11-09 21:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-06-11 09:02 - 2014-10-30 19:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-06-11 09:02 - 2014-10-30 19:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-06-11 08:59 - 2015-06-11 22:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-11 08:59 - 2015-06-11 09:06 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-11 08:59 - 2015-06-11 08:59 - 00001407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-06-11 08:59 - 2015-06-11 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-06-11 08:59 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-06-11 08:56 - 2015-06-11 08:56 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Talek\Downloads\spybot-2.4.exe
2015-06-11 08:56 - 2015-06-11 08:56 - 05628161 _____ (Swearware) C:\Users\Talek\Downloads\ComboFix.exe
2015-06-10 06:14 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 06:14 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 06:14 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 06:14 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 06:14 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 06:14 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 06:14 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 06:14 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 06:14 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 06:14 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 06:14 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 06:14 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 06:14 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 06:14 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 06:14 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 06:14 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 06:14 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 06:14 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 06:14 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 06:14 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 06:14 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 06:14 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 06:14 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 06:14 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 06:14 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 06:14 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 06:14 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 06:14 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 06:14 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 06:14 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 06:14 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 06:14 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 06:14 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 06:14 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 06:14 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 06:14 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 06:14 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 06:14 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 06:14 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 06:14 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 06:14 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 06:14 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 06:14 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-08 18:11 - 2015-06-08 18:11 - 00000000 ____D C:\Users\Talek\AppData\Roaming\Shooter
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-03 08:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-03 08:00 - 2014-07-17 23:13 - 00000000 ____D C:\Users\Talek\AppData\Roaming\Skype
2015-07-03 07:46 - 2014-07-17 21:21 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-03 07:40 - 2014-07-22 20:15 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2012007196-1499415457-4251682393-1001UA.job
2015-07-03 07:11 - 2014-07-18 01:36 - 01515355 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-03 04:00 - 2014-07-18 00:37 - 00000000 ____D C:\ProgramData\Origin
2015-07-03 01:02 - 2014-09-01 23:53 - 00000000 ____D C:\Users\Talek\AppData\Roaming\TS3Client
2015-07-03 00:44 - 2014-07-17 22:48 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-02 23:40 - 2014-07-22 20:15 - 00000874 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2012007196-1499415457-4251682393-1001Core.job
2015-07-02 23:10 - 2014-07-18 00:58 - 00002244 ____H C:\Users\Talek\Documents\Default.rdp
2015-07-02 23:03 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-07-02 19:37 - 2014-11-12 22:10 - 00035979 _____ C:\WINDOWS\setupact.log
2015-07-02 13:46 - 2014-07-17 21:21 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-02 00:10 - 2014-03-18 06:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-02 00:09 - 2014-07-18 08:32 - 00000000 ___DO C:\Users\Talek\OneDrive
2015-07-02 00:09 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-02 00:05 - 2015-02-10 19:22 - 00000000 ____D C:\Users\Talek\AppData\Local\Deployment
2015-07-02 00:04 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-02 00:04 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-01 21:35 - 2014-07-18 17:57 - 00000000 ____D C:\Users\Talek\AppData\Local\FirestormOS_x64
2015-07-01 17:56 - 2014-07-27 14:10 - 01328640 ___SH C:\Users\Talek\Desktop\Thumbs.db
2015-07-01 04:00 - 2014-07-18 00:37 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-30 07:34 - 2014-07-17 21:26 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2012007196-1499415457-4251682393-1001
2015-06-30 07:24 - 2014-03-18 05:54 - 00073100 _____ C:\WINDOWS\PFRO.log
2015-06-30 07:23 - 2014-07-17 22:50 - 00000000 ____D C:\Users\Talek\AppData\Roaming\uTorrent
2015-06-24 11:45 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-20 15:00 - 2014-07-18 17:05 - 00000000 ____D C:\Users\Talek\AppData\Roaming\vlc
2015-06-19 23:02 - 2013-08-22 11:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-19 23:02 - 2013-08-22 11:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-17 08:55 - 2015-05-29 17:10 - 00000000 ____D C:\AdwCleaner
2015-06-17 08:23 - 2013-08-22 10:44 - 05281264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-15 00:50 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-15 00:32 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-06-14 23:10 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\SchCache
2015-06-14 23:09 - 2015-04-30 08:40 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-14 23:09 - 2014-07-18 01:34 - 00000000 ____D C:\Users\Talek
2015-06-14 23:09 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-14 23:09 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-06-14 23:09 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-14 23:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-06-14 23:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-06-14 23:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\setup
2015-06-14 23:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-14 23:09 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-06-11 09:00 - 2015-05-29 17:11 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-10 23:34 - 2014-07-17 23:13 - 00000000 ____D C:\ProgramData\Skype
2015-06-10 06:42 - 2014-07-17 21:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 06:39 - 2014-07-17 21:49 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-08 17:48 - 2015-04-09 22:32 - 00000000 ____D C:\Users\Talek\Documents\My Games
2015-06-08 16:10 - 2014-07-17 22:55 - 00000000 ____D C:\Users\Talek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-05 19:12 - 2014-07-18 00:43 - 00000000 ____D C:\Users\Talek\Documents\Temp
 
==================== Files in the root of some directories =======
 
2014-08-20 22:46 - 2015-01-20 20:47 - 0000132 _____ () C:\Users\Talek\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-06-17 08:21 - 2015-07-02 08:21 - 0000024 _____ () C:\Users\Talek\AppData\Roaming\appdataFr25.bin
2014-07-20 15:24 - 2014-07-20 15:24 - 0007605 _____ () C:\Users\Talek\AppData\Local\Resmon.ResmonCfg
2015-05-01 17:53 - 2015-05-07 08:29 - 0000800 _____ () C:\Users\Talek\AppData\Local\Temp-log.txt
2015-05-25 08:04 - 2015-05-25 08:04 - 0000000 _____ () C:\Users\Talek\AppData\Local\Temp.dat
2014-07-18 01:32 - 2014-07-18 01:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Talek\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\Talek\AppData\Local\Temp\ose00000.exe
C:\Users\Talek\AppData\Local\Temp\Quarantine.exe
C:\Users\Talek\AppData\Local\Temp\raptrpatch.exe
C:\Users\Talek\AppData\Local\Temp\raptr_stub.exe
C:\Users\Talek\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Talek\AppData\Local\Temp\sqlite3.dll
C:\Users\Talek\AppData\Local\Temp\tmp4F6E.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-25 03:51
 
==================== End of log ============================

Edited by talick, 03 July 2015 - 07:12 AM.


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:55 PM

Posted 03 July 2015 - 01:01 PM

Hi,

 

You forgot to post the Addition.txt log file.

Please attach it to your next reply.

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#5 talick

talick
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 03 July 2015 - 07:01 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Talek at 2015-07-03 08:04:25
Running from C:\Users\Talek\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2012007196-1499415457-4251682393-500 - Administrator - Disabled)
Guest (S-1-5-21-2012007196-1499415457-4251682393-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2012007196-1499415457-4251682393-1005 - Limited - Enabled)
Talek (S-1-5-21-2012007196-1499415457-4251682393-1001 - Administrator - Enabled) => C:\Users\Talek
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
1Click DVD Copy Pro 4.3.0.5 (HKLM-x32\...\1Click DVD Copy Pro_is1) (Version:  - LG Software Innovations)
Acoustica Mixcraft 6 (HKLM-x32\...\Acoustica Mixcraft 6) (Version: b196 - Acoustica)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F88356F5-1AA4-BBE9-E6CF-5B1CF179D052}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.1.0 - Asmedia Technology)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.28.0.1191 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - Treyarch)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD-Cloner V11.50 Build 1307 (HKLM-x32\...\DVD-Cloner 2014_is1) (Version: 11.50.0.1307 - OpenCloner Inc.)
Emergency Download Driver (HKLM-x32\...\{9ED72246-E35D-4B03-8369-605E82465A29}) (Version: 1.1.5.1416 - Nokia)
Firestorm SecondLife and OpenSim viewer (Version: 4.6.42398 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{5b0b9787-398d-46f9-ab2c-4f0ad6671f84}) (Version: 4.6.42398 - Phoenix Firestorm Project Inc)
Flash Update Installer (x32 Version: 1.5.0 - Nokia) Hidden
FortiClient SSLVPN v4.0.2300 (HKLM-x32\...\{A34DCE59-0004-0000-2300-3F8A9926B752}) (Version: 4.0.2300 - Fortinet Inc.)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Fuse Installer (x32 Version: 1.5.0 - Nokia) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft LifeCam (HKLM\...\{8EC9E7BB-2443-49B1-8476-490EBF932C2E}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mortal Kombat X (HKLM-x32\...\Steam App 307780) (Version:  - NetherRealm Studios)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Nokia Connectivity Cable Driver (HKLM-x32\...\{D4BF151C-70A8-4CE2-906F-4173A575BAD9}) (Version: 7.1.182.0 - Nokia)
Nokia Software Recovery Tool 1.5.0 (HKLM-x32\...\{c19d81de-9c3e-4550-ac22-38a0575397ee}) (Version: 1.5.0 - Nokia)
Nokia Software Recovery Tool 1.5.0 (x32 Version: 1.5.0 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PC Remote (HKLM-x32\...\{AC61D36B-5C3B-440D-9547-8CBCE7B78583}) (Version: 3.50 - PC Remote)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Product API Installer (x32 Version: 1.5.0 - Nokia) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SoundSwitch (HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\5e9d4b807286f8d3) (Version: 2.4.1.4 - Jeroen Pelgrims)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.125 - PandoraTV)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Uplay (HKLM-x32\...\Uplay) (Version: 5.2 - Ubisoft)
USB Serial Port Driver (HKLM-x32\...\{281A7FBF-9E98-4639-AC73-D205BBF979AA}) (Version: 1.1.4.1416 - Nokia)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\WinDirStat) (Version:  - )
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM-x32\...\{8ADD5526-3DEC-4151-AC39-DEE5CADBCFDC}) (Version: 1.1.7.1433 - Nokia)
WinUSB Drivers ext (HKLM-x32\...\{A0B1E1BF-BEF5-4748-800B-E54ED9CDF8CE}) (Version: 1.1.10.1426 - Nokia)
Zoom (HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\ZoomUMX) (Version: 3.0 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2012007196-1499415457-4251682393-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2012007196-1499415457-4251682393-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2012007196-1499415457-4251682393-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2012007196-1499415457-4251682393-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2012007196-1499415457-4251682393-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2012007196-1499415457-4251682393-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
17-06-2015 06:38:56 Scheduled Checkpoint
24-06-2015 11:44:49 Windows Update
28-06-2015 06:11:49 Windows Update
01-07-2015 06:42:49 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02CEA824-8DC8-492E-8128-857FABCD19C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.)
Task: {451A3931-E06A-4D00-85ED-AE79AACABB4C} - System32\Tasks\Orgin => C:\Program Files (x86)\Origin\Origin.exe [2015-07-01] (Electronic Arts)
Task: {68452CA8-FFC0-4D83-8E33-364BDA6D3421} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2012007196-1499415457-4251682393-1001UA => C:\Users\Talek\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-22] (Google Inc.)
Task: {6B5E388C-7CB5-46CC-86BE-AF5E3269C2C7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7338ED79-17D6-4099-9408-471AE3F4B5C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.)
Task: {7F0BCEFF-6F9E-4DB5-89D8-4C592B1CB441} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2012007196-1499415457-4251682393-1001Core => C:\Users\Talek\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-22] (Google Inc.)
Task: {8AD77B28-5DB4-43A9-8E11-3E1EDE25D644} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {B3BA5EF1-A052-4595-AB9D-65E01EF2EF18} - System32\Tasks\Bitdefender Autoscan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2014-08-13] (Bitdefender)
Task: {C7DDCE28-82BC-4161-AEA5-DDF586427622} - System32\Tasks\Close Origin => C:\killorigin.bat [2014-10-03] ()
Task: {F8F5836B-DEAC-48E2-9DC8-1A3C19883FE6} - System32\Tasks\{705576EE-DA5C-437E-8F08-67919E415A1C} => pcalua.exe -a "C:\Program Files (x86)\GOG.com\Neverwinter Nights Diamond Edition\nwn.exe" -d "C:\Program Files (x86)\GOG.com\Neverwinter Nights Diamond Edition\"
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2012007196-1499415457-4251682393-1001Core.job => C:\Users\Talek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2012007196-1499415457-4251682393-1001UA.job => C:\Users\Talek\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-18 00:03 - 2014-10-13 11:05 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-07-18 00:04 - 2014-08-13 05:22 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-07-18 00:04 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-07-18 00:04 - 2014-08-13 05:22 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2015-05-29 16:58 - 2015-05-29 16:58 - 00790368 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00350_004\ashttpbr.mdl
2015-05-29 16:58 - 2015-05-29 16:58 - 00711064 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00350_004\ashttpdsp.mdl
2015-05-29 16:58 - 2015-05-29 16:58 - 02683520 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00350_004\ashttpph.mdl
2015-05-29 16:58 - 2015-05-29 16:58 - 01326504 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00350_004\ashttprbl.mdl
2014-08-22 15:52 - 2014-08-22 15:52 - 00100984 _____ () C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-05 08:58 - 2015-02-05 08:58 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-07-18 00:04 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2014-07-18 18:14 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-12 05:49 - 2014-05-12 05:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-01-30 02:02 - 2014-01-30 02:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2015-06-11 08:59 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-11 08:59 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-11 08:59 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-11 08:59 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-11 08:59 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-22 13:47 - 2015-06-20 01:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 13:47 - 2015-06-20 01:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2014-10-13 11:06 - 2014-10-13 11:06 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2014-07-17 22:51 - 2015-04-16 13:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 17:14 - 2015-04-22 22:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-07-17 22:51 - 2015-06-04 14:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-19 17:14 - 2015-04-22 22:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 17:14 - 2015-04-22 22:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-08-29 07:58 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 07:58 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 07:58 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 07:58 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 07:58 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-07-17 22:50 - 2015-06-04 14:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-07-17 22:50 - 2015-05-11 15:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-07-17 22:33 - 2012-07-18 09:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Talek\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Talek\Downloads\0001-64bit_Win7_Win8_Win81_R275.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\adwcleaner_4.205.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\adwcleaner_4.206 (1).exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\adwcleaner_4.206.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\amd-catalyst-15.4beta-64bit-win8.1-apr9.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\battlelog-web-plugins_2.6.2_157.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\CG_5.0.14.7.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\Firefox Setup Stub 31.0.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\HitmanPro.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\mbam-setup-2.1.6.1022.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\spybot-2.4.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\UnityWebPlayer.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\UplayInstaller.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\WinMerge-2.14.0-Setup.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\Zoom_launcher (1).exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\Zoom_launcher.exe:BDU
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Talek\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 64.140.114.21 - 64.140.114.22
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\StartupApproved\Run: => "EADM"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{42133928-3C6C-4C0B-9C99-5E27BAE4A367}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{30D15A6A-B709-409D-8E87-15E3221DF554}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{F49DE139-0EEC-4F43-8115-8A7B192D03EA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{08562E6A-4FEB-46A3-9260-9631B30F24DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{460DA886-4F74-42B5-8C50-8B182E29DF38}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0F9FC18D-C29F-4520-A632-9BD0A7B127A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BB319D22-1396-403F-90BB-D43BA51A2251}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D2D61243-C3AD-4187-9511-2099172B58B0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{0B9AA85B-172C-4007-9CBC-E36E191C2963}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{D6069224-5B32-405A-A0D1-99211ABF68AF}] => (Allow) C:\Users\Talek\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{02BDAC6C-21D3-4E3D-92D5-4087C9E4F0D0}] => (Allow) C:\Users\Talek\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AA216AD0-611B-433F-BF27-6C51D7AD4FD6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{56883BF9-F177-4065-9EEA-5BFE9310A5F9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{96949291-5048-47AE-BF94-833D90FF3569}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EvolveAlpha\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{26490A8B-22A7-4A04-8496-A80515F1F9FD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EvolveAlpha\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{E519AE6B-D15C-4834-A492-DB4900DDC0C6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F97524C2-4751-446C-A474-4F1CF05A69F1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D90986EC-6467-41C9-A565-D262DDF5BA6E}] => (Allow) C:\Users\Talek\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{C75B08C3-274F-4FCB-867C-54C4F0FB1B13}] => (Allow) C:\Users\Talek\AppData\Roaming\Zoom\bin\airhost.exe
FirewallRules: [{6D90AD2F-76BB-4929-B10B-562A5CE54D4C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E11B3D73-8DC9-4F48-AB45-4067C0351787}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7F307350-DE27-425A-A5F8-F44CCE6A45B4}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{04B24394-21C6-484D-86E0-CAA9AE78D0E4}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{8869A6CA-1371-4766-9E46-463914BCCCAE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{A2F1CF13-BEED-4432-8B23-59CBA1CD4E74}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{C6F194DC-BE93-491F-A623-1457B0A4E078}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms NA\Launcher.exe
FirewallRules: [{1761ADFC-B3B1-405E-8303-9DC74D9F0622}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms NA\Launcher.exe
FirewallRules: [{78D2CABD-2785-49F6-8FB9-5DE6742A3036}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{2DDF9C55-F491-42DE-9C23-59EA4C132362}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{77CD86A1-56B0-4CFE-AD3E-7AF238E84931}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{04A784D3-8640-4E63-820B-D39DB45A6DC3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6F4B868B-8836-4555-B877-7AA8A5762421}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BDDA7773-D8E3-4021-8526-49DFF95BD776}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B420AF35-5389-4BA3-A345-EA9BB6EDBA5E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{2CAB30BA-64AE-4236-BDF9-4565117D8FF3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{9F317B16-9BFC-4171-ABB1-C282F4DE54C5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A5BCE802-9B0A-4BED-AE59-B46E9CDA4046}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rainbow Six Siege - Closed Alpha\RainbowSix.exe
FirewallRules: [{32F0C404-10FD-4353-8C03-0F398AA07A69}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rainbow Six Siege - Closed Alpha\RainbowSix.exe
FirewallRules: [{5C7AC37E-210B-4D83-A679-72C25E6E71F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{B97EAD7C-EB31-452C-92A7-D7CFA33CD423}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{82FFCB50-75C1-4701-B039-A6B39329EBB2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{B0A4580C-F453-4CB2-A852-AAEA1561A977}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{2611ECE4-5CDC-4D94-A5A9-F24CD91A7A8F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{31EAB3B4-9C52-401D-BC8B-86E7FACE3190}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{2E9574D2-CAFA-47A1-8428-2AAB24E5610A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/03/2015 04:35:09 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (07/02/2015 06:57:10 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (07/01/2015 06:42:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/30/2015 06:37:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShooterGame-Win32-Shipping.exe version 1.0.47058.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d94
 
Start Time: 01d0b3854bf8df81
 
Termination Time: 15
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
 
Report Id: 9ec15716-1f78-11e5-bea8-002522f524b0
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/28/2015 06:11:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/27/2015 00:28:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShooterGame-Win32-Shipping.exe version 1.0.47058.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 20b0
 
Start Time: 01d0b0919619b3c5
 
Termination Time: 17
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
 
Report Id: e7c30498-1c84-11e5-bea7-002522f524b0
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/26/2015 04:05:34 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (06/24/2015 11:44:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/19/2015 03:35:37 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (06/18/2015 10:38:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShooterGame-Win32-Shipping.exe version 1.0.46972.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 15b8
 
Start Time: 01d0aa38e1f0ee6e
 
Termination Time: 17
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
 
Report Id: 3a54f20d-162c-11e5-bea7-002522f524b0
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (07/03/2015 07:01:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0244: Intel Corporation driver update for Intel® HD Graphics 3000.
 
Error: (07/03/2015 04:35:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0244: Intel Corporation driver update for Intel® HD Graphics 3000.
 
Error: (07/02/2015 06:57:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0244: Intel Corporation driver update for Intel® HD Graphics 3000.
 
Error: (07/01/2015 06:49:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0244: Intel Corporation driver update for Intel® HD Graphics 3000.
 
Error: (07/01/2015 06:43:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0244: Intel Corporation driver update for Intel® HD Graphics 3000.
 
Error: (06/30/2015 06:39:01 PM) (Source: Schannel) (EventID: 4108) (User: TALEK-PC)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The SSL connection request has failed. The attached data contains the server certificate.
 
Error: (06/30/2015 06:39:01 PM) (Source: Schannel) (EventID: 4120) (User: TALEK-PC)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.
 
Error: (06/30/2015 07:25:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (06/30/2015 07:25:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (06/30/2015 05:38:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0244: Intel Corporation driver update for Intel® HD Graphics 3000.
 
 
Microsoft Office:
=========================
Error: (07/03/2015 04:35:09 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)
 
Error: (07/02/2015 06:57:10 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)
 
Error: (07/01/2015 06:42:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (06/30/2015 06:37:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ShooterGame-Win32-Shipping.exe1.0.47058.0d9401d0b3854bf8df8115C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe9ec15716-1f78-11e5-bea8-002522f524b0
 
Error: (06/28/2015 06:11:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (06/27/2015 00:28:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ShooterGame-Win32-Shipping.exe1.0.47058.020b001d0b0919619b3c517C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exee7c30498-1c84-11e5-bea7-002522f524b0
 
Error: (06/26/2015 04:05:34 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)
 
Error: (06/24/2015 11:44:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (06/19/2015 03:35:37 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)
 
Error: (06/18/2015 10:38:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ShooterGame-Win32-Shipping.exe1.0.46972.015b801d0aa38e1f0ee6e17C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe3a54f20d-162c-11e5-bea7-002522f524b0
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 36%
Total physical RAM: 8103.51 MB
Available physical RAM: 5159.32 MB
Total Pagefile: 9703.51 MB
Available Pagefile: 5815.73 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:238.13 GB) (Free:49.96 GB) NTFS
Drive d: () (Fixed) (Total:465.25 GB) (Free:390.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 8F1E493D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7FF1F748)
 
Partition: GPT Partition Type.
 
==================== End of log ============================


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:55 PM

Posted 04 July 2015 - 01:15 AM

Hi,

 

 

 

STEP 1

 

 

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

 

We need to downgrade Google Chrome to the latest stable release. The adware has updated your browser to the developer version where Chrome internal checks are disabled and the adware will reinstall the malicious extensions periodically again if not downgraded...

Make sure that you export your passwords and favorites/bookmarks if you have any before you proceed with the steps below.

Check the links below for more information:

How to Export Bookmarks from Chrome.

How To Backup Saved Passwords In Google Chrome Browser (the file is wrongly detected by antivirus software as malware but it's safe to use).

 

Create a new Restore Point before you proceed just in case.

Now please download and install Revo Uninstaller 1.95.
Then please run Revo Uninstaller and select Google Chrome.
Please click Uninstall icon to uninstall the selected program.
Please choose Advanced.
Then click Next and follow the prompts.
Please click Select All and Delete to delete all registry items, folders and files listed by Revo.
If asked to restart the computer, please do so.

 

 

 

STEP 2

 

 

Now you can reinstall Google Chrome to the latest stable build Google Chrome 43.0.2357.130 Stable and let me know are things now.

 

 

 

STEP 3

 

 

Run a new scan with FRST (make sure that Addition.txt is checked before you press the SCAN button) and then post both logs in your next reply for my review.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 talick

talick
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 04 July 2015 - 10:48 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Talek (administrator) on TALEK-PC on 04-07-2015 11:46:54
Running from C:\Users\Talek\Downloads
Loaded Profiles: Talek (Available Profiles: Talek)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Fortinet Inc.) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(PC Remote) C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\pmbxcrnmh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1757520 2014-12-08] (Bitdefender)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-03-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-07-01] (Electronic Arts)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [Google Update] => C:\Users\Talek\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-22] (Google Inc.)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [PC Remote Server] => C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe [1189624 2014-05-07] (PC Remote)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28787840 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\Run: [GoogleChromeAutoLaunch_21638E2EF2F0F200A3503589A96E9416] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\MountPoints2: {bc952157-0e15-11e4-be66-806e6f6e6963} - "D:\setup.exe" 
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
Startup: C:\Users\Talek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundSwitch.appref-ms [2015-02-10] ()
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 64.140.114.21 64.140.114.22 64.140.114.23
Tcpip\..\Interfaces\{7F35CD55-23DF-4E6C-AF7D-6E0D6C45D1B7}: [DhcpNameServer] 64.140.114.21 64.140.114.22 64.140.114.23
 
FireFox:
========
FF ProfilePath: C:\Users\Talek\AppData\Roaming\Mozilla\Firefox\Profiles\68eaxt15.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll [2014-07-22] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll [2014-04-09] (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccpluginex.dll [2014-04-09] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll [2014-04-09] (Fortinet Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2012007196-1499415457-4251682393-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Talek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2012007196-1499415457-4251682393-1001: @talk.google.com/O1DPlugin -> C:\Users\Talek\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2012007196-1499415457-4251682393-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2012007196-1499415457-4251682393-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2012007196-1499415457-4251682393-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Talek\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2014-08-28] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Talek\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Talek\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Selenium IDE: C# Formatters - C:\Users\Talek\AppData\Roaming\Mozilla\Firefox\Profiles\68eaxt15.default\Extensions\csharpformatters@seleniumhq.org.xpi [2014-08-21]
FF Extension: Selenium IDE: Java Formatters - C:\Users\Talek\AppData\Roaming\Mozilla\Firefox\Profiles\68eaxt15.default\Extensions\javaformatters@seleniumhq.org.xpi [2014-08-21]
FF Extension: Selenium IDE: Python Formatters - C:\Users\Talek\AppData\Roaming\Mozilla\Firefox\Profiles\68eaxt15.default\Extensions\pythonformatters@seleniumhq.org.xpi [2014-08-21]
FF Extension: Selenium IDE: Ruby Formatters - C:\Users\Talek\AppData\Roaming\Mozilla\Firefox\Profiles\68eaxt15.default\Extensions\rubyformatters@seleniumhq.org.xpi [2014-08-21]
FF Extension: Selenium IDE Button - C:\Users\Talek\AppData\Roaming\Mozilla\Firefox\Profiles\68eaxt15.default\Extensions\selenium_ide_buttons@egarracingteam.com.ar.xpi [2014-08-21]
FF Extension: Selenium IDE - C:\Users\Talek\AppData\Roaming\Mozilla\Firefox\Profiles\68eaxt15.default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2014-08-21]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-07-18]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-07-18]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
 
Chrome: 
=======
CHR Profile: C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-04]
CHR Extension: (YouTube) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-04]
CHR Extension: (Bitdefender Wallet) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2015-07-04]
CHR Extension: (Adblock Plus) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-04]
CHR Extension: (Google Search) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-04]
CHR Extension: (Pin It Button) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-07-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-04]
CHR Extension: (Google Wallet) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-04]
CHR Extension: (Fade to White Aero Skin (by Skarv)) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekemfmehiakocmomemagciajlikigkl [2015-07-04]
CHR Extension: (Gmail) - C:\Users\Talek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-04]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-12-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe [100984 2014-08-22] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 FortiSslvpnDaemon; C:\WINDOWS\SysWOW64\FortiSSLVPNdaemon.exe [954080 2014-04-09] (Fortinet Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-01] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-02-05] ()
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1538672 2014-12-08] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-12-20] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-12-08] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [263032 2014-12-08] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-01-30] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-07-17] (Disc Soft Ltd)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-09-27] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 pppop; C:\Windows\system32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-12-08] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-07-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-04 11:45 - 2015-07-04 11:45 - 00002279 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-04 11:45 - 2015-07-04 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-04 08:03 - 2015-07-04 08:03 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Talek\Downloads\revosetup.exe
2015-07-04 08:03 - 2015-07-04 08:03 - 00001284 _____ C:\Users\Talek\Desktop\Revo Uninstaller.lnk
2015-07-04 08:03 - 2015-07-04 08:03 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-04 08:02 - 2015-07-04 08:02 - 00129906 _____ C:\Users\Talek\Desktop\bookmarks_7_4_15.html
2015-07-04 01:45 - 2015-07-04 08:01 - 00000000 ____D C:\Users\Talek\Downloads\Celldweller - End of an Empire Chapter 03 Dreams (2015)
2015-07-04 01:45 - 2015-07-04 01:45 - 00014414 _____ C:\Users\Talek\Downloads\[kat.cr]celldweller.end.of.an.empire.chapter.03.dreams.2015.torrent
2015-07-03 08:09 - 2015-07-03 08:09 - 00069782 _____ C:\Users\Talek\Desktop\FRST.txt
2015-07-03 08:09 - 2015-07-03 08:09 - 00040811 _____ C:\Users\Talek\Desktop\Addition.txt
2015-07-03 08:04 - 2015-07-04 11:46 - 00026455 _____ C:\Users\Talek\Downloads\FRST.txt
2015-07-03 08:04 - 2015-07-03 08:04 - 00040811 _____ C:\Users\Talek\Downloads\Addition.txt
2015-07-03 08:03 - 2015-07-04 11:46 - 00000000 ____D C:\FRST
2015-07-03 08:03 - 2015-07-03 08:03 - 02112512 _____ (Farbar) C:\Users\Talek\Downloads\FRST64.exe
2015-07-03 07:44 - 2015-07-03 07:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Talek\Downloads\HijackThis.exe
2015-07-03 07:44 - 2015-07-03 07:44 - 00014188 _____ C:\Users\Talek\Downloads\hijackthis.log
2015-06-25 23:04 - 2015-06-25 23:04 - 00018234 _____ C:\Users\Talek\Downloads\[kat.cr]flo.rida.my.house.2015.torrent
2015-06-25 22:45 - 2015-06-25 22:45 - 00014050 _____ C:\Users\Talek\Downloads\[kat.cr]tiesto.kshmr.feat.vassy.secrets.original.mix.320.kbps.edm.rg.torrent
2015-06-25 22:45 - 2015-06-25 22:45 - 00010943 _____ C:\Users\Talek\Downloads\[kat.cr]r3hab.kshmr.karate.original.mix.spinnin.records.edm.rg.320kbps.torrent
2015-06-25 22:29 - 2015-06-25 22:29 - 00003619 _____ C:\Users\Talek\Downloads\[kat.cr]fall.out.boy.american.beauty.american.psycho.2015.320kbps.mp3.sneakytpb.torrent
2015-06-25 22:25 - 2015-06-25 22:25 - 00017048 _____ C:\Users\Talek\Downloads\[kat.cr]steve.aoki.neon.future.i.ii.cdrip.torrent
2015-06-25 22:23 - 2015-06-25 22:23 - 00019874 _____ C:\Users\Talek\Downloads\[kat.cr]awolnation.run.2015.itunes.plus.m4a.pirate.shovon.torrent
2015-06-25 22:21 - 2015-06-25 22:21 - 00019783 _____ C:\Users\Talek\Downloads\[kat.cr]zedd.true.colors.2015.album.320.kbps.edm.rg.torrent
2015-06-25 22:19 - 2015-06-25 22:19 - 00024023 _____ C:\Users\Talek\Downloads\[kat.cr]richy.nix.discography.channel.neo.torrent
2015-06-25 22:17 - 2015-06-25 22:17 - 00001848 _____ C:\Users\Talek\Downloads\[kat.cr]major.lazer.peace.is.the.mission.2015.album.cdrip.mp3.320.kbps.tx.torrent
2015-06-25 22:16 - 2015-06-25 22:16 - 00018465 _____ C:\Users\Talek\Downloads\[kat.cr]nicki.minaj.pinkprint.deluxe.mp3.2014.torrent
2015-06-25 22:14 - 2015-06-25 22:15 - 00013843 _____ C:\Users\Talek\Downloads\[kat.cr]jason.derulo.everything.is.4.2015.l.audio.l.album.track.l.256.320kbps.l.vbr.l.mp3.l.sn3h1t87.torrent
2015-06-25 08:38 - 2015-06-27 01:50 - 00000219 _____ C:\Users\Talek\Desktop\ktown.txt
2015-06-17 22:48 - 2015-06-19 20:13 - 00002357 _____ C:\Users\Talek\Desktop\rebecca.txt
2015-06-17 22:27 - 2015-06-17 22:27 - 21288533 _____ C:\Users\Talek\Downloads\Salsa by Rebecca of SalsaOlé.mp4
2015-06-17 08:54 - 2015-06-17 08:54 - 00082824 _____ (BitDefender SRL) C:\WINDOWS\system32\Drivers\bdsandbox.sys
2015-06-17 08:25 - 2015-06-17 08:25 - 00000000 ____D C:\Users\Talek\AppData\Local\GWX
2015-06-17 08:21 - 2015-07-02 08:21 - 00000024 _____ C:\Users\Talek\AppData\Roaming\appdataFr25.bin
2015-06-17 08:21 - 2015-06-17 08:21 - 00003128 _____ C:\Users\Talek\Desktop\JRT.txt
2015-06-17 08:19 - 2015-06-17 08:19 - 02231296 _____ C:\Users\Talek\Downloads\adwcleaner_4.206 (1).exe
2015-06-17 08:18 - 2015-06-17 08:18 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-TALEK-PC-Windows-8.1-Pro-(64-bit).dat
2015-06-17 08:18 - 2015-06-17 08:18 - 00000000 ____D C:\RegBackup
2015-06-17 08:17 - 2015-06-17 08:17 - 02949914 _____ (Thisisu) C:\Users\Talek\Downloads\JRT.exe
2015-06-17 08:17 - 2015-06-17 08:17 - 02231296 _____ C:\Users\Talek\Downloads\adwcleaner_4.206.exe
2015-06-14 23:16 - 2015-06-14 23:16 - 00003576 _____ C:\WINDOWS\System32\Tasks\Bitdefender Autoscan
2015-06-14 23:09 - 2015-06-14 23:11 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-06-14 23:09 - 2015-06-14 23:09 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-06-14 23:09 - 2015-06-14 23:09 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-14 19:48 - 2015-06-14 20:04 - 00000000 ____D C:\Users\Talek\Desktop\New folder
2015-06-14 11:22 - 2015-06-14 11:22 - 15250314 _____ C:\Users\Talek\Downloads\Talek.zip
2015-06-14 11:22 - 2015-06-14 11:22 - 00000000 ____D C:\Users\Talek\Desktop\Talek
2015-06-12 19:17 - 2015-06-12 19:17 - 00484888 _____ C:\Users\Talek\Downloads\download.htm
2015-06-11 09:10 - 2015-01-05 23:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-06-11 09:10 - 2015-01-05 22:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-06-11 09:10 - 2015-01-05 21:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-06-11 09:10 - 2015-01-05 21:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-06-11 09:08 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-06-11 09:08 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-06-11 09:07 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-11 09:07 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-11 09:07 - 2015-05-22 09:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-11 09:07 - 2015-05-21 09:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-11 09:07 - 2015-05-21 09:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-11 09:07 - 2015-05-21 09:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-11 09:07 - 2015-05-21 09:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-11 09:07 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-11 09:07 - 2015-05-21 09:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-11 09:07 - 2015-04-16 18:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-11 09:07 - 2015-04-16 02:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-11 09:07 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-11 09:07 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-11 09:07 - 2015-04-08 18:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-11 09:07 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-11 09:07 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-11 09:07 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-11 09:07 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-11 09:07 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-11 09:07 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-11 09:07 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-11 09:07 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-11 09:07 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-06-11 09:06 - 2015-05-15 18:01 - 00133288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-06-11 09:06 - 2015-05-15 17:05 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-06-11 09:06 - 2015-05-15 16:47 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-06-11 09:06 - 2015-05-15 16:23 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-06-11 09:06 - 2015-05-15 15:42 - 03682304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-06-11 09:06 - 2015-05-15 15:32 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-06-11 09:06 - 2015-05-15 15:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-06-11 09:06 - 2015-05-15 15:28 - 02223104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-06-11 09:06 - 2015-05-15 15:28 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-06-11 09:06 - 2015-05-15 15:28 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-06-11 09:06 - 2015-05-15 15:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-06-11 09:06 - 2015-05-15 15:21 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-06-11 09:06 - 2015-05-15 15:21 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-06-11 09:06 - 2015-05-15 15:19 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-06-11 09:06 - 2015-05-15 15:19 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-06-11 09:06 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-11 09:06 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-11 09:06 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-11 09:06 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-11 09:06 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-11 09:06 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-11 09:06 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-11 09:06 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-11 09:06 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-11 09:06 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-11 09:06 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-11 09:06 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-11 09:06 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-11 09:06 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-11 09:06 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-11 09:06 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-11 09:06 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-06-11 09:06 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-06-11 09:06 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-06-11 09:06 - 2015-03-08 22:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-06-11 09:06 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-06-11 09:06 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-06-11 09:06 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-06-11 09:06 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-06-11 09:06 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-06-11 09:05 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-06-11 09:05 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-06-11 09:05 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-06-11 09:05 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-06-11 09:05 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-06-11 09:05 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-06-11 09:05 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-06-11 09:05 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-06-11 09:05 - 2015-03-17 13:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-06-11 09:05 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-06-11 09:05 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-06-11 09:05 - 2015-03-13 00:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-06-11 09:05 - 2015-03-13 00:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-06-11 09:05 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-06-11 09:05 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-06-11 09:05 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-06-11 09:05 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-06-11 09:05 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-06-11 09:05 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-06-11 09:05 - 2014-11-15 15:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-06-11 09:05 - 2014-11-15 02:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-06-11 09:05 - 2014-11-14 02:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-06-11 09:05 - 2014-11-14 01:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-06-11 09:05 - 2014-11-10 14:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-06-11 09:05 - 2014-11-10 14:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-06-11 09:05 - 2014-11-10 14:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-06-11 09:05 - 2014-11-10 14:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-06-11 09:05 - 2014-11-09 22:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-06-11 09:05 - 2014-11-09 21:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-06-11 09:05 - 2014-11-09 21:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-06-11 09:05 - 2014-11-09 21:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-06-11 09:05 - 2014-11-09 21:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-06-11 09:05 - 2014-11-09 21:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-06-11 09:05 - 2014-11-09 21:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-06-11 09:05 - 2014-11-09 21:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-06-11 09:05 - 2014-11-09 20:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-06-11 09:05 - 2014-11-09 20:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-06-11 09:05 - 2014-11-08 00:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-06-11 09:05 - 2014-11-07 23:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-06-11 09:05 - 2014-11-07 23:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-06-11 09:05 - 2014-11-07 23:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-06-11 09:05 - 2014-11-07 23:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-06-11 09:05 - 2014-11-07 23:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-06-11 09:05 - 2014-11-07 23:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-06-11 09:05 - 2014-11-07 23:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-06-11 09:05 - 2014-11-07 23:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-06-11 09:05 - 2014-11-07 22:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-06-11 09:05 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-06-11 09:05 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-06-11 09:05 - 2014-11-07 22:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-06-11 09:05 - 2014-11-07 21:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-06-11 09:05 - 2014-11-07 21:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-06-11 09:05 - 2014-11-06 23:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-06-11 09:05 - 2014-11-06 23:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-06-11 09:05 - 2014-11-04 22:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-06-11 09:05 - 2014-11-04 22:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-06-11 09:05 - 2014-11-04 22:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-06-11 09:05 - 2014-11-04 21:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-06-11 09:05 - 2014-11-04 21:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-06-11 09:05 - 2014-11-04 21:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-06-11 09:05 - 2014-11-04 21:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-06-11 09:05 - 2014-11-04 21:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-06-11 09:05 - 2014-11-04 21:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-06-11 09:05 - 2014-11-04 21:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-06-11 09:05 - 2014-11-04 21:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-06-11 09:05 - 2014-11-04 21:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-06-11 09:05 - 2014-11-04 21:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-06-11 09:05 - 2014-11-04 21:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-06-11 09:05 - 2014-11-04 15:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-06-11 09:05 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-06-11 09:05 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-06-11 09:05 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-06-11 09:05 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-06-11 09:05 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-06-11 09:05 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-06-11 09:05 - 2014-11-04 02:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-06-11 09:05 - 2014-11-04 01:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-06-11 09:05 - 2014-10-30 20:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-06-11 09:05 - 2014-10-30 20:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-06-11 09:05 - 2014-10-28 23:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-06-11 09:05 - 2014-10-28 21:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-06-11 09:05 - 2014-10-28 21:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-06-11 09:05 - 2014-10-20 21:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-06-11 09:05 - 2014-10-20 21:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-06-11 09:05 - 2014-10-20 20:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-06-11 09:05 - 2014-10-20 20:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-06-11 09:05 - 2014-10-20 20:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-06-11 09:05 - 2014-10-20 20:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-06-11 09:05 - 2014-10-20 20:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-06-11 09:05 - 2014-10-17 00:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-06-11 09:05 - 2014-10-16 23:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-06-11 09:04 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-06-11 09:04 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-06-11 09:04 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-06-11 09:04 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-06-11 09:04 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-06-11 09:04 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-06-11 09:04 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-06-11 09:04 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-06-11 09:04 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-06-11 09:04 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-06-11 09:04 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-11 09:04 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-11 09:04 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-06-11 09:04 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-06-11 09:04 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-06-11 09:04 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-06-11 09:04 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-06-11 09:04 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-06-11 09:04 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-06-11 09:04 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-06-11 09:03 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-06-11 09:03 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-06-11 09:03 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-06-11 09:03 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-06-11 09:03 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-06-11 09:03 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-06-11 09:03 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-06-11 09:03 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-06-11 09:03 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-06-11 09:03 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-06-11 09:03 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-06-11 09:03 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-06-11 09:03 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-06-11 09:03 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-06-11 09:03 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-06-11 09:03 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-06-11 09:03 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-06-11 09:03 - 2014-12-13 17:28 - 00513488 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-06-11 09:03 - 2014-12-13 17:28 - 00513488 _____ C:\WINDOWS\system32\locale.nls
2015-06-11 09:03 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-06-11 09:02 - 2014-11-17 16:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-06-11 09:02 - 2014-11-17 16:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-06-11 09:02 - 2014-11-14 02:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-06-11 09:02 - 2014-11-14 02:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-06-11 09:02 - 2014-11-09 22:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-06-11 09:02 - 2014-11-09 21:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-06-11 09:02 - 2014-10-30 19:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-06-11 09:02 - 2014-10-30 19:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-06-11 08:59 - 2015-06-11 22:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-11 08:59 - 2015-06-11 09:06 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-11 08:59 - 2015-06-11 08:59 - 00001407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-06-11 08:59 - 2015-06-11 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-06-11 08:59 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-06-11 08:56 - 2015-06-11 08:56 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Talek\Downloads\spybot-2.4.exe
2015-06-11 08:56 - 2015-06-11 08:56 - 05628161 _____ (Swearware) C:\Users\Talek\Downloads\ComboFix.exe
2015-06-10 06:14 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 06:14 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 06:14 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 06:14 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 06:14 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 06:14 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 06:14 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 06:14 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 06:14 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 06:14 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 06:14 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 06:14 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 06:14 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 06:14 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 06:14 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 06:14 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 06:14 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 06:14 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 06:14 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 06:14 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 06:14 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 06:14 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 06:14 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 06:14 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 06:14 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 06:14 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 06:14 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 06:14 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 06:14 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 06:14 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 06:14 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 06:14 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 06:14 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 06:14 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 06:14 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 06:14 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 06:14 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 06:14 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 06:14 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 06:14 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 06:14 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 06:14 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 06:14 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-08 18:11 - 2015-06-08 18:11 - 00000000 ____D C:\Users\Talek\AppData\Roaming\Shooter
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-04 11:46 - 2014-07-17 21:21 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-04 11:44 - 2014-07-17 23:13 - 00000000 ____D C:\Users\Talek\AppData\Roaming\Skype
2015-07-04 11:43 - 2014-11-12 22:10 - 00036210 _____ C:\WINDOWS\setupact.log
2015-07-04 11:43 - 2014-07-18 08:32 - 00000000 ___DO C:\Users\Talek\OneDrive
2015-07-04 11:43 - 2014-07-17 22:48 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-04 11:43 - 2014-07-17 21:21 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-04 11:43 - 2014-03-18 05:54 - 00217612 _____ C:\WINDOWS\PFRO.log
2015-07-04 11:43 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-04 11:42 - 2014-07-18 17:57 - 00000000 ____D C:\Users\Talek\AppData\Local\FirestormOS_x64
2015-07-04 11:42 - 2014-07-18 01:36 - 01587124 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-04 11:42 - 2014-07-17 22:50 - 00000000 ____D C:\Users\Talek\AppData\Roaming\uTorrent
2015-07-04 11:42 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-04 11:40 - 2014-07-22 20:15 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2012007196-1499415457-4251682393-1001UA.job
2015-07-04 11:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-04 10:56 - 2014-07-17 21:26 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2012007196-1499415457-4251682393-1001
2015-07-04 10:41 - 2014-12-12 18:49 - 00000000 __SHD C:\Users\Talek\AppData\Local\EmieBrowserModeList
2015-07-04 10:41 - 2014-07-23 22:37 - 00000000 __SHD C:\Users\Talek\AppData\Local\EmieUserList
2015-07-04 10:41 - 2014-07-23 22:37 - 00000000 __SHD C:\Users\Talek\AppData\Local\EmieSiteList
2015-07-04 08:09 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-04 04:00 - 2014-07-18 00:37 - 00000000 ____D C:\ProgramData\Origin
2015-07-03 23:40 - 2014-07-22 20:15 - 00000874 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2012007196-1499415457-4251682393-1001Core.job
2015-07-03 01:02 - 2014-09-01 23:53 - 00000000 ____D C:\Users\Talek\AppData\Roaming\TS3Client
2015-07-02 23:10 - 2014-07-18 00:58 - 00002244 ____H C:\Users\Talek\Documents\Default.rdp
2015-07-02 23:03 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-07-02 00:10 - 2014-03-18 06:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-02 00:05 - 2015-02-10 19:22 - 00000000 ____D C:\Users\Talek\AppData\Local\Deployment
2015-07-01 17:56 - 2014-07-27 14:10 - 01328640 ___SH C:\Users\Talek\Desktop\Thumbs.db
2015-07-01 04:00 - 2014-07-18 00:37 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-24 11:45 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-20 15:00 - 2014-07-18 17:05 - 00000000 ____D C:\Users\Talek\AppData\Roaming\vlc
2015-06-19 23:02 - 2013-08-22 11:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-19 23:02 - 2013-08-22 11:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-17 08:55 - 2015-05-29 17:10 - 00000000 ____D C:\AdwCleaner
2015-06-17 08:23 - 2013-08-22 10:44 - 05281264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-15 00:50 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-15 00:32 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-06-14 23:10 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\SchCache
2015-06-14 23:09 - 2015-04-30 08:40 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-14 23:09 - 2014-07-18 01:34 - 00000000 ____D C:\Users\Talek
2015-06-14 23:09 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-14 23:09 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-06-14 23:09 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-14 23:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-06-14 23:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-06-14 23:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\setup
2015-06-14 23:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-14 23:09 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-06-11 09:00 - 2015-05-29 17:11 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-10 23:34 - 2014-07-17 23:13 - 00000000 ____D C:\ProgramData\Skype
2015-06-10 06:42 - 2014-07-17 21:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 06:39 - 2014-07-17 21:49 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-08 17:48 - 2015-04-09 22:32 - 00000000 ____D C:\Users\Talek\Documents\My Games
2015-06-08 16:10 - 2014-07-17 22:55 - 00000000 ____D C:\Users\Talek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-05 19:12 - 2014-07-18 00:43 - 00000000 ____D C:\Users\Talek\Documents\Temp
 
==================== Files in the root of some directories =======
 
2014-08-20 22:46 - 2015-01-20 20:47 - 0000132 _____ () C:\Users\Talek\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-06-17 08:21 - 2015-07-02 08:21 - 0000024 _____ () C:\Users\Talek\AppData\Roaming\appdataFr25.bin
2014-07-20 15:24 - 2014-07-20 15:24 - 0007605 _____ () C:\Users\Talek\AppData\Local\Resmon.ResmonCfg
2015-05-01 17:53 - 2015-05-07 08:29 - 0000800 _____ () C:\Users\Talek\AppData\Local\Temp-log.txt
2015-05-25 08:04 - 2015-05-25 08:04 - 0000000 _____ () C:\Users\Talek\AppData\Local\Temp.dat
2014-07-18 01:32 - 2014-07-18 01:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Talek\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\Talek\AppData\Local\Temp\ose00000.exe
C:\Users\Talek\AppData\Local\Temp\Quarantine.exe
C:\Users\Talek\AppData\Local\Temp\raptrpatch.exe
C:\Users\Talek\AppData\Local\Temp\raptr_stub.exe
C:\Users\Talek\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Talek\AppData\Local\Temp\sqlite3.dll
C:\Users\Talek\AppData\Local\Temp\tmp4F6E.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-04 05:28
 
==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Talek at 2015-07-04 11:47:26
Running from C:\Users\Talek\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2012007196-1499415457-4251682393-500 - Administrator - Disabled)
Guest (S-1-5-21-2012007196-1499415457-4251682393-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2012007196-1499415457-4251682393-1005 - Limited - Enabled)
Talek (S-1-5-21-2012007196-1499415457-4251682393-1001 - Administrator - Enabled) => C:\Users\Talek
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
1Click DVD Copy Pro 4.3.0.5 (HKLM-x32\...\1Click DVD Copy Pro_is1) (Version:  - LG Software Innovations)
Acoustica Mixcraft 6 (HKLM-x32\...\Acoustica Mixcraft 6) (Version: b196 - Acoustica)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F88356F5-1AA4-BBE9-E6CF-5B1CF179D052}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.1.0 - Asmedia Technology)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.28.0.1191 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - Treyarch)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Emergency Download Driver (HKLM-x32\...\{9ED72246-E35D-4B03-8369-605E82465A29}) (Version: 1.1.5.1416 - Nokia)
Firestorm SecondLife and OpenSim viewer (Version: 4.6.42398 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{5b0b9787-398d-46f9-ab2c-4f0ad6671f84}) (Version: 4.6.42398 - Phoenix Firestorm Project Inc)
Flash Update Installer (x32 Version: 1.5.0 - Nokia) Hidden
FortiClient SSLVPN v4.0.2300 (HKLM-x32\...\{A34DCE59-0004-0000-2300-3F8A9926B752}) (Version: 4.0.2300 - Fortinet Inc.)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Fuse Installer (x32 Version: 1.5.0 - Nokia) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft LifeCam (HKLM\...\{8EC9E7BB-2443-49B1-8476-490EBF932C2E}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mortal Kombat X (HKLM-x32\...\Steam App 307780) (Version:  - NetherRealm Studios)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Nokia Connectivity Cable Driver (HKLM-x32\...\{D4BF151C-70A8-4CE2-906F-4173A575BAD9}) (Version: 7.1.182.0 - Nokia)
Nokia Software Recovery Tool 1.5.0 (HKLM-x32\...\{c19d81de-9c3e-4550-ac22-38a0575397ee}) (Version: 1.5.0 - Nokia)
Nokia Software Recovery Tool 1.5.0 (x32 Version: 1.5.0 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PC Remote (HKLM-x32\...\{AC61D36B-5C3B-440D-9547-8CBCE7B78583}) (Version: 3.50 - PC Remote)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Product API Installer (x32 Version: 1.5.0 - Nokia) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SoundSwitch (HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\5e9d4b807286f8d3) (Version: 2.4.1.4 - Jeroen Pelgrims)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.125 - PandoraTV)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Uplay (HKLM-x32\...\Uplay) (Version: 5.2 - Ubisoft)
USB Serial Port Driver (HKLM-x32\...\{281A7FBF-9E98-4639-AC73-D205BBF979AA}) (Version: 1.1.4.1416 - Nokia)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\WinDirStat) (Version:  - )
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM-x32\...\{8ADD5526-3DEC-4151-AC39-DEE5CADBCFDC}) (Version: 1.1.7.1433 - Nokia)
WinUSB Drivers ext (HKLM-x32\...\{A0B1E1BF-BEF5-4748-800B-E54ED9CDF8CE}) (Version: 1.1.10.1426 - Nokia)
Zoom (HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\ZoomUMX) (Version: 3.0 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2012007196-1499415457-4251682393-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2012007196-1499415457-4251682393-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2012007196-1499415457-4251682393-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2012007196-1499415457-4251682393-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2012007196-1499415457-4251682393-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2012007196-1499415457-4251682393-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Talek\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
17-06-2015 06:38:56 Scheduled Checkpoint
24-06-2015 11:44:49 Windows Update
28-06-2015 06:11:49 Windows Update
01-07-2015 06:42:49 Windows Update
04-07-2015 08:04:00 Revo Uninstaller's restore point - Google Chrome
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02CEA824-8DC8-492E-8128-857FABCD19C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.)
Task: {0B8338B8-FC93-43C0-8BEC-2B2205CF8610} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {451A3931-E06A-4D00-85ED-AE79AACABB4C} - System32\Tasks\Orgin => C:\Program Files (x86)\Origin\Origin.exe [2015-07-01] (Electronic Arts)
Task: {68452CA8-FFC0-4D83-8E33-364BDA6D3421} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2012007196-1499415457-4251682393-1001UA => C:\Users\Talek\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-22] (Google Inc.)
Task: {6B5E388C-7CB5-46CC-86BE-AF5E3269C2C7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7338ED79-17D6-4099-9408-471AE3F4B5C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.)
Task: {7F0BCEFF-6F9E-4DB5-89D8-4C592B1CB441} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2012007196-1499415457-4251682393-1001Core => C:\Users\Talek\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-22] (Google Inc.)
Task: {B3BA5EF1-A052-4595-AB9D-65E01EF2EF18} - System32\Tasks\Bitdefender Autoscan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2014-08-13] (Bitdefender)
Task: {C7DDCE28-82BC-4161-AEA5-DDF586427622} - System32\Tasks\Close Origin => C:\killorigin.bat [2014-10-03] ()
Task: {F8F5836B-DEAC-48E2-9DC8-1A3C19883FE6} - System32\Tasks\{705576EE-DA5C-437E-8F08-67919E415A1C} => pcalua.exe -a "C:\Program Files (x86)\GOG.com\Neverwinter Nights Diamond Edition\nwn.exe" -d "C:\Program Files (x86)\GOG.com\Neverwinter Nights Diamond Edition\"
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2012007196-1499415457-4251682393-1001Core.job => C:\Users\Talek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2012007196-1499415457-4251682393-1001UA.job => C:\Users\Talek\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-18 00:03 - 2014-10-13 11:05 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-07-18 00:04 - 2014-08-13 05:22 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-07-18 00:04 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-07-18 00:04 - 2014-08-13 05:22 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2015-05-29 16:58 - 2015-05-29 16:58 - 00790368 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00350_004\ashttpbr.mdl
2015-05-29 16:58 - 2015-05-29 16:58 - 00711064 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00350_004\ashttpdsp.mdl
2015-05-29 16:58 - 2015-05-29 16:58 - 02683520 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00350_004\ashttpph.mdl
2015-05-29 16:58 - 2015-05-29 16:58 - 01326504 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00350_004\ashttprbl.mdl
2014-08-22 15:52 - 2014-08-22 15:52 - 00100984 _____ () C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-05 08:58 - 2015-02-05 08:58 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-07-18 00:04 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2014-01-30 02:02 - 2014-01-30 02:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-06-11 08:59 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-11 08:59 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-11 08:59 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-11 08:59 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-11 08:59 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-13 11:06 - 2014-10-13 11:06 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2014-07-17 22:51 - 2015-04-16 13:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 17:14 - 2015-04-22 22:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-07-17 22:51 - 2015-06-04 14:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-19 17:14 - 2015-04-22 22:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 17:14 - 2015-04-22 22:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-08-29 07:58 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 07:58 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 07:58 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 07:58 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 07:58 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-07-17 22:50 - 2015-06-04 14:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-07-17 22:50 - 2015-05-11 15:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-07-17 22:33 - 2012-07-18 09:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-07-04 11:45 - 2015-06-20 01:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-07-04 11:45 - 2015-06-20 01:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-07-04 11:45 - 2015-06-20 01:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Talek\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Talek\Downloads\0001-64bit_Win7_Win8_Win81_R275.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\adwcleaner_4.205.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\adwcleaner_4.206 (1).exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\adwcleaner_4.206.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\amd-catalyst-15.4beta-64bit-win8.1-apr9.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\battlelog-web-plugins_2.6.2_157.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\CG_5.0.14.7.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\Firefox Setup Stub 31.0.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\HitmanPro.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\mbam-setup-2.1.6.1022.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\spybot-2.4.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\UnityWebPlayer.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\UplayInstaller.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\WinMerge-2.14.0-Setup.exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\Zoom_launcher (1).exe:BDU
AlternateDataStreams: C:\Users\Talek\Downloads\Zoom_launcher.exe:BDU
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Talek\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 64.140.114.21 - 64.140.114.22
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2012007196-1499415457-4251682393-1001\...\StartupApproved\Run: => "EADM"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{42133928-3C6C-4C0B-9C99-5E27BAE4A367}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{30D15A6A-B709-409D-8E87-15E3221DF554}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{F49DE139-0EEC-4F43-8115-8A7B192D03EA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{08562E6A-4FEB-46A3-9260-9631B30F24DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{460DA886-4F74-42B5-8C50-8B182E29DF38}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0F9FC18D-C29F-4520-A632-9BD0A7B127A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BB319D22-1396-403F-90BB-D43BA51A2251}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D2D61243-C3AD-4187-9511-2099172B58B0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{0B9AA85B-172C-4007-9CBC-E36E191C2963}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{D6069224-5B32-405A-A0D1-99211ABF68AF}] => (Allow) C:\Users\Talek\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{02BDAC6C-21D3-4E3D-92D5-4087C9E4F0D0}] => (Allow) C:\Users\Talek\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AA216AD0-611B-433F-BF27-6C51D7AD4FD6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{56883BF9-F177-4065-9EEA-5BFE9310A5F9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{96949291-5048-47AE-BF94-833D90FF3569}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EvolveAlpha\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{26490A8B-22A7-4A04-8496-A80515F1F9FD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EvolveAlpha\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{E519AE6B-D15C-4834-A492-DB4900DDC0C6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F97524C2-4751-446C-A474-4F1CF05A69F1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D90986EC-6467-41C9-A565-D262DDF5BA6E}] => (Allow) C:\Users\Talek\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{C75B08C3-274F-4FCB-867C-54C4F0FB1B13}] => (Allow) C:\Users\Talek\AppData\Roaming\Zoom\bin\airhost.exe
FirewallRules: [{6D90AD2F-76BB-4929-B10B-562A5CE54D4C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E11B3D73-8DC9-4F48-AB45-4067C0351787}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7F307350-DE27-425A-A5F8-F44CCE6A45B4}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{04B24394-21C6-484D-86E0-CAA9AE78D0E4}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{8869A6CA-1371-4766-9E46-463914BCCCAE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{A2F1CF13-BEED-4432-8B23-59CBA1CD4E74}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{C6F194DC-BE93-491F-A623-1457B0A4E078}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms NA\Launcher.exe
FirewallRules: [{1761ADFC-B3B1-405E-8303-9DC74D9F0622}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms NA\Launcher.exe
FirewallRules: [{78D2CABD-2785-49F6-8FB9-5DE6742A3036}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{2DDF9C55-F491-42DE-9C23-59EA4C132362}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{77CD86A1-56B0-4CFE-AD3E-7AF238E84931}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{04A784D3-8640-4E63-820B-D39DB45A6DC3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6F4B868B-8836-4555-B877-7AA8A5762421}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BDDA7773-D8E3-4021-8526-49DFF95BD776}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B420AF35-5389-4BA3-A345-EA9BB6EDBA5E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{2CAB30BA-64AE-4236-BDF9-4565117D8FF3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{9F317B16-9BFC-4171-ABB1-C282F4DE54C5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A5BCE802-9B0A-4BED-AE59-B46E9CDA4046}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rainbow Six Siege - Closed Alpha\RainbowSix.exe
FirewallRules: [{32F0C404-10FD-4353-8C03-0F398AA07A69}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rainbow Six Siege - Closed Alpha\RainbowSix.exe
FirewallRules: [{5C7AC37E-210B-4D83-A679-72C25E6E71F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{B97EAD7C-EB31-452C-92A7-D7CFA33CD423}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{82FFCB50-75C1-4701-B039-A6B39329EBB2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{B0A4580C-F453-4CB2-A852-AAEA1561A977}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{31EAB3B4-9C52-401D-BC8B-86E7FACE3190}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{2E9574D2-CAFA-47A1-8428-2AAB24E5610A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{19EA5E0D-EB98-448F-BD3D-56CD492E68E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/04/2015 10:52:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346
Faulting module name: TQUERY.DLL, version: 7.0.9600.17787, time stamp: 0x551b6a06
Exception code: 0xc0000005
Fault offset: 0x000000000002db9c
Faulting process id: 0x10d8
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3
Faulting package full name: SearchIndexer.exe4
Faulting package-relative application ID: SearchIndexer.exe5
 
Error: (07/04/2015 08:04:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (07/03/2015 04:35:09 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (07/02/2015 06:57:10 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (07/01/2015 06:42:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/30/2015 06:37:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShooterGame-Win32-Shipping.exe version 1.0.47058.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d94
 
Start Time: 01d0b3854bf8df81
 
Termination Time: 15
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
 
Report Id: 9ec15716-1f78-11e5-bea8-002522f524b0
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/28/2015 06:11:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/27/2015 00:28:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShooterGame-Win32-Shipping.exe version 1.0.47058.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 20b0
 
Start Time: 01d0b0919619b3c5
 
Termination Time: 17
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
 
Report Id: e7c30498-1c84-11e5-bea7-002522f524b0
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/26/2015 04:05:34 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (06/24/2015 11:44:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (07/04/2015 10:52:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/03/2015 07:01:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0244: Intel Corporation driver update for Intel® HD Graphics 3000.
 
Error: (07/03/2015 04:35:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0244: Intel Corporation driver update for Intel® HD Graphics 3000.
 
Error: (07/02/2015 06:57:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0244: Intel Corporation driver update for Intel® HD Graphics 3000.
 
Error: (07/01/2015 06:49:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0244: Intel Corporation driver update for Intel® HD Graphics 3000.
 
Error: (07/01/2015 06:43:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0244: Intel Corporation driver update for Intel® HD Graphics 3000.
 
Error: (06/30/2015 06:39:01 PM) (Source: Schannel) (EventID: 4108) (User: TALEK-PC)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The SSL connection request has failed. The attached data contains the server certificate.
 
Error: (06/30/2015 06:39:01 PM) (Source: Schannel) (EventID: 4120) (User: TALEK-PC)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.
 
Error: (06/30/2015 07:25:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (06/30/2015 07:25:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
 
Microsoft Office:
=========================
Error: (07/04/2015 10:52:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.9600.17787551b6346TQUERY.DLL7.0.9600.17787551b6a06c0000005000000000002db9c10d801d0b47c3769f2c1C:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\TQUERY.DLL53274562-225c-11e5-bea9-002522f524b0
 
Error: (07/04/2015 08:04:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (07/03/2015 04:35:09 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)
 
Error: (07/02/2015 06:57:10 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)
 
Error: (07/01/2015 06:42:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (06/30/2015 06:37:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ShooterGame-Win32-Shipping.exe1.0.47058.0d9401d0b3854bf8df8115C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe9ec15716-1f78-11e5-bea8-002522f524b0
 
Error: (06/28/2015 06:11:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (06/27/2015 00:28:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ShooterGame-Win32-Shipping.exe1.0.47058.020b001d0b0919619b3c517C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exee7c30498-1c84-11e5-bea7-002522f524b0
 
Error: (06/26/2015 04:05:34 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)
 
Error: (06/24/2015 11:44:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 35%
Total physical RAM: 8103.51 MB
Available physical RAM: 5233.27 MB
Total Pagefile: 9703.51 MB
Available Pagefile: 6367.27 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:238.13 GB) (Free:49.3 GB) NTFS
Drive d: () (Fixed) (Total:465.25 GB) (Free:390.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 8F1E493D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7FF1F748)
 
Partition: GPT Partition Type.
 
==================== End of log ============================


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:55 PM

Posted 04 July 2015 - 12:06 PM

Hi,

 

 

 

STEP 1

 

 

Please download the latest version of AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

thisisujrt.gif  Please download the latest version of Junkware Removal Tool and save it to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#9 talick

talick
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 04 July 2015 - 02:40 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.9 (07.04.2015:1)
OS: Windows 8.1 Pro x64
Ran by Talek on Sat 07/04/2015 at 15:35:40.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_21638E2EF2F0F200A3503589A96E9416
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\WINDOWS\system32\drivers\bdsandbox.sys
Successfully deleted: [File] C:\Users\Talek\AppData\Roaming\appdataFr25.bin
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\AllDayProice [BHO.Multiplug]
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Talek\appdata\local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
 
[C:\Users\Talek\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Talek\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
gpdjojdkbbmdfjfahjcgigfpmkopogic
 
[C:\Users\Talek\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Talek\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  amfclgbdpgndipgoegfpkkgobahigbcl,
  gpdjojdkbbmdfjfahjcgigfpmkopogic
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/04/2015 at 15:39:26.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 talick

talick
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 04 July 2015 - 02:42 PM

# AdwCleaner v4.207 - Logfile created 04/07/2015 at 15:41:02
# Updated 21/06/2015 by Xplode
# Database : 2015-07-02.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Talek - TALEK-PC
# Running from : C:\Users\Talek\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
 
-\\ Google Chrome v43.0.2357.130
 
 
*************************
 
AdwCleaner[R0].txt - [3926 bytes] - [29/05/2015 17:10:55]
AdwCleaner[R1].txt - [354 bytes] - [17/06/2015 08:18:17]
AdwCleaner[R2].txt - [1008 bytes] - [17/06/2015 08:54:51]
AdwCleaner[R3].txt - [1005 bytes] - [04/07/2015 15:34:42]
AdwCleaner[R4].txt - [1123 bytes] - [04/07/2015 15:40:01]
AdwCleaner[S0].txt - [3826 bytes] - [29/05/2015 17:12:03]
AdwCleaner[S1].txt - [607 bytes] - [04/07/2015 15:36:16]
AdwCleaner[S2].txt - [1049 bytes] - [04/07/2015 15:41:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1108  bytes] ##########


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:55 PM

Posted 04 July 2015 - 02:54 PM

Hi,

 

Let's check for malware leftovers:

 

 

STEP 1

 

 

Please download Malwarebytes Anti-Malware 2.1.8.1057 Final to your desktop.
 

  • Double-click mbam-setup-2.1.6.1022.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 2

 

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

 

6-scanfin-choose.jpg
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

Note: Programdata is hidden by default. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

 

 

 

STEP 3

 

 

emsisoft_emergency_kit.pnglogo.png

  • Download EmsisoftEmergencyKit, run the exe and extract the content in a folder of your choice like (C:\EEK) by clicking the Extract button.
  • Double-click the desktop-shortcut called Start Emsisoft Emergency Kit to start the tool.
  • Click on the "Yes" button when asked to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Click on the "Yes" button when asked to enable the scan for Potentially Unwanted Applications.
  • Next click on the Full Scan. When the scan complete, click on the View Report button (don't delete or quarantine anything).
  • Please copy and paste the content of the report in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:55 PM

Posted 11 July 2015 - 10:30 PM

Hi,

It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 72 hours.


Regards,
Georgi


cXfZ4wS.png


#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:55 PM

Posted 15 July 2015 - 04:54 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users