Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is being remotely accessed somehow....


  • This topic is locked This topic is locked
5 replies to this topic

#1 hemicharg3r

hemicharg3r

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 09 August 2015 - 11:41 PM

Here is the result of the FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
Ran by Brandon (administrator) on BRANDONS (09-08-2015 23:22:48)
Running from C:\Users\Brandon\Desktop
Loaded Profiles: Brandon (Available Profiles: Brandon)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(NetSupport Ltd) C:\Users\Brandon\AppData\Roaming\System\lang.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxcr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1695744 2015-06-27] (Bitdefender)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2015-07-10] (LogMeIn, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5123216 2012-06-08] (VIA)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-07-14] (LogMeIn Inc.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-07-28] (QFX Software Corporation)
HKU\S-1-5-21-4155219725-3124220942-4134955727-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-4155219725-3124220942-4134955727-1001\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-4155219725-3124220942-4134955727-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-06-27] (Bitdefender)
HKU\S-1-5-21-4155219725-3124220942-4134955727-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-4155219725-3124220942-4134955727-1001\...\Run: [lang] => C:\Users\Brandon\AppData\Roaming\System\lang.exe [34808 2011-10-07] (NetSupport Ltd)
HKU\S-1-5-21-4155219725-3124220942-4134955727-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1341192 2015-05-20] (Bogdan Sharkov)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4155219725-3124220942-4134955727-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4155219725-3124220942-4134955727-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-06-27] (Bitdefender)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-06-27] (Bitdefender)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-18] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-18] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-06-27] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-06-27] (Bitdefender)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{83BDFCAD-05BA-4F77-9660-2788DED6BAB6}: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-18] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4155219725-3124220942-4134955727-1001: @nsroblox.roblox.com/launcher -> C:\Users\Brandon\AppData\Local\Roblox\Versions\version-4b2704791da04c77\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4155219725-3124220942-4134955727-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Brandon\AppData\Local\Roblox\Versions\version-4b2704791da04c77\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-01-27]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
 
Chrome: 
=======
CHR Profile: C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25]
CHR Extension: (Google Docs) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25]
CHR Extension: (Google Drive) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25]
CHR Extension: (YouTube) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25]
CHR Extension: (Google Search) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25]
CHR Extension: (Tampermonkey) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-06-29]
CHR Extension: (Bitdefender Wallet) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-01-27]
CHR Extension: (Google Sheets) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Skype Click to Call) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-25]
CHR Extension: (AgarioMods Evergreen Script) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjgdbihpkphlammdaeicdemggagfbdo [2015-07-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR Extension: (Gmail) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-10] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [235744 2015-07-10] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [234856 2015-07-10] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-07-10] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-14] (NVIDIA Corporation)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-02-22] ()
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1545376 2015-06-27] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-06-27] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [271272 2015-06-27] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-06-27] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-02-10] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-10] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-06-27] (BitDefender LLC)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-07-14] (LogMeIn Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224208 2015-06-03] (QFX Software Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-07-10] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-14] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-09-05] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-02] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-09] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-27] (BitDefender S.R.L.)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-09 23:22 - 2015-08-09 23:22 - 00021603 _____ C:\Users\Brandon\Desktop\FRST.txt
2015-08-09 23:22 - 2015-08-09 23:22 - 00000000 ____D C:\FRST
2015-08-09 23:21 - 2015-08-09 23:21 - 02171392 _____ (Farbar) C:\Users\Brandon\Desktop\FRST64.exe
2015-08-09 02:34 - 2015-08-09 02:34 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Brandon\Desktop\tdsskiller.exe
2015-08-09 02:26 - 2015-08-09 02:29 - 00000000 ____D C:\AdwCleaner
2015-08-09 02:26 - 2015-08-09 02:26 - 02248704 _____ C:\Users\Brandon\Downloads\AdwCleaner.exe
2015-08-09 02:26 - 2015-08-09 02:26 - 02248704 _____ C:\Users\Brandon\Desktop\AdwCleaner.exe
2015-08-09 01:47 - 2015-08-09 01:47 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-09 01:47 - 2015-08-09 01:47 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-09 01:46 - 2015-08-09 01:47 - 18718280 _____ C:\Users\Brandon\Desktop\RogueKiller.exe
2015-08-08 00:50 - 2015-08-08 00:50 - 00000000 ____D C:\Users\Brandon\AppData\Temp
2015-07-29 22:56 - 2015-07-29 22:56 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\QFX Software
2015-07-29 22:56 - 2015-07-29 22:56 - 00000000 ____D C:\ProgramData\QFX Software
2015-07-29 22:53 - 2015-07-29 22:53 - 01555824 _____ C:\Users\Brandon\Downloads\KeyScrambler_Setup.exe
2015-07-29 22:53 - 2015-07-29 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2015-07-29 22:53 - 2015-07-29 22:53 - 00000000 ____D C:\Program Files (x86)\KeyScrambler
2015-07-29 22:53 - 2015-06-03 08:43 - 00224208 _____ (QFX Software Corporation) C:\Windows\system32\Drivers\keyscrambler.sys
2015-07-29 22:46 - 2015-07-29 22:48 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Brandon\Downloads\tdsskiller.exe
2015-07-28 12:17 - 2015-07-25 08:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-26 12:42 - 2015-07-26 12:42 - 00091648 _____ C:\Users\Brandon\Downloads\dsound.dll
2015-07-26 12:42 - 2015-07-26 12:42 - 00091648 _____ C:\Users\Brandon\Desktop\dsound.dll
2015-07-26 12:33 - 2015-07-26 12:33 - 02641537 _____ C:\Users\Brandon\Downloads\1361023764_trainerv65.rar
2015-07-26 12:33 - 2015-07-26 12:33 - 02641537 _____ C:\Users\Brandon\Downloads\1361023764_trainerv65 (1).rar
2015-07-23 19:15 - 2015-07-19 00:43 - 106137037 _____ C:\Users\Brandon\Desktop\FiveNightsAtCandys.exe
2015-07-23 19:04 - 2015-07-23 19:08 - 103720090 _____ C:\Users\Brandon\Downloads\FiveNightsAtCandys.1.zip
2015-07-23 12:20 - 2015-07-23 12:20 - 00000000 ____D C:\Users\Brandon\AppData\Local\CEF
2015-07-21 01:04 - 2015-07-14 09:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 01:04 - 2015-07-14 09:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-21 01:04 - 2015-07-14 09:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 01:04 - 2015-07-14 09:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-19 16:56 - 2015-07-19 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2015-07-19 16:56 - 2015-07-19 16:56 - 00000000 ____D C:\Program Files\AutoHotkey
2015-07-19 16:55 - 2015-07-19 16:55 - 02869078 _____ C:\Users\Brandon\Downloads\AutoHotkey112203_Install (3).exe
2015-07-19 16:54 - 2015-07-19 16:54 - 02869078 _____ C:\Users\Brandon\Downloads\AutoHotkey112203_Install (2).exe
2015-07-19 16:52 - 2015-07-19 16:52 - 02869078 _____ C:\Users\Brandon\Downloads\AutoHotkey112203_Install (1).exe
2015-07-19 16:50 - 2015-07-19 16:50 - 02869078 _____ C:\Users\Brandon\Downloads\AutoHotkey112203_Install.exe
2015-07-19 14:35 - 2015-08-09 23:06 - 00000000 ____D C:\Users\Brandon\AppData\Local\LogMeIn Hamachi
2015-07-19 14:34 - 2015-07-19 14:34 - 08712192 _____ C:\Users\Brandon\Downloads\hamachi (1).msi
2015-07-19 14:34 - 2015-07-19 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-07-19 14:34 - 2015-07-19 14:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-07-19 14:29 - 2015-08-09 02:30 - 00001027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-07-19 14:29 - 2015-08-09 02:30 - 00001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-07-19 14:29 - 2015-07-19 14:29 - 00000000 ____D C:\Users\Brandon\AppData\Local\LogMeIn
2015-07-19 14:29 - 2015-07-19 14:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-07-19 14:29 - 2015-07-10 19:42 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-07-19 14:29 - 2015-07-10 19:42 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-07-19 14:29 - 2015-07-10 19:42 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-07-19 14:29 - 2015-07-10 19:33 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys
2015-07-19 14:28 - 2015-07-19 14:28 - 29995008 _____ C:\Users\Brandon\Downloads\LogMeIn (1).msi
2015-07-19 13:58 - 2015-07-19 13:58 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2015-07-19 13:58 - 2015-07-19 13:58 - 00000000 ____D C:\Users\Brandon\AppData\Local\Downloaded Installations
2015-07-19 13:58 - 2015-07-19 13:58 - 00000000 ____D C:\Program Files (x86)\AMD
2015-07-19 13:58 - 2015-07-19 13:58 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-07-19 13:58 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-07-19 13:58 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-07-19 13:58 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-07-19 13:58 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-07-19 13:58 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-07-19 13:58 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-07-18 00:21 - 2015-07-18 00:21 - 00002160 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-07-18 00:21 - 2015-06-17 01:03 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-07-18 00:19 - 2015-06-17 04:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 15224784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-18 00:19 - 2015-06-17 04:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 00879000 _____ C:\Windows\system32\nvmcumd.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-07-18 00:19 - 2015-06-17 04:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-07-18 00:19 - 2015-06-17 04:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-07-18 00:11 - 2015-07-02 23:28 - 00065896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-07-18 00:11 - 2015-07-02 23:28 - 00047976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-07-14 12:52 - 2015-06-29 17:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 12:52 - 2015-06-29 10:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 12:52 - 2015-06-29 10:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 12:52 - 2015-06-29 10:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 12:52 - 2015-06-29 10:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 12:52 - 2015-06-28 00:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 12:52 - 2015-06-28 00:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 12:52 - 2015-06-28 00:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 12:52 - 2015-06-28 00:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 12:52 - 2015-06-27 11:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 12:52 - 2015-06-26 22:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 12:52 - 2015-06-26 22:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 12:52 - 2015-06-26 22:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 12:52 - 2015-06-26 21:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-14 12:52 - 2015-06-26 21:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 12:52 - 2015-06-26 21:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 12:52 - 2015-06-26 20:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-14 12:52 - 2015-06-26 20:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 12:52 - 2015-06-26 18:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 12:52 - 2015-06-26 18:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 12:52 - 2015-06-24 21:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 12:52 - 2015-06-15 17:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 12:52 - 2015-06-15 17:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 12:52 - 2015-06-15 16:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 12:52 - 2015-06-15 16:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 12:52 - 2015-06-15 15:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 12:52 - 2015-06-15 14:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 12:52 - 2015-05-30 16:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-14 12:52 - 2015-05-30 14:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-14 12:52 - 2015-05-30 14:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-14 12:52 - 2015-05-07 12:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-14 12:52 - 2015-05-07 12:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-14 12:52 - 2015-05-07 11:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-14 12:52 - 2015-05-07 11:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-14 12:52 - 2015-05-07 10:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-14 12:52 - 2015-05-07 10:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-14 12:52 - 2015-05-03 10:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 12:52 - 2015-05-03 09:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 12:52 - 2015-05-03 09:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-14 12:52 - 2015-05-03 09:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-14 12:52 - 2015-05-02 19:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-14 12:52 - 2015-04-29 18:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-14 12:52 - 2015-04-24 21:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-14 12:51 - 2015-07-09 14:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 12:51 - 2015-07-09 13:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 12:51 - 2015-07-09 11:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 12:51 - 2015-07-09 10:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 12:51 - 2015-07-09 10:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 12:51 - 2015-07-09 10:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-14 12:51 - 2015-07-09 10:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 12:51 - 2015-07-09 10:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 12:51 - 2015-07-09 10:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 12:51 - 2015-07-09 10:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-14 12:51 - 2015-07-09 10:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-14 12:51 - 2015-07-09 10:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-14 12:51 - 2015-07-09 10:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-14 12:51 - 2015-07-02 16:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 12:51 - 2015-07-02 15:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 12:51 - 2015-07-02 14:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 12:51 - 2015-07-01 17:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 12:51 - 2015-07-01 16:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 12:51 - 2015-06-26 22:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 12:51 - 2015-06-26 22:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 12:51 - 2015-06-26 21:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-14 12:50 - 2015-07-02 15:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 12:50 - 2015-07-02 15:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 12:50 - 2015-07-02 15:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 12:50 - 2015-07-02 14:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 12:50 - 2015-07-02 13:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 12:50 - 2015-06-16 00:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 12:50 - 2015-06-16 00:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 12:50 - 2015-06-15 17:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 12:50 - 2015-06-15 17:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 12:50 - 2015-06-15 17:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 12:50 - 2015-06-15 17:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 12:50 - 2015-06-15 17:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-14 12:50 - 2015-06-15 16:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 12:50 - 2015-06-15 16:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 12:50 - 2015-06-15 16:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-14 12:50 - 2015-06-15 16:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 12:50 - 2015-06-15 16:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-14 12:50 - 2015-06-15 16:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-14 12:50 - 2015-06-15 16:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 12:50 - 2015-06-15 16:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 12:50 - 2015-06-15 16:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-14 12:50 - 2015-06-15 16:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 12:50 - 2015-06-15 16:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 12:50 - 2015-06-15 16:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 12:50 - 2015-06-15 16:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 12:50 - 2015-06-15 16:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 12:50 - 2015-06-15 15:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 12:50 - 2015-06-15 15:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-14 12:50 - 2015-06-15 15:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 12:50 - 2015-06-15 15:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 12:50 - 2015-06-15 15:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-14 12:50 - 2015-06-15 15:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 12:50 - 2015-06-15 15:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-14 12:50 - 2015-06-15 15:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-14 12:50 - 2015-06-15 15:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 12:50 - 2015-06-15 15:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 12:50 - 2015-06-15 15:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 12:50 - 2015-06-15 15:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-14 12:50 - 2015-06-15 15:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 12:50 - 2015-06-15 15:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 12:50 - 2015-06-10 22:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 12:50 - 2015-06-10 11:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 12:50 - 2015-05-12 08:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-14 12:50 - 2015-05-11 11:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-14 12:50 - 2015-05-07 11:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-14 12:50 - 2015-05-03 10:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-14 12:50 - 2015-05-03 09:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-14 12:50 - 2015-05-01 18:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-14 12:50 - 2015-04-28 08:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-14 12:50 - 2015-04-28 08:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-14 12:50 - 2015-04-23 10:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-14 12:50 - 2015-04-23 10:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-14 11:44 - 2015-07-14 11:44 - 00045680 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2015-07-13 20:04 - 2015-07-13 20:04 - 01101392 _____ C:\Users\Brandon\Downloads\ToonHUD.zip
2015-07-11 12:17 - 2015-07-11 12:27 - 00000000 ____D C:\Users\Brandon\Documents\Bandicam
2015-07-11 12:17 - 2015-07-11 12:17 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\BANDISOFT
2015-07-11 12:16 - 2015-07-11 12:16 - 09971968 _____ (Bandisoft) C:\Users\Brandon\Downloads\bdcamsetup.exe
2015-07-11 12:16 - 2015-07-11 12:16 - 00001011 _____ C:\Users\Brandon\Desktop\Bandicam.lnk
2015-07-11 12:16 - 2015-07-11 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2015-07-11 12:16 - 2015-07-11 12:16 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2015-07-11 12:16 - 2015-07-11 12:16 - 00000000 ____D C:\Program Files (x86)\Bandicam
2015-07-10 19:33 - 2015-07-10 19:33 - 00035616 _____ (LogMeIn, Inc.) C:\Windows\system32\lmimirr.dll
2015-07-10 19:33 - 2015-07-10 19:33 - 00014624 _____ (LogMeIn, Inc.) C:\Windows\system32\lmimirr2.dll
2015-07-10 19:33 - 2015-07-10 19:33 - 00011552 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\lmimirr.sys
2015-07-10 17:39 - 2015-07-10 17:40 - 89940403 _____ C:\Users\Brandon\Downloads\LB Photo Realism x256 10.0.0-converted-1374012707213.zip
2015-07-10 17:35 - 2015-07-10 17:35 - 113221340 _____ C:\Users\Brandon\Downloads\PureBDcraft 512x MC18 (2).zip
2015-07-10 17:31 - 2015-07-10 17:31 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\java
2015-07-10 17:30 - 2015-07-10 17:31 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-07-10 17:30 - 2015-07-10 17:30 - 02314240 _____ C:\Users\Brandon\Downloads\MinecraftInstaller.msi
2015-07-10 17:30 - 2015-07-10 17:30 - 00000980 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-07-10 17:30 - 2015-07-10 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-07-10 08:39 - 2015-07-28 12:47 - 00000000 ___HD C:\$Windows.~BT
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-09 23:14 - 2015-01-25 03:54 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-09 23:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-09 22:38 - 2015-01-25 03:24 - 02046273 _____ C:\Windows\WindowsUpdate.log
2015-08-09 22:27 - 2015-01-25 11:22 - 00023704 _____ C:\Windows\system32\lvcoinst.log
2015-08-09 18:34 - 2015-01-25 03:51 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A91EBF8D-9D07-4CE0-95E1-64F39B22DB43}
2015-08-09 02:42 - 2015-01-25 03:34 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4155219725-3124220942-4134955727-1001
2015-08-09 02:36 - 2013-09-30 14:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-09 02:32 - 2015-03-07 10:52 - 00027667 _____ C:\Windows\setupact.log
2015-08-09 02:32 - 2015-01-25 03:31 - 00000000 __RDO C:\Users\Brandon\SkyDrive
2015-08-09 02:30 - 2015-01-06 16:51 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-09 02:30 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-09 02:29 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-08-09 02:06 - 2015-01-28 20:09 - 00000000 ____D C:\Users\Brandon\AppData\Local\Adobe
2015-08-09 02:03 - 2015-03-13 18:02 - 00011948 _____ C:\Windows\PFRO.log
2015-08-09 02:03 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-09 00:01 - 2015-04-12 09:51 - 00000000 ____D C:\ProgramData\LogMeIn
2015-08-08 00:24 - 2015-01-25 11:22 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-08-06 08:41 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-06 08:36 - 2015-01-25 03:29 - 00000000 ____D C:\Users\Brandon\AppData\Local\Packages
2015-08-05 16:15 - 2015-01-25 03:54 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-29 22:53 - 2015-06-28 23:00 - 00000828 _____ C:\Users\Brandon\AppData\Roaming\1.txt
2015-07-29 22:53 - 2015-01-25 03:29 - 00000000 ____D C:\Users\Brandon
2015-07-29 03:29 - 2015-03-30 20:18 - 00192000 ___SH C:\Users\Brandon\Desktop\Thumbs.db
2015-07-28 14:13 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-28 12:49 - 2013-09-12 16:57 - 00000000 ____D C:\Windows\Panther
2015-07-26 12:33 - 2015-04-10 19:20 - 00021504 ___SH C:\Users\Brandon\Downloads\Thumbs.db
2015-07-25 15:15 - 2015-04-10 16:26 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 21:10 - 2015-01-25 04:21 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\Skype
2015-07-24 19:37 - 2015-01-25 04:11 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-24 12:37 - 2013-08-22 09:44 - 00337808 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-23 19:16 - 2015-01-31 18:13 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\MMFApplications
2015-07-20 13:25 - 2015-06-14 21:36 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\TS3Client
2015-07-20 00:01 - 2015-04-12 09:52 - 00000000 ____D C:\Users\Brandon\AppData\Local\LogMeInIgnition
2015-07-19 16:56 - 2013-08-22 14:11 - 00000000 ____D C:\Windows\ShellNew
2015-07-19 14:29 - 2015-04-12 09:51 - 00001024 _____ C:\.rnd
2015-07-19 14:28 - 2015-04-11 09:40 - 00000000 __SHD C:\Users\Brandon\AppData\Local\EmieUserList
2015-07-19 14:28 - 2015-04-11 09:40 - 00000000 __SHD C:\Users\Brandon\AppData\Local\EmieSiteList
2015-07-19 14:28 - 2015-04-11 09:40 - 00000000 __SHD C:\Users\Brandon\AppData\Local\EmieBrowserModeList
2015-07-19 13:58 - 2015-06-18 14:45 - 00000000 ____D C:\Users\Brandon\Documents\My Games
2015-07-19 13:58 - 2015-04-02 21:42 - 00074196 _____ C:\Windows\DirectX.log
2015-07-19 13:58 - 2015-01-06 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-07-18 00:29 - 2015-02-16 22:35 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-18 00:29 - 2015-02-16 22:34 - 00000000 ____D C:\ProgramData\Oracle
2015-07-18 00:29 - 2015-02-16 22:34 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-18 00:21 - 2015-01-06 16:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-18 00:19 - 2015-06-18 17:13 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-17 19:11 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-07-17 17:14 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\WinStore
2015-07-17 17:09 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-16 15:57 - 2015-06-28 20:24 - 00000000 _RSHD C:\Users\Brandon\AppData\Roaming\System
2015-07-16 13:21 - 2015-01-25 04:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-16 13:21 - 2015-01-25 04:21 - 00000000 ____D C:\ProgramData\Skype
2015-07-15 21:46 - 2015-02-01 03:52 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 21:46 - 2015-02-01 03:52 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 21:46 - 2015-01-28 02:18 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 21:41 - 2015-04-10 16:26 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-15 18:09 - 2015-01-25 03:54 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 18:09 - 2015-01-25 03:54 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 18:09 - 2015-01-25 03:54 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 14:06 - 2015-01-06 16:51 - 01423120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-07-14 14:06 - 2015-01-06 16:51 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-07-14 14:05 - 2015-01-06 16:51 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-07-14 14:05 - 2015-01-06 16:51 - 01710056 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-07-13 16:10 - 2013-08-22 10:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 16:10 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-10 18:03 - 2015-02-22 15:15 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\.minecraft
2015-07-10 16:11 - 2015-01-25 11:26 - 00235744 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
 
==================== Files in the root of some directories =======
 
2015-06-28 23:00 - 2015-07-29 22:53 - 0000828 _____ () C:\Users\Brandon\AppData\Roaming\1.txt
2015-06-27 01:50 - 2015-06-27 01:50 - 0535758 _____ () C:\Users\Brandon\AppData\Roaming\browsers.exe
2015-06-27 01:50 - 2015-06-27 01:50 - 0367616 _____ () C:\Users\Brandon\AppData\Roaming\delete.exe
2015-06-27 01:50 - 2015-06-27 01:50 - 0000241 _____ () C:\Users\Brandon\AppData\Roaming\deleter(3).bat
2015-06-28 20:24 - 2015-06-28 20:24 - 0587776 _____ (Igor Pavlov) C:\Users\Brandon\AppData\Roaming\intro.exe
2015-06-27 01:49 - 2015-06-27 01:49 - 0212553 _____ () C:\Users\Brandon\AppData\Roaming\ip2.exe
2015-06-27 01:50 - 2015-06-27 01:50 - 2793984 _____ () C:\Users\Brandon\AppData\Roaming\Ssfn.exe
2015-02-08 00:35 - 2015-02-08 00:35 - 0000039 _____ () C:\Users\Brandon\AppData\Roaming\TheHunterSettings_steam_live.cfg
2015-01-27 03:46 - 2015-01-27 03:46 - 0557384 _____ () C:\ProgramData\1422348258.bdinstall.bin
2015-06-29 00:17 - 2015-06-29 00:17 - 0102994 _____ () C:\ProgramData\1435555031.bdinstall.bin
 
Files to move or delete:
====================
C:\Users\Brandon\1.exe
C:\Users\Brandon\2.exe
 
 
Some files in TEMP:
====================
C:\Users\Brandon\AppData\Local\Temp\bdfilters.dll
C:\Users\Brandon\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Brandon\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Brandon\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Brandon\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Brandon\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Brandon\AppData\Local\Temp\nvStInst.exe
C:\Users\Brandon\AppData\Local\Temp\Quarantine.exe
C:\Users\Brandon\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-02 03:19
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 hemicharg3r

hemicharg3r
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 09 August 2015 - 11:55 PM

I forgot to add that I have Bitdefender Total Security 2015.  Also running a Netgear Nighthawk X6 AC3200 router. I have run the following progs in addition to BitDefender's own scanner with no discernable results:  TDDS killer, Rkiller, AdwCleaner, Malwarebytes Anti-Malware and FRST.



#3 hemicharg3r

hemicharg3r
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 10 August 2015 - 12:13 AM

Updated  Malwarebytes Anti and it just found a Trojan.Dropper called 1.exe -- Based on my knowledge of droppers this file is likely the cause of my issue...?



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:05 PM

Posted 14 August 2015 - 11:29 AM

Greetings hemicharg3r and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run a new FRST scan including Addition.txt and post the results. In addition, run the below for me.

===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:05 PM

Posted 17 August 2015 - 09:02 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:05 PM

Posted 19 August 2015 - 09:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users