Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ExtTag.exe hijacking browser


  • This topic is locked This topic is locked
4 replies to this topic

#1 ScottyGibby

ScottyGibby

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 08 August 2015 - 02:12 PM

Here is my FRST.txt log

 

It's alot sorry but i would love it if you could help me with what i need to put in the fixlist.txt

 

Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-08-2015 01
Ran by Scott (administrator) on SCOTT (08-08-2015 20:08:17)
Running from E:\
Loaded Profiles: Scott (Available Profiles: Scott & Administrator)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Program Files\MyDailyUpdate\mdupdate.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
() C:\Program Files\MyDailyUpdate\packages\e21f1133-acb8-4e8c-8762-11877f2d8e71\wmpnetu.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dropbox, Inc.) C:\Users\Scott\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-02] (Synaptics Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-08] (COMODO)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780520 2015-08-08] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-2539769507-196662465-3890837482-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2539769507-196662465-3890837482-1002\...\Run: [Dropbox Update] => C:\Users\Scott\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
AppInit_DLLs: C:\ProgramData\ExtTag\4az5oxsr.dll => C:\ProgramData\ExtTag\4az5oxsr.dll [148992 2015-08-08] ()
AppInit_DLLs-x32: C:\ProgramData\ExtTag\jumcw1w3.dll => C:\ProgramData\ExtTag\jumcw1w3.dll [116736 2015-08-08] ()
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-08-08] ()
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-2539769507-196662465-3890837482-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByQRrdKFhHaQC0QGmQwQK8i716diRH9sWaUeQ8s8sdHeYfNVRiQiO__pKf5KX07kSw_6GEPcug0vhuFD0HiJXUEkXtUDvlN8mtE1mhe3EXKuXhTAmjhybBtc-UoGCct4LHYF0eoQFaBNasKQnoY4_Gqy3LW7x
HKU\S-1-5-21-2539769507-196662465-3890837482-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByQRrdKFhHaQC0QGmQwQK8i716diRH9sWaUeQ8s8sdHeYfNVRiQiO__pKf5KX07kSw_6GEPcug0vhuFyp3DYwhl0U6Tt3zt5lZKSxnkrC7TlFBitMJNbDm68FcdMNZNm_caYWCQHX4LerHwWQ7FQJZWFPxs-I&q={searchTerms}
HKU\S-1-5-21-2539769507-196662465-3890837482-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByQRrdKFhHaQC0QGmQwQK8i716diRH9sWaUeQ8s8sdHeYfNVRiQiO__pKf5KX07kSw_6GEPcug0vhuFyp3DYwhl0U6Tt3zt5lZKSxnkrC7TlFBitMJNbDm68FcdMNZNm_caYWCQHX4LerHwWQ7FQJZWFPxs-I&q={searchTerms}
HKU\S-1-5-21-2539769507-196662465-3890837482-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByQRrdKFhHaQC0QGmQwQK8i716diRH9sWaUeQ8s8sdHeYfNVRiQiO__pKf5KX07kSw_6GEPcug0vhuFyp3DYwhl0U6Tt3zt5lZKSxnkrC7TlFBitMJNbDm68FcdMNZNm_caYWCQHX4LerHwWQ7FQJZWFPxs-I&q={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {FF6BB1C2-1D2F-4C25-A3B7-DB27C0DD61CD} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByQRrdKFhHaQC0QGmQwQK8i716diRH9sWaUeQ8s8sdHeYfNVRiQiO__pKf5KX07kSw_6GEPcug0vhuFyp3DYwhl0U6Tt3zt5lZKSxnkrC7TlFBitMJNbDm68FcdMNZNm_caYWCQHX4LerHwWQ7FQJZWFPxs-I&q={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {FF6BB1C2-1D2F-4C25-A3B7-DB27C0DD61CD} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2539769507-196662465-3890837482-1002 -> DefaultScope {ielnksrch} URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByQRrdKFhHaQC0QGmQwQK8i716diRH9sWaUeQ8s8sdHeYfNVRiQiO__pKf5KX07kSw_6GEPcug0vhuFyp3DYwhl0U6Tt3zt5lZKSxnkrC7TlFBitMJNbDm68FcdMNZNm_caYWCQHX4LerHwWQ7FQJZWFPxs-I&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2539769507-196662465-3890837482-1002 -> {ielnksrch} URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByQRrdKFhHaQC0QGmQwQK8i716diRH9sWaUeQ8s8sdHeYfNVRiQiO__pKf5KX07kSw_6GEPcug0vhuFyp3DYwhl0U6Tt3zt5lZKSxnkrC7TlFBitMJNbDm68FcdMNZNm_caYWCQHX4LerHwWQ7FQJZWFPxs-I&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-24] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-24] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO-x32: Metal Maker 1.0.0.7 -> {d1ed8ab0-4dff-42de-95da-49e0537b3612} -> C:\Program Files (x86)\Metal Maker\MetalMakerbho.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6082BC9D-ED96-46B1-9B47-DEA9F38C3AFD}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\1zm0b0mh.default
FF NewTab: C:\\ProgramData\\ExtTags\\ff.NT
FF DefaultSearchEngine: findit
FF Homepage: C:\\ProgramData\\ExtTags\\ff.HP
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2539769507-196662465-3890837482-1002: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKU\S-1-5-21-2539769507-196662465-3890837482-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Scott\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Scott\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2015-08-08]
FF Extension: Adblock Plus - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\1zm0b0mh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-22]
FF Extension: DownThemAll! - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\1zm0b0mh.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-08-22]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-05]
CHR Extension: (Google Docs) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-05]
CHR Extension: (Google Drive) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-05]
CHR Extension: (Google Search) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-05]
CHR Extension: (ARC Welder) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2015-04-03]
CHR Extension: (Google Sheets) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-05]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-09-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-06]
CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-05]
CHR Extension: (Gmail) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-05]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Scott\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-03-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3633576 2015-08-08] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-08] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-04-26] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe [69448 2015-06-24] (Google Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-08] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1994936 2015-07-23] (Comodo)
R2 mitsijm2015; C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe [968480 2015-01-28] (Autodesk, Inc.)
R2 MyDailyUpdate; C:\Program Files\MyDailyUpdate\mdupdate.exe [376832 2015-04-30] () [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-07] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-11] (Microsoft Corporation)
S2 ExtTag; C:\ProgramData\ExtTag\ExtTag [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-08-08] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-08-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-08-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-08-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-08-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-08-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [245680 2015-08-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-08-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [296896 2015-08-08] (AVG Technologies CZ, s.r.o.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-08-19] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2013-08-02] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-02] (Synaptics Incorporated)
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [26392 2015-05-07] (DEVGURU Co., LTD.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-11] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-08 17:41 - 2015-08-08 20:08 - 00000000 ____D C:\FRST
2015-08-08 17:36 - 2015-08-08 17:36 - 00000000 ____D C:\Users\Scott\AppData\Roaming\AVG2015
2015-08-08 17:35 - 2015-08-08 17:35 - 00000948 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-08-08 17:35 - 2015-08-08 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-08 17:34 - 2015-08-08 17:35 - 00000000 ____D C:\ProgramData\AVG2015
2015-08-08 17:32 - 2015-08-08 17:36 - 00000000 ____D C:\Users\Scott\AppData\Local\Avg2015
2015-08-08 17:30 - 2015-08-08 19:39 - 00000000 ____D C:\ProgramData\ExtTag
2015-08-08 17:30 - 2015-08-08 17:30 - 00000000 ____D C:\ProgramData\ExtTags
2015-08-08 16:55 - 2015-08-08 16:52 - 02248704 _____ C:\Users\Scott\Downloads\adwcleaner_4.208.exe
2015-08-08 12:34 - 2015-08-08 12:34 - 00000000 ____D C:\Windows\pss
2015-08-08 07:26 - 2015-08-08 07:26 - 00000000 ____D C:\Recovery
2015-08-08 07:19 - 2015-08-08 07:19 - 00008192 _____ C:\Windows\system32\config\userdiff
2015-08-08 05:57 - 2015-08-08 07:04 - 00002318 _____ C:\Windows\comsetup.log
2015-08-08 05:56 - 2015-08-08 05:56 - 00001908 _____ C:\Windows\diagwrn.xml
2015-08-08 05:56 - 2015-08-08 05:56 - 00001908 _____ C:\Windows\diagerr.xml
2015-08-07 19:50 - 2015-08-07 19:50 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-06 01:41 - 2015-08-06 01:41 - 00000000 ____D C:\Users\Scott\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-08-05 18:45 - 2015-08-05 18:45 - 00000000 ____D C:\Users\Scott\Desktop\MP3 Player songs
2015-08-05 15:15 - 2015-08-08 08:05 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-05 11:23 - 2015-08-05 11:34 - 00000000 ____D C:\media player
2015-07-28 23:29 - 2015-07-28 23:29 - 00281672 _____ C:\Windows\Minidump\072815-29312-01.dmp
2015-07-28 23:27 - 2015-07-28 23:27 - 00281616 _____ C:\Windows\Minidump\072815-31671-01.dmp
2015-07-28 23:26 - 2015-07-28 23:26 - 00281616 _____ C:\Windows\Minidump\072815-32484-01.dmp
2015-07-28 11:02 - 2015-08-08 17:35 - 00312752 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-07-28 11:01 - 2015-08-08 17:35 - 00245680 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2015-07-26 13:27 - 2015-08-08 08:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2015-07-26 13:27 - 2015-07-26 13:27 - 00001084 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2015-07-26 13:27 - 2015-07-26 13:27 - 00000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2015-07-25 18:27 - 2015-08-05 12:18 - 00000000 ____D C:\Users\Scott\Desktop\Digi Pics
2015-07-24 05:37 - 2015-07-24 09:28 - 00000000 ____D C:\Program Files\WorldPainter
2015-07-24 05:32 - 2015-07-24 05:32 - 04404336 _____ (pepsoft.org) C:\Users\Scott\Downloads\worldpainter_64_1.11.1.exe
2015-07-24 04:22 - 2015-07-24 04:22 - 00206432 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-07-24 04:22 - 2015-07-24 00:54 - 00321632 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-07-24 04:22 - 2015-07-24 00:54 - 00206944 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-07-24 03:43 - 2015-07-24 03:43 - 00001048 _____ C:\Users\Scott\Desktop\Minecraft.lnk
2015-07-24 03:41 - 2015-07-24 05:47 - 00000000 ____D C:\Users\Scott\AppData\Roaming\.minecraft
2015-07-24 00:55 - 2015-07-24 00:55 - 00000000 ____D C:\ProgramData\Sun
2015-07-23 10:24 - 2015-07-23 10:24 - 00000000 ____D C:\Program Files (x86)\Comodo
2015-07-23 00:08 - 2015-07-23 00:08 - 00000000 ____D C:\Users\Scott\AppData\Roaming\ESS
2015-07-22 19:50 - 2015-08-08 17:30 - 00003472 _____ C:\Windows\System32\Tasks\snp
2015-07-22 19:50 - 2015-08-08 17:30 - 00003110 _____ C:\Windows\System32\Tasks\snf
2015-07-22 07:37 - 2015-07-22 23:13 - 00000000 ____D C:\Users\Scott\Documents\CPY_SAVES
2015-07-22 03:15 - 2015-07-22 03:15 - 00281560 _____ C:\Windows\Minidump\072215-71796-01.dmp
2015-07-22 01:38 - 2015-07-22 01:38 - 00000000 ____D C:\Users\Scott\AppData\Local\CEF
2015-07-21 19:02 - 2015-08-08 08:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F1 2015
2015-07-21 19:02 - 2015-07-21 19:02 - 00000000 ___HD C:\Windows\PIF
2015-07-21 10:50 - 2015-07-21 10:50 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 10:50 - 2015-07-21 10:50 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-21 10:50 - 2015-07-21 10:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 10:50 - 2015-07-21 10:50 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 01:03 - 2015-07-21 01:03 - 00000000 ____D C:\ProgramData\Codemasters
2015-07-19 18:21 - 2015-07-19 18:21 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2539769507-196662465-3890837482-1002Core1d0c24752464846.job
2015-07-19 17:40 - 2015-07-19 17:40 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Shooter
2015-07-18 19:16 - 2015-07-18 19:16 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-07-18 19:16 - 2015-07-18 19:16 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-07-18 18:29 - 2015-07-18 18:29 - 00000222 _____ C:\Users\Scott\Desktop\Rocket League.url
2015-07-18 01:22 - 2015-07-18 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rocket League
2015-07-18 01:09 - 2015-07-18 01:09 - 00000000 ____D C:\Users\Scott\AppData\Local\I Am Bread
2015-07-17 20:28 - 2015-07-17 20:28 - 00000340 _____ C:\Windows\Tasks\0715avUpdateInfo.job
2015-07-17 20:28 - 2015-07-17 20:28 - 00000000 ____D C:\ProgramData\Avg_Update_0715av
2015-07-15 20:17 - 2015-07-15 20:17 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 20:17 - 2015-07-15 20:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-15 20:17 - 2015-07-15 20:17 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-15 20:17 - 2015-07-15 20:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-15 20:17 - 2015-07-15 20:17 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 20:17 - 2015-07-15 20:17 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-15 20:17 - 2015-07-15 20:17 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-15 20:17 - 2015-07-15 20:17 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 20:17 - 2015-07-15 20:17 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 20:17 - 2015-07-15 20:17 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 20:17 - 2015-07-15 20:17 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-15 20:16 - 2015-07-15 20:16 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 20:16 - 2015-07-15 20:16 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-07-15 20:16 - 2015-07-15 20:16 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 20:16 - 2015-07-15 20:16 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 20:16 - 2015-07-15 20:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 20:16 - 2015-07-15 20:16 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 20:16 - 2015-07-15 20:16 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 20:16 - 2015-07-15 20:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 20:16 - 2015-07-15 20:16 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-15 20:16 - 2015-07-15 20:16 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-15 20:15 - 2015-07-15 20:16 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 20:15 - 2015-07-15 20:15 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 20:15 - 2015-07-15 20:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-15 20:15 - 2015-07-15 20:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 20:15 - 2015-07-15 20:15 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-15 20:15 - 2015-07-15 20:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 20:15 - 2015-06-16 06:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 20:15 - 2015-06-11 04:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 20:15 - 2015-06-10 17:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 20:15 - 2015-05-02 00:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-15 20:15 - 2015-04-28 14:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-15 20:15 - 2015-04-28 14:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-15 20:14 - 2015-07-15 20:14 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-15 20:14 - 2015-07-15 20:14 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-15 20:14 - 2015-07-15 20:14 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-15 20:13 - 2015-07-15 20:13 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-15 20:13 - 2015-07-15 20:13 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-13 18:23 - 2015-07-13 18:23 - 00000000 ____D C:\Users\Scott\Documents\Corona Projects
2015-07-13 18:21 - 2015-08-08 08:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corona SDK
2015-07-13 18:21 - 2015-07-13 18:21 - 00001226 _____ C:\Users\Public\Desktop\Corona Simulator.lnk
2015-07-13 18:21 - 2015-07-13 18:21 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Corona Labs
2015-07-13 18:21 - 2015-07-13 18:21 - 00000000 ____D C:\Program Files (x86)\Corona Labs
2015-07-10 17:49 - 2015-08-08 11:58 - 00000000 ___HD C:\$Windows.~BT
2015-07-10 07:31 - 2015-08-08 17:35 - 00296896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgwfpa.sys
2015-07-09 22:34 - 2015-07-09 22:34 - 00002654 _____ C:\Users\Scott\Desktop\µTorrent.lnk
2015-07-09 22:33 - 2015-08-08 05:39 - 00000000 ____D C:\Users\Scott\AppData\Roaming\uTorrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-08 20:00 - 2014-08-22 18:33 - 01048916 _____ C:\Windows\WindowsUpdate.log
2015-08-08 20:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-08 19:55 - 2014-12-27 01:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-08 19:42 - 2013-08-26 07:09 - 01257860 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-08 19:39 - 2014-08-23 17:33 - 00000000 ___RD C:\Users\Scott\Dropbox
2015-08-08 19:39 - 2014-08-23 17:31 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Dropbox
2015-08-08 19:39 - 2014-08-22 18:42 - 00000000 __RDO C:\Users\Scott\SkyDrive
2015-08-08 19:35 - 2013-08-22 15:46 - 00093165 _____ C:\Windows\setupact.log
2015-08-08 19:35 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-08 17:42 - 2014-08-22 18:47 - 00000000 ____D C:\ProgramData\MFAData
2015-08-08 17:37 - 2014-08-22 18:51 - 00000000 ____D C:\ProgramData\AVG2014
2015-08-08 17:37 - 2013-08-26 07:01 - 00078812 _____ C:\Windows\PFRO.log
2015-08-08 17:35 - 2015-06-25 16:10 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-08 17:35 - 2015-06-16 15:55 - 00259040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2015-08-08 17:35 - 2015-05-12 14:36 - 00253408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2015-08-08 17:35 - 2015-05-07 13:50 - 00378336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2015-08-08 17:35 - 2015-03-27 08:40 - 00021152 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgboota.sys
2015-08-08 17:35 - 2015-03-20 12:18 - 00040928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2015-08-08 17:35 - 2015-03-11 12:16 - 00162784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2015-08-08 17:35 - 2014-08-22 18:51 - 00000000 ___HD C:\$AVG
2015-08-08 17:35 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-08-08 17:34 - 2014-08-22 18:51 - 00000000 ____D C:\Program Files (x86)\AVG
2015-08-08 17:30 - 2015-07-07 02:06 - 00001072 _____ C:\Users\Scott\Desktop\Mozilla Firefox.lnk
2015-08-08 17:30 - 2015-07-07 02:00 - 00000000 ____D C:\AdwCleaner
2015-08-08 17:30 - 2014-09-15 23:11 - 00001461 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-08 17:21 - 2015-02-14 17:23 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-08-08 17:19 - 2015-02-06 02:37 - 00000000 ____D C:\Games
2015-08-08 12:28 - 2014-09-16 00:08 - 00000000 ____D C:\Users\Scott\Desktop\Files
2015-08-08 12:11 - 2014-09-26 00:26 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-08 08:05 - 2015-06-04 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-08-08 08:05 - 2015-05-29 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2015-08-08 08:05 - 2015-05-28 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG4200 series
2015-08-08 08:05 - 2015-05-28 18:19 - 00000000 ____D C:\Windows\system32\STRING
2015-08-08 08:05 - 2015-05-13 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-08 08:05 - 2015-03-24 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameMaker Player
2015-08-08 08:05 - 2015-02-25 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-08-08 08:05 - 2015-02-25 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-08-08 08:05 - 2015-02-20 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-08-08 08:05 - 2015-01-30 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-08-08 08:05 - 2015-01-28 21:42 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-08-08 08:05 - 2015-01-28 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Inventor 2015
2015-08-08 08:05 - 2015-01-28 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DWG TrueView 2015 - English
2015-08-08 08:05 - 2015-01-28 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-08-08 08:05 - 2014-10-22 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-08-08 08:05 - 2014-09-29 13:18 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RiSKitt
2015-08-08 08:05 - 2014-09-28 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-08 08:05 - 2014-09-26 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-08-08 08:05 - 2014-09-17 22:50 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-08-08 08:05 - 2014-09-15 23:11 - 00000000 ____D C:\Users\Administrator
2015-08-08 08:05 - 2014-09-08 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2015-08-08 08:05 - 2014-09-01 17:23 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-08-08 08:05 - 2014-08-28 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-08-08 08:05 - 2014-08-23 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-08-08 08:05 - 2014-08-22 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-08 08:05 - 2014-08-22 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-08 08:05 - 2014-08-22 18:48 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2015-08-08 08:05 - 2014-08-22 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG4100 series
2015-08-08 08:05 - 2014-08-22 18:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2015-08-08 08:05 - 2014-08-22 18:39 - 00000000 ____D C:\Users\Scott
2015-08-08 08:05 - 2014-07-02 20:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-08-08 08:05 - 2014-07-02 20:17 - 00000000 ____D C:\ProgramData\Validity
2015-08-08 08:05 - 2014-07-02 20:12 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-08-08 08:05 - 2014-05-29 13:58 - 00000000 ____D C:\Windows\en-GB
2015-08-08 08:05 - 2014-05-29 05:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-08 08:05 - 2014-05-29 05:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-08-08 08:05 - 2014-05-29 05:22 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-08-08 08:05 - 2014-05-29 05:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-08-08 08:05 - 2014-05-29 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-08-08 08:05 - 2014-05-29 05:17 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-08-08 08:05 - 2013-08-26 07:12 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-08 08:05 - 2013-08-22 20:12 - 00000000 ____D C:\Windows\ShellNew
2015-08-08 08:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-08-08 08:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2015-08-08 08:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\spool
2015-08-08 08:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Recovery
2015-08-08 08:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2015-08-08 08:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\MediaViewer
2015-08-08 08:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-08-08 08:05 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-08 08:05 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\oobe
2015-08-08 07:13 - 2013-08-22 15:44 - 05229544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-08 06:58 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-08 06:56 - 2014-05-29 05:18 - 00000000 ___HD C:\Users\Default\Documents\hp.system.package.metadata
2015-08-08 06:56 - 2014-05-29 05:18 - 00000000 ___HD C:\Users\Default User\Documents\hp.system.package.metadata
2015-08-08 06:56 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-08 06:02 - 2013-08-26 07:13 - 00013783 _____ C:\Windows\iis.log
2015-08-08 06:02 - 2013-08-22 16:37 - 00006767 _____ C:\Windows\DtcInstall.log
2015-08-08 05:57 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\registration
2015-08-08 05:56 - 2013-08-26 07:57 - 00000000 ____D C:\Windows\Panther
2015-08-08 05:44 - 2014-08-22 21:09 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-08 05:42 - 2015-02-01 21:24 - 00000000 ____D C:\Users\Scott\Downloads\t files
2015-08-08 05:22 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-08 05:21 - 2014-08-22 18:45 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2539769507-196662465-3890837482-1002
2015-08-07 19:32 - 2015-03-12 00:55 - 00003824 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1426118124
2015-08-07 19:32 - 2015-03-12 00:55 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-07 19:15 - 2015-04-07 00:18 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-07 19:11 - 2014-08-22 18:40 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BAD1F553-7350-4469-9578-A18092137E6C}
2015-08-06 01:41 - 2014-08-22 18:40 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Adobe
2015-08-05 18:41 - 2014-12-02 19:33 - 00000000 ____D C:\Users\Scott\Documents\Euro Truck Simulator 2
2015-08-05 14:57 - 2015-06-20 17:03 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForScott.job
2015-08-05 12:35 - 2015-05-12 08:46 - 00000000 ____D C:\Users\Scott\AppData\Local\The Witcher
2015-07-29 21:33 - 2014-10-19 18:45 - 00000000 ____D C:\Users\Scott\AppData\Roaming\WorldPainter
2015-07-28 23:29 - 2014-08-25 11:06 - 508816524 _____ C:\Windows\MEMORY.DMP
2015-07-28 23:29 - 2014-08-25 11:06 - 00000000 ____D C:\Windows\Minidump
2015-07-24 04:22 - 2014-08-22 21:37 - 00000000 ____D C:\Program Files\Java
2015-07-24 00:54 - 2014-08-22 21:37 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-07-22 20:19 - 2014-08-26 18:25 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Skype
2015-07-22 07:37 - 2014-09-06 09:56 - 00000000 ____D C:\Users\Scott\Documents\My Games
2015-07-22 07:36 - 2014-08-22 22:20 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-07-22 07:34 - 2014-08-22 22:20 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-07-22 03:40 - 2015-02-25 17:47 - 00000000 ____D C:\Users\Scott\AppData\Local\Battle.net
2015-07-18 01:49 - 2014-05-29 05:25 - 00396950 _____ C:\Windows\DirectX.log
2015-07-18 00:52 - 2015-02-01 21:16 - 00000000 ____D C:\Program Files (x86)\R.G. Freedom
2015-07-16 18:35 - 2015-04-07 00:18 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 17:35 - 2013-08-22 16:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-16 17:35 - 2013-08-22 16:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-16 02:35 - 2015-04-15 17:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 02:35 - 2015-04-15 17:31 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 02:35 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-16 02:35 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\WinStore
2015-07-16 02:35 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\en-GB
2015-07-15 22:04 - 2014-10-03 22:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 21:59 - 2014-08-24 16:25 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 21:52 - 2014-08-24 16:25 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-15 20:55 - 2014-12-27 01:40 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-10 20:59 - 2014-09-27 23:11 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Audacity

==================== Files in the root of some directories =======

2015-03-28 14:37 - 2015-03-28 14:37 - 0000132 _____ () C:\Users\Scott\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-10-22 21:21 - 2014-10-22 21:21 - 1177208 _____ () C:\Users\Scott\AppData\Roaming\AndyCleanupTool.exe
2014-10-22 21:21 - 2014-10-22 21:21 - 1176696 _____ () C:\Users\Scott\AppData\Roaming\AndyCleanVM.exe
2014-09-01 17:20 - 2014-09-01 17:20 - 0000097 _____ () C:\Users\Scott\AppData\Roaming\LauncherSettings_live.cfg
2014-09-01 17:14 - 2014-09-01 17:14 - 0000039 _____ () C:\Users\Scott\AppData\Roaming\TheHunterSettings_steam_live.cfg

Files to move or delete:
====================
C:\Users\Scott\AVD Manager.exe
C:\Users\Scott\uninstall.exe
C:\Users\Scott\worldpainter_64_1.10.3.exe


Some files in TEMP:
====================
C:\Users\Scott\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\Scott\AppData\Local\Temp\aacenc3.exe
C:\Users\Scott\AppData\Local\Temp\AcDeltree.exe
C:\Users\Scott\AppData\Local\Temp\bdfilters.dll
C:\Users\Scott\AppData\Local\Temp\chromeupdate.exe
C:\Users\Scott\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptzcjb3.dll
C:\Users\Scott\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Scott\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Scott\AppData\Local\Temp\m1v570zi.dll
C:\Users\Scott\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Scott\AppData\Local\Temp\OpenComputersMod-1.3.3.547-native.64.dll
C:\Users\Scott\AppData\Local\Temp\ose00000.exe
C:\Users\Scott\AppData\Local\Temp\Quarantine.exe
C:\Users\Scott\AppData\Local\Temp\sevenzip-setup-rx.exe
C:\Users\Scott\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Scott\AppData\Local\Temp\sqlite3.dll
C:\Users\Scott\AppData\Local\Temp\SRLDetectionLibrary5743696162860949146.dll
C:\Users\Scott\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Scott\AppData\Local\Temp\System.Data.SQLitea3215148-3ffb-4b28-9416-9d0d0cadae8c.dll
C:\Users\Scott\AppData\Local\Temp\tmp5F79.tmp.exe
C:\Users\Scott\AppData\Local\Temp\tmpAAF9.tmp.exe
C:\Users\Scott\AppData\Local\Temp\Uninstall.exe
C:\Users\Scott\AppData\Local\Temp\updater.exe
C:\Users\Scott\AppData\Local\Temp\wpsetup.exe
C:\Users\Scott\AppData\Local\Temp\x264enc5.exe
C:\Users\Scott\AppData\Local\Temp\{9E5728CE-65BD-4669-9856-D4357E1BD3E3}-DropboxClient_3.8.5.exe
C:\Users\Scott\AppData\Local\Temp\{AE63828C-6652-4E56-860C-370A44C59B19}-DropboxClient_3.8.5.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-27 22:41

==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:37 AM

Posted 10 August 2015 - 09:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===




Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix) <==== ATTENTION

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKU\S-1-5-21-2539769507-196662465-3890837482-1002\...\Run: [AdobeBridge] => [X]
AppInit_DLLs: C:\ProgramData\ExtTag\4az5oxsr.dll => C:\ProgramData\ExtTag\4az5oxsr.dll [148992 2015-08-08] ()
AppInit_DLLs-x32: C:\ProgramData\ExtTag\jumcw1w3.dll => C:\ProgramData\ExtTag\jumcw1w3.dll [116736 2015-08-08] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO-x32: Metal Maker 1.0.0.7 -> {d1ed8ab0-4dff-42de-95da-49e0537b3612} -> C:\Program Files (x86)\Metal Maker\MetalMakerbho.dll No File
FF Plugin HKU\S-1-5-21-2539769507-196662465-3890837482-1002: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
S2 ExtTag; C:\ProgramData\ExtTag\ExtTag [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Task: {72533364-ED6A-496D-B0F4-AD9002FC2D50} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {C394AF5F-6366-4DC4-9546-1A6D8625293B} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: C:\Windows\Tasks\ProfitCheck.job => c:\programdata\{8ffc43af-a5af-145b-8ffc-c43afa5a0ebe}\crack_ecrackedgames.exe <==== ATTENTION
C:\ProgramData\ExtTag
c:\programdata\{8ffc43af-a5af-145b-8ffc-c43afa5a0ebe}
C:\Program Files (x86)\Pro PC Cleaner

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.
===

How is the computer running now?

#3 ScottyGibby

ScottyGibby
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 10 August 2015 - 09:56 AM

Thank you very much for your help, problem has been fixed and everything seems to be working fine!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:37 AM

Posted 10 August 2015 - 12:58 PM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:37 AM

Posted 15 August 2015 - 08:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users