Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected w/ Microsoft.com, won't allow antivirus to run


  • This topic is locked This topic is locked
15 replies to this topic

#1 puddingmomentum

puddingmomentum

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 19 August 2015 - 06:19 PM

Hi there, I seem to have gotten infected with something nasty that ran from C:\ProgramData\Microsoft.com. I used a Linux install to remove it and it hasn't come back. However, my antivirus still won't run. It won't appear in Uninstall Programs either. It says the services it requires aren't running and I'm denied access when I try to start them. I manually removed VIPRE antivirus by following their online guide. No joy, it says can't install drivers. A bunch of registry keys were created under Image File Execution that all pointed to C:\Windows\System32\Microsoft.com so nothing anti-virus nor anti-malware would run. I changed some of the keys so I could get a few of the tools to run and now those keys appear to be gone.

There still appears to be something very wrong with the operation of the system as regards permissions. Can you please help me as this has been driving me nuts for days.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-08-2015
Ran by Rob (administrator) on ROB-PC (19-08-2015 23:54:18)
Running from C:\Users\rob_2\Desktop
Loaded Profiles: Rob & cyg_server (Available Profiles: Rob & cyg_server & DefaultAppPool)
Platform: Windows 8 Pro with Media Center (X64) Language: English (United Kingdom)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\cygwin\bin\cygrunsrv.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\cygwin\usr\sbin\sshd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
() C:\Program Files (x86)\SABnzbd\SABnzbd.exe
(GoldenFrog) C:\Program Files (x86)\VyprVPN\VyprVPN.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(ThreatTrack Security, Inc) C:\Users\rob_2\Downloads\setup-vipre-internet-security-en-us.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(IDEVFH) C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [1044992 2012-02-26] (FileZilla Project)
HKLM-x32\...\Run: [Flashget] => C:\Program Files (x86)\FlashGet\FlashGet.exe [2007088 2007-09-25] (FlashGet.com)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6365920 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1691136 2012-05-31] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3757410904-3081483913-1924136660-1005\...\Run: [AirVideoServer] => C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
HKU\S-1-5-21-3757410904-3081483913-1924136660-1005\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
HKU\S-1-5-21-3757410904-3081483913-1924136660-1007\...\Run: [Google Update] => "C:\Users\rob_2\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3757410904-3081483913-1924136660-1007\...\Run: [AirVideoServer] => C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2013-01-04]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)
Startup: C:\Users\rob_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2015-08-04]
ShortcutTarget: SABnzbd.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
Startup: C:\Users\rob_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VyprVPN.lnk [2013-08-15]
ShortcutTarget: VyprVPN.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-03-27] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-03-27] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-03-27] (Acronis)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Group Policy detected <======= ATTENTION
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3757410904-3081483913-1924136660-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3757410904-3081483913-1924136660-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3757410904-3081483913-1924136660-1007\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ie.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3757410904-3081483913-1924136660-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: FGCatchUrl -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files (x86)\FlashGet\jccatch.dll [2007-09-11] (www.flashget.com)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-11] (Oracle Corporation)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-11] (Oracle Corporation)
BHO-x32: FlashGet GetFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files (x86)\FlashGet\getflash.dll [2007-09-11] (www.flashget.com)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2012-11-16] (Belarc, Inc.)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
Tcpip\Parameters: [DhcpNameServer] 89.101.160.5 89.101.160.4 208.67.220.220
Tcpip\..\Interfaces\{7210BF42-A7D8-4E28-944D-6E84271C09AA}: [DhcpNameServer] 89.101.160.5 89.101.160.4
Tcpip\..\Interfaces\{BEEB364D-5D2D-4D54-9AAE-79A252B560C3}: [DhcpNameServer] 89.19.64.36 89.19.64.164
Tcpip\..\Interfaces\{C562E8A7-8A04-47F0-A266-93CBB453F613}: [NameServer] 208.67.222.222
Tcpip\..\Interfaces\{C562E8A7-8A04-47F0-A266-93CBB453F613}: [DhcpNameServer] 89.101.160.5 89.101.160.4 208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-06-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-11] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin HKU\S-1-5-21-3757410904-3081483913-1924136660-1005: @tools.google.com/Google Update;version=3 -> C:\Users\rob_2\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3757410904-3081483913-1924136660-1005: @tools.google.com/Google Update;version=9 -> C:\Users\rob_2\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Extension: Logitech Device Detection - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\DeviceDetection@logitech.com [2012-09-11]
FF Extension: FEBE - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2015-08-08]
FF Extension: Memory Fox - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2015-08-06]
FF Extension: Disconnect - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\2.0@disconnect.me.xpi [2015-08-06]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-08-28]
FF Extension: Close Tabs to the Right - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\closetabstotheright@4kwh.net.xpi [2012-08-28]
FF Extension: Context Search X - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\contextsearch2@lwz.addons.mozilla.org.xpi [2012-08-28]
FF Extension: Duplicate in Tab Context Menu - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\DuplicateInTabContext@schuzak.jp.xpi [2012-08-28]
FF Extension: Facebook Disconnect - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\facebook@disconnect.me.xpi [2012-08-28]
FF Extension: FacebookBlocker - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\facebookBlocker@webgraph.com.xpi [2012-08-28]
FF Extension: Firebug - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\firebug@software.joehewitt.com.xpi [2012-08-28]
FF Extension: FoxReplace - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\fox@replace.fx.xpi [2012-08-28]
FF Extension: Hola Unblocker - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack.xpi [2013-07-16]
FF Extension: Reddit Enhancement Suite - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2012-08-24]
FF Extension: Modify Headers - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012-08-28]
FF Extension: Adblock Plus - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-27]
FF Extension: Download Statusbar - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012-08-28]
FF Extension: DownThemAll! - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-08-28]
FF Extension: Greasemonkey - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-10-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-06-30] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-04] (Dropbox, Inc.)
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-26] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8914 2013-05-16] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed]
S4 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2013-03-01] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [10752 2012-07-26] (Microsoft Corporation)
R2 sshd; C:\cygwin\bin\cygrunsrv.exe [129550 2012-04-25] () [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-11-01] (VMware, Inc.) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-26] (Microsoft Corporation)
S4 WACService; C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe [103272 2012-11-09] (Wondershare)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S5 3ware; C:\Windows\System32\drivers\3ware.sys [106736 2012-07-26] (LSI)
R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [425192 2012-09-20] (Microsoft Corporation)
R5 acpiex; C:\Windows\System32\Drivers\acpiex.sys [77040 2012-07-26] (Microsoft Corporation)
S5 adp94xx; C:\Windows\System32\drivers\adp94xx.sys [492272 2012-07-26] (Adaptec, Inc.)
S5 adpahci; C:\Windows\System32\drivers\adpahci.sys [340720 2012-07-26] (Adaptec, Inc.)
S5 adpu320; C:\Windows\System32\drivers\adpu320.sys [184048 2012-07-26] (Adaptec, Inc.)
S5 agp440; C:\Windows\System32\drivers\agp440.sys [63216 2012-07-26] (Microsoft Corporation)
S5 amdsata; C:\Windows\System32\drivers\amdsata.sys [76016 2012-07-26] (Advanced Micro Devices)
S5 amdsbs; C:\Windows\System32\drivers\amdsbs.sys [258288 2012-07-26] (AMD Technologies Inc.)
S5 amdxata; C:\Windows\System32\drivers\amdxata.sys [26352 2012-07-26] (Advanced Micro Devices)
S5 arc; C:\Windows\System32\drivers\arc.sys [104688 2012-07-26] (PMC-Sierra, Inc.)
S5 arcsas; C:\Windows\System32\drivers\arcsas.sys [108272 2012-07-26] (PMC-Sierra, Inc.)
S5 atapi; C:\Windows\System32\drivers\atapi.sys [25840 2012-07-26] (Microsoft Corporation)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.) [File not signed]
S5 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533224 2012-09-20] (Broadcom Corporation)
R5 CLFS; C:\Windows\System32\drivers\CLFS.sys [361200 2012-07-26] (Microsoft Corporation)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [562392 2012-10-11] (Microsoft Corporation)
R5 disk; C:\Windows\System32\drivers\disk.sys [102640 2012-07-26] (Microsoft Corporation)
S5 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
S5 EhStorClass; C:\Windows\System32\drivers\EhStorClass.sys [81136 2012-07-26] (Microsoft Corporation)
S5 EhStorTcgDrv; C:\Windows\System32\drivers\EhStorTcgDrv.sys [113904 2012-07-26] (Microsoft Corporation)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [71920 2012-07-26] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [374512 2012-07-26] (Microsoft Corporation)
R5 fltsrv; C:\Windows\System32\DRIVERS\fltsrv.sys [108832 2013-09-13] (Acronis International GmbH)
U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [25328 2012-07-26] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [465128 2012-09-20] (Microsoft Corporation)
S5 gagp30kx; C:\Windows\System32\drivers\gagp30kx.sys [66800 2012-07-26] (Microsoft Corporation)
S5 HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [64752 2012-07-26] (Hewlett-Packard Company)
S5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [24816 2012-07-26] (Microsoft Corporation)
R5 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [411888 2012-07-26] (Intel Corporation)
S5 iirsp; C:\Windows\System32\drivers\iirsp.sys [45296 2012-07-26] (Intel Corp./ICP vortex GmbH)
S5 intelide; C:\Windows\System32\drivers\intelide.sys [18672 2012-07-26] (Microsoft Corporation)
S5 isapnp; C:\Windows\System32\drivers\isapnp.sys [22256 2012-07-26] (Microsoft Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [100072 2012-09-20] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [172264 2012-10-11] (Microsoft Corporation)
S5 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [108784 2012-07-26] (LSI Corporation)
S5 LSI_SAS2; C:\Windows\System32\drivers\lsi_sas2.sys [92400 2012-07-26] (LSI Corporation)
S5 LSI_SCSI; C:\Windows\System32\drivers\lsi_scsi.sys [116976 2012-07-26] (LSI Corporation)
S5 LSI_SSS; C:\Windows\System32\drivers\lsi_sss.sys [81136 2012-07-26] (LSI Corporation)
S5 megasas; C:\Windows\System32\drivers\megasas.sys [51952 2012-07-26] (LSI Corporation)
S5 MegaSR; C:\Windows\System32\drivers\MegaSR.sys [353008 2012-07-26] (LSI Corporation, Inc.)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [93936 2012-07-26] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-26] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [17136 2012-07-26] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [83696 2012-07-26] (Microsoft Corporation)
S5 mvumis; C:\Windows\System32\drivers\mvumis.sys [64240 2012-07-26] (Marvell Semiconductor, Inc.)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [993512 2013-02-02] (Microsoft Corporation)
S5 nfrd960; C:\Windows\System32\drivers\nfrd960.sys [52464 2012-07-26] (IBM Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S5 nvraid; C:\Windows\System32\drivers\nvraid.sys [150256 2012-07-26] (NVIDIA Corporation)
S5 nvstor; C:\Windows\System32\drivers\nvstor.sys [168176 2012-07-26] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S5 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [125168 2012-07-26] (Microsoft Corporation)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [91880 2013-01-10] (Microsoft Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
R5 pci; C:\Windows\System32\drivers\pci.sys [234224 2012-07-26] (Microsoft Corporation)
S5 pciide; C:\Windows\System32\drivers\pciide.sys [14064 2012-07-26] (Microsoft Corporation)
S5 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [237808 2012-07-26] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [52464 2012-07-26] (Microsoft Corporation)
R5 pdc; C:\Windows\System32\drivers\pdc.sys [69864 2013-03-02] (Microsoft Corporation)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [217328 2012-07-26] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\RTL8192cu.sys [848384 2011-06-01] (Realtek Semiconductor Corporation                           )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )
S1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
S5 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [107760 2012-07-26] (Microsoft Corporation)
S5 SI3112r; C:\Windows\System32\drivers\SI3112r.sys [133160 2007-12-27] (Silicon Image, Inc)
R5 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22056 2007-12-27] (Silicon Image, Inc)
S5 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44784 2012-07-26] (Silicon Integrated Systems Corp.)
S5 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81648 2012-07-26] (Silicon Integrated Systems)
R5 snapman; C:\Windows\System32\DRIVERS\snapman.sys [233760 2013-09-13] (Acronis)
R5 spaceport; C:\Windows\System32\drivers\spaceport.sys [284416 2013-05-04] (Microsoft Corporation)
R5 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-11-29] (Duplex Secure Ltd.)
S5 stexstor; C:\Windows\System32\drivers\stexstor.sys [30960 2012-07-26] (Promise Technology, Inc.)
S5 storahci; C:\Windows\System32\drivers\storahci.sys [77544 2013-03-02] (Microsoft Corporation)
S5 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [45160 2012-07-26] (Microsoft Corporation)
S5 storvsc; C:\Windows\System32\drivers\storvsc.sys [37992 2012-07-26] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [2233600 2013-05-04] (Microsoft Corporation)
R5 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-09-13] (Acronis International GmbH)
R5 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-09-13] (Acronis)
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2010-11-21] (Microsoft Corporation) [File not signed]
S5 uagp35; C:\Windows\System32\drivers\uagp35.sys [65776 2012-07-26] (Microsoft Corporation)
S5 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [66800 2012-07-26] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-02-12] (Microsoft Corporation)
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36080 2012-07-26] (Microsoft Corporation)
S5 viaide; C:\Windows\System32\drivers\viaide.sys [19184 2012-07-26] (VIA Technologies, Inc.)
S5 vmbus; C:\Windows\System32\drivers\vmbus.sys [137832 2012-07-26] (Microsoft Corporation)
R5 vmci; C:\Windows\System32\drivers\vmci.sys [85104 2012-10-24] (VMware, Inc.)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [83184 2012-07-26] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [378608 2012-07-26] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [332016 2012-07-26] (Microsoft Corporation)
S5 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [164080 2012-07-26] (VIA Technologies Inc.,Ltd)
R5 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S5 VSTXRAID; C:\Windows\System32\drivers\vstxraid.sys [322800 2012-07-26] (VIA Corporation)
S5 Wd; C:\Windows\System32\drivers\wd.sys [23792 2012-07-26] (Microsoft Corporation)
S5 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35232 2013-01-29] (Microsoft Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785504 2013-01-10] (Microsoft Corporation)
R5 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [230904 2013-01-29] (Microsoft Corporation)
R5 WFPLWFS; C:\Windows\System32\DRIVERS\wfplwfs.sys [96496 2012-07-26] (Microsoft Corporation)
U3 a0ucifo0; C:\Windows\System32\Drivers\a0ucifo0.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 idsvc; no ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 23:54 - 2015-08-19 23:54 - 00035201 _____ C:\Users\rob_2\Desktop\FRST.txt
2015-08-19 23:12 - 2015-08-19 23:12 - 00000000 ____D C:\Users\rob_2\Desktop\FRST-OlderVersion
2015-08-19 23:08 - 2011-09-06 12:30 - 00045904 _____ (Sunbelt Software) C:\WINDOWS\system32\sbbd.exe
2015-08-19 23:08 - 2011-08-29 17:36 - 00055384 _____ (Sunbelt Software) C:\WINDOWS\system32\Drivers\sbredrv.sys
2015-08-19 23:06 - 2015-08-19 23:08 - 00000000 ____D C:\Program Files (x86)\VIPRE
2015-08-19 23:05 - 2015-08-19 23:05 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\VIPRE
2015-08-19 23:05 - 2015-08-19 23:05 - 00000000 ____D C:\Users\rob_2\AppData\Local\VIPRE
2015-08-19 22:30 - 2015-08-19 22:30 - 00000085 _____ C:\WINDOWS\wininit.ini
2015-08-19 22:11 - 2015-08-19 22:11 - 00000000 ____D C:\Users\rob_2\AppData\Local\Apps\2.0
2015-08-19 22:04 - 2015-08-19 22:04 - 00000263 _____ C:\Users\rob_2\Downloads\MUICacheView.cfg
2015-08-19 22:02 - 2010-01-05 16:06 - 00014339 _____ C:\Users\rob_2\Downloads\MUICacheView.chm
2015-08-19 22:02 - 2010-01-05 16:06 - 00005159 _____ C:\Users\rob_2\Downloads\readme.txt
2015-08-19 22:02 - 2010-01-05 15:49 - 00030208 _____ (NirSoft) C:\Users\rob_2\Downloads\MUICacheView.exe
2015-08-19 22:01 - 2015-08-19 22:01 - 00035729 _____ C:\Users\rob_2\Downloads\muicacheview.zip
2015-08-19 21:51 - 2015-08-19 21:51 - 629693372 _____ C:\Users\rob_2\Documents\19-08-2015.reg
2015-08-19 19:12 - 2015-08-19 19:12 - 01186640 _____ C:\Users\rob_2\Downloads\ProcessExplorer.zip
2015-08-19 19:12 - 2015-06-11 09:36 - 00072154 ____N C:\Users\rob_2\Downloads\procexp.chm
2015-08-19 19:12 - 2015-05-11 13:56 - 02508432 ____N (Sysinternals - www.sysinternals.com) C:\Users\rob_2\Downloads\procexp.exe
2015-08-19 19:12 - 2015-01-26 09:19 - 00002009 ____N C:\Users\rob_2\Downloads\Eula.txt
2015-08-19 18:21 - 2015-08-19 18:21 - 00034440 _____ C:\ComboFix.txt
2015-08-19 17:52 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-08-19 17:52 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-08-19 17:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-08-19 17:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-08-19 17:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-08-19 17:52 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-08-19 17:52 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-08-19 17:52 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-08-19 17:52 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-08-19 17:51 - 2015-08-19 18:21 - 00000000 ____D C:\Qoobox
2015-08-19 17:22 - 2015-08-19 17:22 - 00001085 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2015-08-19 17:22 - 2015-08-19 17:22 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\Curiolab
2015-08-19 17:22 - 2015-08-19 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2015-08-19 17:22 - 2015-08-19 17:22 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2015-08-19 17:13 - 2015-08-19 17:14 - 154834656 _____ (CURIOLAB S.M.B.A.) C:\Users\rob_2\Downloads\ExterminateItSetup.exe
2015-08-19 16:40 - 2015-08-19 23:54 - 00000000 ____D C:\FRST
2015-08-19 16:39 - 2015-08-19 23:12 - 02173952 _____ (Farbar) C:\Users\rob_2\Desktop\FRST64.exe
2015-08-19 16:36 - 2015-08-19 16:36 - 00000000 ____D C:\Users\rob_2\AppData\Local\Macromedia
2015-08-19 16:34 - 2015-08-19 16:34 - 00000000 ____D C:\Users\rob_2\AppData\Local\GoldenFrog
2015-08-19 16:34 - 2015-08-19 16:34 - 00000000 ____D C:\Users\rob_2\AppData\Local\Dropbox
2015-08-19 16:34 - 2015-08-19 16:34 - 00000000 ____D C:\Users\rob_2\AppData\Local\AirVideoServer
2015-08-19 16:18 - 2015-08-19 16:18 - 05635271 ____R (Swearware) C:\Users\rob_2\Desktop\ComboFix.exe
2015-08-19 16:16 - 2015-08-19 16:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\rob_2\Downloads\HijackThis.exe
2015-08-19 16:16 - 2015-08-19 16:16 - 00050688 _____ (Atribune.org) C:\Users\rob_2\Downloads\ATF-Cleaner.exe
2015-08-19 16:14 - 2015-08-19 16:14 - 00000000 ____D C:\Users\rob_2\Downloads\Malwarebytes Anti-Malware
2015-08-19 16:06 - 2015-08-19 16:06 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\rob_2\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-08-19 14:19 - 2015-07-20 09:39 - 00000572 _____ C:\Users\rob_2\Desktop\VIPREServiceFix.bat
2015-08-19 14:18 - 2015-08-19 14:18 - 00000464 _____ C:\Users\rob_2\Downloads\VIPREServiceFix.zip
2015-08-18 23:13 - 2010-04-12 20:12 - 00001698 _____ C:\bd.key.asc
2015-08-17 17:32 - 2015-08-17 17:32 - 00000000 ___RD C:\acroldr
2015-08-17 17:17 - 2015-08-17 17:17 - 00000000 ____D C:\$SysReset
2015-08-17 17:13 - 2015-08-19 22:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-17 17:13 - 2015-08-17 17:13 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\rob_2\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-17 17:13 - 2015-08-17 17:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-17 08:51 - 2015-08-17 08:53 - 1054867456 _____ C:\Users\rob_2\Downloads\ubuntu-14.04.3-desktop-amd64.iso
2015-08-17 07:41 - 2015-08-17 07:41 - 04831744 _____ (Geza Kovacs) C:\Users\rob_2\Downloads\unetbootin-windows-613.exe
2015-08-17 07:38 - 2015-08-17 07:38 - 00000340 _____ C:\WINDOWS\LkmdfCoInst.log
2015-08-16 22:56 - 2015-08-16 22:57 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\rob_2\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-16 22:52 - 2015-08-16 22:52 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\rob_2\Downloads\iExplore64.exe
2015-08-16 22:52 - 2015-08-16 22:52 - 00002316 _____ C:\Users\rob_2\Desktop\Rkill.txt
2015-08-16 22:52 - 2015-08-16 22:52 - 00000000 ____D C:\Users\rob_2\Desktop\rkill
2015-08-16 22:51 - 2015-08-16 22:52 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\rob_2\Downloads\iExplore.exe
2015-08-16 22:50 - 2015-08-16 22:50 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\rob_2\Downloads\tdsskiller.exe
2015-08-16 19:23 - 2012-07-26 06:26 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20150816-192304.backup
2015-08-16 17:03 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-08-16 16:54 - 2015-08-19 22:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-16 16:54 - 2015-08-16 16:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-08-16 16:53 - 2015-08-16 16:53 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\rob_2\Downloads\spybot-2.4.exe
2015-08-16 13:42 - 2015-08-16 13:42 - 06557296 _____ (ThreatTrack Security, Inc) C:\Users\rob_2\Downloads\setup-vipre-internet-security-en-us.exe
2015-08-15 18:51 - 2015-08-16 04:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-08-14 06:49 - 2015-08-14 06:49 - 00000000 ____D C:\Users\rob_2\Downloads\.Trash-1000
2015-08-14 01:42 - 2015-08-14 13:48 - 00000030 _____ C:\Users\rob_2\Desktop\Karen-DBag.txt
2015-08-13 12:03 - 2015-08-13 12:03 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-08-13 12:02 - 2015-08-13 12:03 - 00557672 _____ C:\WINDOWS\Minidump\081315-44195-01.dmp
2015-08-12 06:23 - 2015-08-12 06:23 - 00000218 _____ C:\Users\rob_2\AppData\Local\recently-used.xbel
2015-08-12 04:55 - 2015-08-19 23:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-12 04:55 - 2015-08-12 04:55 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-12 04:06 - 2015-08-12 04:07 - 00000000 ____D C:\Users\rob_2\Downloads\John Adams
2015-08-12 04:05 - 2015-08-12 06:23 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\deluge
2015-08-11 21:12 - 2015-08-11 21:12 - 13595245 _____ C:\Users\rob_2\Downloads\deluge-1.3.11-win32-setup.exe
2015-08-11 21:12 - 2015-08-11 21:12 - 00000983 _____ C:\Users\Public\Desktop\Deluge.lnk
2015-08-11 21:12 - 2015-08-11 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2015-08-11 21:12 - 2015-08-11 21:12 - 00000000 ____D C:\Program Files (x86)\Deluge
2015-08-11 21:07 - 2015-08-18 15:45 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\F8gcptKb
2015-08-11 19:59 - 2015-08-15 20:01 - 00000000 ____D C:\Users\rob_2\AppData\Local\NVIDIA Corporation
2015-08-11 19:59 - 2015-07-24 05:21 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-08-11 19:59 - 2015-07-24 05:21 - 01710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-08-11 19:59 - 2015-07-24 05:21 - 01423304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-08-11 19:59 - 2015-07-24 05:21 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-08-11 19:58 - 2015-08-11 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-11 19:58 - 2015-08-11 19:58 - 00002137 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-08-11 19:57 - 2015-07-23 01:46 - 00572232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-08-11 19:54 - 2015-07-25 00:28 - 00204648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-08-11 19:54 - 2015-07-25 00:28 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 42730128 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 30487880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 22950544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 16151688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 15892200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 14503880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 13268712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 11836680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 11055248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-08-11 19:54 - 2015-07-23 05:06 - 03407144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 03008880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 02933576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 02600592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 01898128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435362.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435362.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 01101856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 01061008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 01053000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00983368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00976528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00940104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00503592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00407296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00155280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-08-11 19:54 - 2015-07-03 05:28 - 00069992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-08-11 19:54 - 2015-07-03 05:28 - 00065896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-08-11 19:54 - 2015-07-03 05:28 - 00047976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-08-11 19:51 - 2015-08-11 19:52 - 292456168 _____ (NVIDIA Corporation) C:\Users\rob_2\Downloads\353.62-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-08-11 19:46 - 2015-08-11 19:45 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-08-11 19:45 - 2015-08-11 19:45 - 00563296 _____ (Oracle Corporation) C:\Users\rob_2\Downloads\chromeinstall-8u51.exe
2015-08-11 19:45 - 2015-08-11 19:45 - 00000000 ____D C:\ProgramData\Oracle
2015-08-11 19:45 - 2015-08-11 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-11 14:16 - 2015-08-11 14:16 - 00000528 _____ C:\Users\rob_2\Documents\spacing.txt
2015-08-11 12:39 - 2012-12-16 01:43 - 00333496 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkstsC211LM.dll
2015-08-11 12:39 - 2012-12-16 01:43 - 00272056 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkcoiC211.dll
2015-08-11 12:39 - 2012-12-16 00:36 - 02878648 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkinsC211.exe
2015-08-11 12:00 - 2015-08-15 11:22 - 00000309 _____ C:\Users\rob_2\Desktop\New Text Document.txt
2015-08-08 20:25 - 2015-08-08 20:25 - 00000000 ____D C:\Program Files\Wireshark
2015-08-08 07:13 - 2015-08-08 07:13 - 00000009 _____ C:\Users\rob_2\Documents\Quote_1.txt
2015-08-07 17:02 - 2015-08-07 17:48 - 13824241 _____ C:\Users\rob_2\Downloads\eofs.zip
2015-08-07 16:07 - 2015-08-19 14:07 - 00000000 ___RD C:\Users\rob_2\Dropbox
2015-08-07 16:04 - 2015-08-07 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-07 15:01 - 2015-08-07 15:01 - 05848832 _____ (Mozilla) C:\Users\rob_2\Downloads\Firefox Setup 2.0.0.20.exe
2015-08-07 15:01 - 2015-08-07 15:01 - 00000186 _____ C:\Users\rob_2\Downloads\Firefox Setup 2.0.0.20.exe.asc
2015-08-07 14:58 - 2015-08-07 14:58 - 06243296 _____ (Tim Kosse) C:\Users\rob_2\Downloads\FileZilla_3.12.0.2_win32-setup.exe
2015-08-07 14:51 - 2015-08-07 14:51 - 00242728 _____ C:\Users\rob_2\Downloads\Firefox Setup Stub 39.0.3.exe
2015-08-07 04:10 - 2015-08-11 19:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-07 00:42 - 2015-08-07 00:42 - 00392734 _____ C:\Users\rob_2\Downloads\Fusion364.zip
2015-08-07 00:42 - 2015-08-07 00:42 - 00000000 ____D C:\Users\rob_2\Downloads\Fusion364
2015-08-06 22:35 - 2013-06-04 23:09 - 00693112 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-06 22:35 - 2013-06-04 23:09 - 00078200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-06 21:11 - 2015-08-15 07:25 - 00469312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-06 20:58 - 2015-08-19 22:52 - 00043166 _____ C:\WINDOWS\PFRO.log
2015-08-06 10:38 - 2015-08-15 09:10 - 00000000 ____D C:\Users\rob_2\Documents\UPC_Bill_06-08-2015_files
2015-08-06 10:38 - 2015-08-06 10:38 - 00041127 _____ C:\Users\rob_2\Documents\UPC_Bill_06-08-2015.htm
2015-08-06 07:37 - 2015-08-06 07:37 - 00242720 _____ C:\Users\rob_2\Downloads\Firefox Setup Stub 39.0.exe
2015-08-05 20:20 - 2015-08-05 20:20 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\Quest3D
2015-08-05 20:16 - 2015-08-11 20:54 - 00000000 ____D C:\Users\rob_2\Documents\Project Aura
2015-08-05 20:01 - 2015-08-05 20:01 - 00000000 ____D C:\Users\rob_2\.bitrock
2015-08-05 19:59 - 2015-08-05 19:59 - 00000000 ____D C:\Users\rob_2\AppData\Local\Universe Sandbox
2015-08-05 19:59 - 2015-08-05 19:59 - 00000000 ____D C:\Users\rob_2\AppData\Local\Skyrim
2015-08-05 19:58 - 2015-08-05 19:58 - 00000000 ____D C:\Users\rob_2\AppData\Local\Paradox Interactive
2015-08-05 19:38 - 2015-08-05 19:38 - 00000000 ____D C:\Users\rob_2\AppData\Local\Steam
2015-08-05 18:50 - 2015-08-05 19:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-05 18:40 - 2015-08-05 18:40 - 00597304 _____ C:\Users\rob_2\Downloads\flux-setup.exe
2015-08-05 18:40 - 2015-08-05 18:40 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-08-05 14:37 - 2015-08-05 14:37 - 00000000 ____D C:\Program Files\VideoLAN
2015-08-05 14:36 - 2015-08-05 14:36 - 29833438 _____ C:\Users\rob_2\Downloads\vlc-2.2.1-win64.exe
2015-08-05 13:56 - 2015-08-13 16:17 - 00000000 ____D C:\Users\rob_2\Downloads\Usenet
2015-08-05 13:53 - 2015-08-19 17:28 - 00000000 ____D C:\Users\rob_2\Downloads\SickBeard-win32-alpha-build503
2015-08-05 13:35 - 2015-08-05 13:35 - 00000000 ____D C:\Users\rob_2 - Copy\.zenmap
2015-08-05 13:35 - 2015-08-05 13:35 - 00000000 ____D C:\Users\rob_2 - Copy\.thumbnails
2015-08-05 13:35 - 2015-08-05 13:35 - 00000000 ____D C:\Users\rob_2 - Copy\.ssh
2015-08-05 13:35 - 2015-08-05 13:35 - 00000000 ____D C:\Users\rob_2 - Copy\.ResophNotes
2015-08-05 13:35 - 2015-08-05 13:35 - 00000000 ____D C:\Users\rob_2 - Copy\.gimp-2.8
2015-08-05 13:34 - 2015-08-05 13:35 - 00000000 ____D C:\Users\rob_2 - Copy
2015-08-05 13:34 - 2015-08-05 13:34 - 00000000 ____D C:\Users\rob_2 - Copy\.eclipse
2015-08-05 13:34 - 2015-08-05 13:34 - 00000000 ____D C:\Users\rob_2 - Copy\.android
2015-08-05 13:34 - 2015-08-05 12:58 - 04145152 _____ C:\Users\rob_2\sickbeard.db
2015-08-05 13:34 - 2015-08-05 12:58 - 04145152 _____ C:\Users\rob_2 - Copy\sickbeard.db
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2\sickbeard.db.v18
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2\sickbeard.db.v17
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2\sickbeard.db.v16
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2\sickbeard.db.v15
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2 - Copy\sickbeard.db.v18
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2 - Copy\sickbeard.db.v17
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2 - Copy\sickbeard.db.v16
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2 - Copy\sickbeard.db.v15
2015-08-05 13:34 - 2013-05-04 14:14 - 00000005 _____ C:\Users\rob_2 - Copy\Untitled1
2015-08-05 13:34 - 2012-11-25 06:33 - 00000020 ___SH C:\Users\rob_2 - Copy\ntuser.ini
2015-08-05 13:22 - 2015-08-05 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite
2015-08-05 13:22 - 2015-08-05 13:22 - 00000000 ____D C:\Program Files\SqliteBrowser3
2015-08-05 13:21 - 2015-08-05 13:22 - 21500548 _____ C:\Users\rob_2\Downloads\sqlitebrowser-3.7.0-win64.exe
2015-08-05 12:48 - 2015-08-05 12:48 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\deb27c1a-00e6-4263-94b2-8b78ea4d32ae
2015-08-05 12:47 - 2015-08-05 12:47 - 00000000 ____D C:\Users\rob\AppData\Roaming\VIPRE
2015-08-05 12:47 - 2015-08-05 12:47 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\VIPRE
2015-08-05 12:47 - 2015-08-05 12:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\VIPRE
2015-08-05 12:47 - 2015-08-05 12:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\VIPRE
2015-08-05 12:47 - 2015-08-05 12:47 - 00000000 ____D C:\Users\cyg_server\AppData\Roaming\VIPRE
2015-08-05 12:47 - 2015-08-05 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIPRE
2015-08-05 12:47 - 2015-08-05 12:47 - 00000000 ____D C:\ProgramData\GFI
2015-08-04 17:02 - 2015-08-15 20:01 - 00000000 ____D C:\Users\rob_2\AppData\Local\NVIDIA
2015-08-04 16:19 - 2015-08-04 16:19 - 00000000 ____D C:\Users\cyg_server\AppData\Roaming\TeamViewer
2015-08-04 15:43 - 2015-08-19 23:48 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-08-04 15:43 - 2015-08-19 23:01 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-08-04 15:43 - 2015-08-07 16:04 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-08-04 15:43 - 2015-08-04 15:43 - 00003888 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2015-08-04 15:43 - 2015-08-04 15:43 - 00003652 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2015-08-04 15:37 - 2015-08-04 15:37 - 00660960 _____ (Dropbox, Inc.) C:\Users\rob_2\Downloads\DropboxInstaller.exe
2015-08-04 15:25 - 2015-08-04 15:25 - 10679851 _____ C:\Users\rob_2\Downloads\SickBeard-win32-alpha-build503.zip
2015-08-04 15:22 - 2015-02-18 08:39 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-08-04 15:22 - 2015-02-18 08:38 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2015-08-04 15:09 - 2015-08-04 15:09 - 00000000 ____D C:\Users\rob_2\Downloads\Cheetah-2.4.4.tar
2015-08-04 15:00 - 2015-08-04 15:00 - 00190989 _____ C:\Users\rob_2\Downloads\Cheetah-2.4.4.tar.gz
2015-08-04 14:51 - 2015-08-04 14:51 - 00000000 ____D C:\Users\rob_2\AppData\Local\sabnzbd
2015-08-04 14:48 - 2015-08-04 14:48 - 00000995 _____ C:\Users\rob_2\Desktop\SABnzbd.lnk
2015-08-04 14:48 - 2015-08-04 14:48 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SABnzbd
2015-08-04 14:48 - 2015-08-04 14:48 - 00000000 ____D C:\Program Files (x86)\SABnzbd
2015-08-04 14:47 - 2015-08-04 14:47 - 10926924 _____ C:\Users\rob_2\Downloads\SABnzbd-0.7.20-win32-setup.exe
2015-08-04 14:46 - 2015-08-04 15:18 - 00000000 ____D C:\Users\rob_2\Downloads\SickBeard
2015-08-04 14:41 - 2015-08-04 14:41 - 00000000 ____D C:\ProgramData\Dropbox
2015-08-04 14:40 - 2015-08-19 22:04 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-04 14:40 - 2015-08-19 22:04 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-04 14:40 - 2015-08-19 22:04 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-04 14:40 - 2015-08-19 22:04 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-04 14:40 - 2015-08-12 16:05 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-04 14:40 - 2015-08-12 16:05 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-08-04 14:40 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-08-04 11:06 - 2015-08-16 17:03 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-04 11:06 - 2015-08-10 19:00 - 00002966 _____ C:\WINDOWS\System32\Tasks\VIPRE Upgrade Task
2015-08-04 11:06 - 2015-08-05 12:48 - 00000000 ____D C:\ProgramData\VIPRE
2015-08-04 10:33 - 2015-08-17 08:42 - 00001785 _____ C:\WINDOWS\setupact.log
2015-08-04 10:33 - 2015-08-04 10:33 - 00000000 _____ C:\WINDOWS\setuperr.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 23:21 - 2013-02-04 00:43 - 01853524 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-19 23:18 - 2012-06-12 09:09 - 00000000 ____D C:\ProgramData\TEMP
2015-08-19 23:07 - 2012-07-26 08:28 - 00982850 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-19 23:02 - 2012-10-15 18:30 - 00000000 ____D C:\jexepackres
2015-08-19 23:00 - 2012-09-18 21:15 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-19 23:00 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-19 23:00 - 2012-06-12 09:07 - 00000000 ____D C:\ProgramData\VMware
2015-08-19 22:12 - 2012-11-25 06:42 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3757410904-3081483913-1924136660-1005
2015-08-19 22:04 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-19 22:03 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-19 22:00 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-19 19:14 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-19 18:21 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default
2015-08-19 18:21 - 2009-07-14 04:20 - 00000000 ____D C:\Users\Default.migrated
2015-08-19 18:15 - 2012-08-19 18:25 - 00000000 ____D C:\WINDOWS\ERDNT
2015-08-19 18:03 - 2012-07-26 06:26 - 00000215 _____ C:\WINDOWS\system.ini
2015-08-19 16:07 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-19 14:08 - 2013-08-15 23:01 - 00000000 ____D C:\Program Files (x86)\VyprVPN
2015-08-17 17:28 - 2012-09-20 21:34 - 00142336 ___SH C:\Users\rob_2\Downloads\Thumbs.db
2015-08-17 07:38 - 2012-11-25 06:07 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-08-16 19:14 - 2012-06-30 06:35 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\vlc
2015-08-16 16:46 - 2012-06-29 22:04 - 00000000 ____D C:\Temp
2015-08-16 04:35 - 2012-06-12 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-16 03:43 - 2012-06-12 09:02 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-15 21:05 - 2012-10-18 14:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-15 20:09 - 2012-11-25 06:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-14 15:57 - 2012-10-02 20:23 - 00000000 ____D C:\Users\rob_2\Downloads\imgdl
2015-08-13 18:43 - 2012-09-15 19:43 - 00002240 ____H C:\Users\rob_2\Documents\Default.rdp
2015-08-13 12:04 - 2013-03-05 00:40 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-08-13 12:02 - 2012-12-11 23:44 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-13 12:01 - 2013-09-14 20:11 - 842302501 _____ C:\WINDOWS\MEMORY.DMP
2015-08-13 12:01 - 2012-08-28 19:23 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2015-08-13 07:48 - 2012-06-12 09:01 - 00000000 ____D C:\Program Files\PeerBlock
2015-08-12 06:10 - 2012-11-04 03:05 - 00000000 ____D C:\WINDOWS\Patches
2015-08-12 04:01 - 2012-08-28 11:12 - 00000000 ____D C:\Users\rob_2\AppData\Local\Thunderbird
2015-08-11 19:59 - 2012-11-25 06:08 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-11 19:59 - 2012-11-25 06:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-08-11 19:45 - 2012-06-30 08:07 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-11 19:43 - 2012-08-28 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-08-11 14:01 - 2013-07-12 09:04 - 00000000 ____D C:\Users\rob_2\Documents\Spam
2015-08-11 10:53 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-08 20:25 - 2013-08-07 20:04 - 00001595 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-08-08 20:24 - 2012-06-12 09:16 - 00001137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-08-08 14:24 - 2013-02-18 23:55 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-07 16:07 - 2012-11-25 06:10 - 00000000 ____D C:\Users\rob_2
2015-08-07 15:01 - 2012-08-28 19:23 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\FileZilla
2015-08-07 14:37 - 2013-02-13 21:28 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\VMware
2015-08-07 14:37 - 2013-02-13 21:28 - 00000000 ____D C:\Users\rob_2\AppData\Local\VMware
2015-08-06 22:05 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\rescache
2015-08-06 22:04 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-08-06 22:04 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-08-06 22:03 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ToastData
2015-08-06 22:03 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\WinStore
2015-08-06 22:03 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-08-06 22:03 - 2012-07-26 06:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-06 22:02 - 2012-07-26 10:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-08-06 22:01 - 2012-07-26 09:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-06 22:00 - 2012-07-26 09:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-06 22:00 - 2012-07-26 09:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-06 22:00 - 2012-07-26 09:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-06 22:00 - 2012-07-26 09:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-06 22:00 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-06 22:00 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-06 21:59 - 2012-07-26 06:38 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-08-06 20:58 - 2013-03-14 03:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-06 20:58 - 2013-03-14 03:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-06 15:50 - 2012-06-30 06:35 - 00000000 ____D C:\Users\rob_2\AppData\Local\Mozilla
2015-08-06 07:38 - 2012-06-12 08:58 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-05 19:59 - 2012-06-30 06:51 - 00000000 ____D C:\Users\rob_2\AppData\Local\Origin
2015-08-05 19:26 - 2012-09-17 13:10 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-05 18:41 - 2013-03-14 03:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-05 14:37 - 2013-08-20 01:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-08-05 13:44 - 2012-08-19 17:48 - 00000000 ____D C:\Users\rob\Downloads\Usenet
2015-08-05 13:04 - 2012-06-30 06:45 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-05 12:47 - 2012-08-19 17:45 - 00000000 ____D C:\Users\rob\AppData\Roaming\GFI Software
2015-08-05 12:47 - 2012-08-02 04:57 - 00000000 ____D C:\Users\cyg_server\AppData\Roaming\GFI Software
2015-08-04 17:51 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-08-04 17:03 - 2012-10-13 11:42 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\Dropbox
2015-08-04 15:02 - 2012-06-30 06:45 - 00003860 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3757410904-3081483913-1924136660-1005UA
2015-08-04 14:36 - 2012-10-13 11:46 - 00000000 ___RD C:\Users\rob_2\Dropbox (Old)
2015-07-25 00:28 - 2015-02-20 01:18 - 01567576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-07-23 05:06 - 2015-02-20 01:18 - 17615408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-07-23 05:06 - 2015-02-20 01:18 - 15129192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-07-23 05:06 - 2015-02-20 01:18 - 12876336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-07-23 05:06 - 2012-10-11 15:15 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-07-23 02:31 - 2012-11-25 06:08 - 06873744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-07-23 02:31 - 2012-11-25 06:08 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-07-23 02:31 - 2012-11-25 06:08 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-07-23 02:31 - 2012-11-25 06:08 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-07-23 02:31 - 2012-11-25 06:08 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-07-23 02:31 - 2012-11-25 06:08 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-07-20 15:16 - 2012-11-25 06:08 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin

==================== Files in the root of some directories =======

2012-09-21 17:05 - 2013-08-27 20:23 - 0000600 _____ () C:\Users\rob_2\AppData\Local\PUTTY.RND
2015-08-12 06:23 - 2015-08-12 06:23 - 0000218 _____ () C:\Users\rob_2\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\rob_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf6pbqg.dll
C:\Users\rob_2\AppData\Local\Temp\procexp64.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-19 19:34

==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 21 August 2015 - 12:16 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(ThreatTrack Security, Inc) C:\Users\rob_2\Downloads\setup-vipre-internet-security-en-us.exe
GroupPolicyScripts: Group Policy detected <======= ATTENTION
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3757410904-3081483913-1924136660-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} ->  No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
FF Plugin HKU\S-1-5-21-3757410904-3081483913-1924136660-1005: @tools.google.com/Google Update;version=3 -> C:\Users\rob_2\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3757410904-3081483913-1924136660-1005: @tools.google.com/Google Update;version=9 -> C:\Users\rob_2\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
U3 a0ucifo0; C:\Windows\System32\Drivers\a0ucifo0.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 idsvc; no ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
C:\ProgramData\Microsoft.com
C:\Windows\System32\Drivers\a0ucifo0.sys
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:24051EFF
AlternateDataStreams: C:\ProgramData\TEMP:27D40D6F

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 puddingmomentum

puddingmomentum
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 21 August 2015 - 12:53 PM

Hi nasdaq,

     Thanks so much for replying to me. I ran FRST just like you said. Below is the contents of the fixlist.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by Rob (2015-08-21 18:42:38) Run:1
Running from C:\Users\rob_2\Desktop
Loaded Profiles: Rob & cyg_server (Available Profiles: Rob & cyg_server & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(ThreatTrack Security, Inc) C:\Users\rob_2\Downloads\setup-vipre-internet-security-en-us.exe
GroupPolicyScripts: Group Policy detected <======= ATTENTION
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3757410904-3081483913-1924136660-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} ->  No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
FF Plugin HKU\S-1-5-21-3757410904-3081483913-1924136660-1005: @tools.google.com/Google Update;version=3 -> C:\Users\rob_2\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3757410904-3081483913-1924136660-1005: @tools.google.com/Google Update;version=9 -> C:\Users\rob_2\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
U3 a0ucifo0; C:\Windows\System32\Drivers\a0ucifo0.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 idsvc; no ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
C:\ProgramData\Microsoft.com
C:\Windows\System32\Drivers\a0ucifo0.sys
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:24051EFF
AlternateDataStreams: C:\ProgramData\TEMP:27D40D6F

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\rob_2\Downloads\setup-vipre-internet-security-en-us.exe => No running process found
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3757410904-3081483913-1924136660-1005\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value removed successfully
"HKCR\Wow6432Node\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA}" => key removed successfully
"HKCR\PROTOCOLS\Handler\vipresg" => key removed successfully
HKCR\CLSID\{47BE2E5B-703B-444F-ABD3-05717D2191C6} => key not found.
"HKU\S-1-5-21-3757410904-3081483913-1924136660-1005\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Users\rob_2\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll not found.
"HKU\S-1-5-21-3757410904-3081483913-1924136660-1005\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Users\rob_2\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll not found.
a0ucifo0 => service not found.
catchme => service removed successfully
idsvc => service removed successfully
MBAMSwissArmy => service removed successfully
"C:\ProgramData\Microsoft.com" => File/Folder not found.
"C:\Windows\System32\Drivers\a0ucifo0.sys" => File/Folder not found.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
C:\ProgramData\TEMP => ":24051EFF" ADS removed successfully.
C:\ProgramData\TEMP => ":27D40D6F" ADS removed successfully.
EmptyTemp: => 4.8 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 18:43:43 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 22 August 2015 - 07:16 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 puddingmomentum

puddingmomentum
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 26 August 2015 - 11:50 AM

Hi nasdaq,

Vipre still won't install properly. I had to put a free version of Kaspersky on the machine. Should I include another FRST scan? I may to find an old backup instead?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 27 August 2015 - 06:43 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • When instructed Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report"
  • Click on Export TXT button save the file as RogueReport.txt
  • The file RogueReport.txt will be saved in the desktop.
  • Close the program.
  • Open the file with Notepad and Copy/paste the content into your next reply.
<<<>>>

Then this is done please run the Farbar tool and post a fresh FRST log also.

#7 puddingmomentum

puddingmomentum
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 28 August 2015 - 09:53 AM

Hi, thanks for your reply. Below is the RogueReport text:

 

RogueKiller V10.10.2.0 [Aug 24 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200) 64 bits version
Started in : Normal mode
User : Rob [Administrator]
Started from : C:\Users\rob_2\Desktop\RogueKiller.exe
Mode : Scan -- Date : 08/28/2015 15:07:43

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 89.101.160.5 89.101.160.4 208.67.220.220 ([IRELAND (IE)][-][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 89.101.160.5 89.101.160.4 208.67.220.220 ([IRELAND (IE)][-][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7210BF42-A7D8-4E28-944D-6E84271C09AA} | DhcpNameServer : 89.101.160.5 89.101.160.4 ([IRELAND (IE)][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEEB364D-5D2D-4D54-9AAE-79A252B560C3} | DhcpNameServer : 89.19.64.36 89.19.64.164 ([IRELAND (IE)][IRELAND (IE)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C562E8A7-8A04-47F0-A266-93CBB453F613} | DhcpNameServer : 89.101.160.5 89.101.160.4 208.67.220.220 ([IRELAND (IE)][-][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7210BF42-A7D8-4E28-944D-6E84271C09AA} | DhcpNameServer : 89.101.160.5 89.101.160.4 ([IRELAND (IE)][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BEEB364D-5D2D-4D54-9AAE-79A252B560C3} | DhcpNameServer : 89.19.64.36 89.19.64.164 ([IRELAND (IE)][IRELAND (IE)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C562E8A7-8A04-47F0-A266-93CBB453F613} | DhcpNameServer : 89.101.160.5 89.101.160.4 208.67.220.220 ([IRELAND (IE)][-][-])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 35 ¤¤¤
[Suspicious.Path|Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\AppData\Local\Temp\Downloads\SBVIPRE_FW_EN.5.0.5074.exe -> Found
[Suspicious.Path][File] C:\Users\rob_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk [LNK@] C:\Users\rob_2\AppData\Roaming\Microsoft\Windows\Libraries -> Found
[Suspicious.Path][File] C:\Users\rob_2\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk [LNK@] C:\Users\rob_2\Dropbox -> Found
[Suspicious.Path][File] C:\Users\rob_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk [LNK@] C:\Users\rob_2\AppData\Roaming\Microsoft\Windows\Libraries -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Documents\Altova\Authentic2013\AuthenticExamples\API\Java\buildAndRun.bat -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Documents\Visual Studio 2012\Projects\CompressedString\CompressedString\bin\Debug\CompressedString.exe -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Documents\Visual Studio 2012\Projects\CompressedString\CompressedString\bin\x64\Debug\CompressedString.exe -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Documents\Visual Studio 2012\Projects\TestApp\TestApp\bin\Debug\TestApp.exe -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\CAMed_v3.0_windows_installer.exe -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\ChromeSetup.exe -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\DropboxInstaller.exe -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\ExterminateItSetup.exe -> Found
[Suspicious.Path][File] C:\Users\rob_2\Downloads\imported\Downloads - Shortcut.lnk [LNK@] C:\Users\rob_2\Downloads -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\installers\Download Europa Universalis 3 Complete.exe -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\installers\Download Europa Universalis 3 Divine Wind.exe -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\installers\Download Europa Universalis 3- Heir to the Throne.exe -> Found
[Suspicious.Startup|VT.PUP.Optional.OpenCandy][File] C:\Users\rob_2\Downloads\installers\epm.exe -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\installers\residualvm-win32.exe -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\installers\stylus-studio-enterprise-15r1.exe -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\kingmaker\A.BAT -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\kingmaker\C.BAT -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\kingmaker\MAKEBOOT.BAT -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\kingmaker\readme.bat -> Found
[Suspicious.Startup|VT.not-a-virus:PSWTool.Win32.NetPass.ox][File] C:\Users\rob_2\Downloads\MUICacheView.exe -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\StarMade\StarMade-dedicated-server-windows.bat -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\Warlords III - Darklords Rising - Compatibility\wl3dr_compatibility uninstall.bat -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Downloads\Warlords III - Darklords Rising - Compatibility\wl3dr_compatibility.bat -> Found
[Suspicious.Path][File] C:\Users\rob_2\Dropbox\Wedding Pics\Brian\Desktop.lnk [LNK@] C:\Users\rob_2\Desktop -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Dropbox (Old)\.dropbox.cache\dropbox-upgrade-3.8.5-1.exe -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Dropbox (Old)\.dropbox.cache\dropbox-upgrade-3.8.5-2.exe -> Found
[Suspicious.Startup|VT.Unknown][File] C:\Users\rob_2\Dropbox (Old)\.dropbox.cache\dropbox-upgrade-3.8.5.exe -> Found
[Suspicious.Path][File] C:\Users\rob_2\Dropbox (Old)\Wedding Pics\Brian\Desktop.lnk [LNK@] C:\Users\rob_2\Desktop -> Found
[Suspicious.Path][File] C:\Users\rob_2\Links\Desktop.lnk [LNK@] C:\Users\rob_2\Desktop -> Found
[Suspicious.Path][File] C:\Users\rob_2\Links\Downloads.lnk [LNK@] C:\Users\rob_2\Downloads -> Found
[Suspicious.Path][File] C:\Users\rob_2\Links\Dropbox.lnk [LNK@] C:\Users\rob_2\Dropbox -> Found

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\Drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ARRAY0 +++++
--- User ---
[MBR] 82101958583debc9fe885002b0f057ef
[BSP] 5820b976f0eae653b650c831b870e990 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907632 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([57] The parameter is incorrect. )

+++++ PhysicalDrive1: ST2000DL003-9VT166 +++++
--- User ---
[MBR] f4c3e3df1d7f17ff32a6802c620061e0
[BSP] 767dc59a0001019b4e8d1c58d6e90608 : Linux|VT.Unknown MBR Code
Partition table:
0 -  | Offset (sectors): 34 | Size: 1526049 MB
1 -  | Offset (sectors): 3125349360 | Size: 381677 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 

 

 

 

 

 

 

FRST log follows:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-08-2015 02
Ran by Rob (administrator) on ROB-PC (28-08-2015 15:16:43)
Running from C:\Users\rob_2\Desktop
Loaded Profiles: Rob & cyg_server (Available Profiles: Rob & cyg_server & DefaultAppPool)
Platform: Windows 8 Pro with Media Center (X64) Language: English (United Kingdom)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Sunbelt Software) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Sunbelt Software) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\cygwin\bin\cygrunsrv.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\cygwin\usr\sbin\sshd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avpui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\SABnzbd\SABnzbd.exe
(GoldenFrog) C:\Program Files (x86)\VyprVPN\VyprVPN.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() C:\Users\rob_2\Desktop\RogueKiller.exe
(Flux Software LLC) C:\Users\rob_2\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [1044992 2012-02-26] (FileZilla Project)
HKLM-x32\...\Run: [Flashget] => C:\Program Files (x86)\FlashGet\FlashGet.exe [2007088 2007-09-25] (FlashGet.com)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6365920 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1691136 2012-05-31] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3757410904-3081483913-1924136660-1005\...\Run: [AirVideoServer] => C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
HKU\S-1-5-21-3757410904-3081483913-1924136660-1005\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
HKU\S-1-5-21-3757410904-3081483913-1924136660-1005\...\Run: [f.lux] => C:\Users\rob_2\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3757410904-3081483913-1924136660-1007\...\Run: [Google Update] => "C:\Users\rob_2\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3757410904-3081483913-1924136660-1007\...\Run: [AirVideoServer] => C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2013-01-04]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)
Startup: C:\Users\rob_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2015-08-04]
ShortcutTarget: SABnzbd.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
Startup: C:\Users\rob_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VyprVPN.lnk [2013-08-15]
ShortcutTarget: VyprVPN.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-03-27] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-03-27] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-03-27] (Acronis)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3757410904-3081483913-1924136660-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3757410904-3081483913-1924136660-1007\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ie.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3757410904-3081483913-1924136660-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: FGCatchUrl -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files (x86)\FlashGet\jccatch.dll [2007-09-11] (www.flashget.com)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-23] (Oracle Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-23] (Oracle Corporation)
BHO-x32: FlashGet GetFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files (x86)\FlashGet\getflash.dll [2007-09-11] (www.flashget.com)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2012-11-16] (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 89.101.160.5 89.101.160.4 208.67.220.220
Tcpip\..\Interfaces\{7210BF42-A7D8-4E28-944D-6E84271C09AA}: [DhcpNameServer] 89.101.160.5 89.101.160.4
Tcpip\..\Interfaces\{BEEB364D-5D2D-4D54-9AAE-79A252B560C3}: [DhcpNameServer] 89.19.64.36 89.19.64.164
Tcpip\..\Interfaces\{C562E8A7-8A04-47F0-A266-93CBB453F613}: [NameServer] 208.67.222.222
Tcpip\..\Interfaces\{C562E8A7-8A04-47F0-A266-93CBB453F613}: [DhcpNameServer] 89.101.160.5 89.101.160.4 208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-06-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-23] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-23] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-23] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF user.js: detected! => C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\user.js [2015-08-23]
FF Extension: Logitech Device Detection - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\DeviceDetection@logitech.com [2012-09-11]
FF Extension: FEBE - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2015-08-08]
FF Extension: Memory Fox - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2015-08-06]
FF Extension: Disconnect - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\2.0@disconnect.me.xpi [2015-08-06]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-08-28]
FF Extension: Close Tabs to the Right - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\closetabstotheright@4kwh.net.xpi [2012-08-28]
FF Extension: Context Search X - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\contextsearch2@lwz.addons.mozilla.org.xpi [2012-08-28]
FF Extension: Duplicate in Tab Context Menu - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\DuplicateInTabContext@schuzak.jp.xpi [2012-08-28]
FF Extension: Facebook Disconnect - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\facebook@disconnect.me.xpi [2012-08-28]
FF Extension: FacebookBlocker - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\facebookBlocker@webgraph.com.xpi [2012-08-28]
FF Extension: Firebug - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\firebug@software.joehewitt.com.xpi [2012-08-28]
FF Extension: FoxReplace - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\fox@replace.fx.xpi [2012-08-28]
FF Extension: Hola Unblocker - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack.xpi [2013-07-16]
FF Extension: Reddit Enhancement Suite - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2012-08-24]
FF Extension: Modify Headers - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012-08-28]
FF Extension: Adblock Plus - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-27]
FF Extension: Download Statusbar - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012-08-28]
FF Extension: DownThemAll! - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-08-28]
FF Extension: Greasemonkey - C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-10-01]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-23]

Chrome:
=======
CHR Profile: C:\Users\rob_2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\rob_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-20]
CHR Extension: (Google Docs) - C:\Users\rob_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-20]
CHR Extension: (Google Drive) - C:\Users\rob_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-20]
CHR Extension: (YouTube) - C:\Users\rob_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-20]
CHR Extension: (Google Search) - C:\Users\rob_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-20]
CHR Extension: (Google Sheets) - C:\Users\rob_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\rob_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rob_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-20]
CHR Extension: (Gmail) - C:\Users\rob_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-20]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [194000 2015-06-27] (Kaspersky Lab ZAO)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-06-30] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-04] (Dropbox, Inc.)
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-26] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8914 2013-05-16] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed]
S4 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2013-03-01] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [2804280 2011-09-06] (Sunbelt Software)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [181584 2011-09-06] (Sunbelt Software)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [10752 2012-07-26] (Microsoft Corporation)
R2 sshd; C:\cygwin\bin\cygrunsrv.exe [129550 2012-04-25] () [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-11-01] (VMware, Inc.) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-26] (Microsoft Corporation)
S4 WACService; C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe [103272 2012-11-09] (Wondershare)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.) [File not signed]
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-27] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-06-27] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-06-27] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-06-27] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831664 2015-06-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-06-27] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-06-27] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-27] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-06-27] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-06-27] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-06-27] (Kaspersky Lab ZAO)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-26] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\RTL8192cu.sys [848384 2011-06-01] (Realtek Semiconductor Corporation                           )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )
S0 SI3112r; C:\Windows\System32\drivers\SI3112r.sys [133160 2007-12-27] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22056 2007-12-27] (Silicon Image, Inc)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-11-29] (Duplex Secure Ltd.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-09-13] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-09-13] (Acronis)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [35064 2015-08-28] ()
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2010-11-21] (Microsoft Corporation) [File not signed]
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-02-12] (Microsoft Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
U3 aznftyrv; C:\Windows\System32\Drivers\aznftyrv.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-28 15:15 - 2015-08-28 15:16 - 00000302 _____ C:\Users\rob_2\Desktop\Addition.txt
2015-08-28 15:14 - 2015-08-28 15:16 - 00032632 _____ C:\Users\rob_2\Desktop\FRST.txt
2015-08-28 15:12 - 2015-08-28 15:12 - 00016934 _____ C:\Users\rob_2\Desktop\RogueReport.txt
2015-08-28 09:36 - 2015-08-28 09:36 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-08-28 09:36 - 2015-08-28 09:36 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-28 09:35 - 2015-08-28 09:35 - 18772040 _____ C:\Users\rob_2\Desktop\RogueKiller.exe
2015-08-28 05:06 - 2015-08-28 05:06 - 00005786 _____ C:\WINDOWS\PFRO.log
2015-08-28 04:14 - 2014-06-10 23:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-28 04:14 - 2014-06-10 23:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-28 03:48 - 2015-08-28 03:49 - 00000012 _____ C:\Users\rob_2\Desktop\The First Cut is the deepest.txt
2015-08-27 19:53 - 2015-08-27 19:54 - 00000097 _____ C:\Users\rob_2\Desktop\Betty White.txt
2015-08-27 02:13 - 2015-08-27 03:53 - 00000086 _____ C:\Users\rob_2\Desktop\John Adams - Law - Court Case.txt
2015-08-25 19:12 - 2015-08-28 09:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-24 19:43 - 2015-08-28 15:16 - 00000000 ____D C:\Users\rob_2\AppData\Local\CrashDumps
2015-08-23 22:08 - 2015-08-28 14:17 - 01961157 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-23 21:01 - 2015-08-23 21:01 - 00002083 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-08-23 21:01 - 2015-08-23 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-08-23 21:01 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-08-23 21:00 - 2015-08-28 07:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-23 21:00 - 2015-08-23 21:00 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-08-23 21:00 - 2015-06-27 19:50 - 00831664 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-08-23 21:00 - 2015-06-27 19:50 - 00226480 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klhk.sys
2015-08-23 21:00 - 2015-06-27 19:50 - 00159960 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2015-08-23 20:58 - 2015-08-23 20:58 - 01772656 _____ (Kaspersky Lab) C:\Users\rob_2\Downloads\kav15.0.2.361abcen_8153.exe
2015-08-23 20:43 - 2015-08-23 20:44 - 06557296 _____ (ThreatTrack Security, Inc) C:\Users\rob_2\Downloads\setup-vipre-internet-security-en-us-trial.exe
2015-08-23 20:38 - 2015-08-23 20:38 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\GFI Software
2015-08-23 20:38 - 2011-11-01 00:08 - 00256632 _____ (GFI Software) C:\WINDOWS\system32\Drivers\SbFw.sys
2015-08-23 20:37 - 2015-08-23 20:37 - 00000000 ____D C:\Program Files (x86)\GFI Software
2015-08-23 20:34 - 2015-08-23 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-08-23 20:32 - 2015-08-23 20:32 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\Sun
2015-08-23 20:32 - 2015-08-23 20:32 - 00000000 ____D C:\Users\rob_2\.oracle_jre_usage
2015-08-23 20:02 - 2015-08-23 20:02 - 00000000 ____D C:\Users\rob_2\Documents\PA- Backup
2015-08-23 19:56 - 2015-08-23 20:39 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\Sunbelt
2015-08-23 19:56 - 2015-08-23 19:56 - 00001850 _____ C:\Users\Public\Desktop\VIPRE Antivirus Premium.lnk
2015-08-23 19:56 - 2015-08-23 19:56 - 00000000 ____D C:\ProgramData\Sunbelt
2015-08-23 19:56 - 2015-08-23 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunbelt Software
2015-08-23 19:56 - 2011-11-01 00:42 - 00045936 _____ (GFI Software) C:\WINDOWS\system32\sbbd.exe
2015-08-23 19:56 - 2011-11-01 00:08 - 00060536 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbhips.sys
2015-08-23 19:56 - 2011-10-26 15:40 - 00057976 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbredrv.sys
2015-08-22 06:00 - 2015-08-22 06:00 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\rob_2\Downloads\mbam-setup-sem-2.1.6.1022(1).exe
2015-08-22 05:59 - 2015-08-22 05:59 - 00000218 _____ C:\Users\rob_2\AppData\Local\recently-used.xbel
2015-08-22 00:26 - 2015-08-22 00:26 - 00000000 ____D C:\Users\rob_2\Desktop\Burger King - Chicken Royale
2015-08-21 02:29 - 2015-08-21 02:29 - 00000000 ____D C:\Users\rob_2\AppData\Local\CEF
2015-08-20 21:27 - 2015-08-20 21:27 - 04551776 _____ (Krzysztof Kowalczyk) C:\Users\rob_2\Downloads\SumatraPDF-3.0-install.exe
2015-08-20 21:07 - 2015-08-20 21:07 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-20 21:07 - 2015-08-20 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-20 21:06 - 2015-08-28 15:11 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-20 21:06 - 2015-08-28 06:06 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-20 21:06 - 2015-08-20 21:07 - 00000000 ____D C:\Users\rob_2\AppData\Local\Google
2015-08-20 21:06 - 2015-08-20 21:06 - 00931408 _____ (Google Inc.) C:\Users\rob_2\Downloads\ChromeSetup.exe
2015-08-20 21:06 - 2015-08-20 21:06 - 00003878 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-20 21:06 - 2015-08-20 21:06 - 00003642 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-20 21:06 - 2015-08-20 21:06 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-20 17:06 - 2015-08-21 04:06 - 00000000 ____D C:\Users\rob_2\Downloads\Star Trek-Generations
2015-08-20 03:16 - 2015-08-20 03:16 - 00000000 _____ C:\Users\rob_2\Desktop\UPC Bill.txt
2015-08-20 00:49 - 2015-08-20 00:49 - 00597304 _____ C:\Users\rob_2\Downloads\flux-setup(1).exe
2015-08-20 00:49 - 2015-08-20 00:49 - 00000000 ____D C:\Users\rob_2\AppData\Local\FluxSoftware
2015-08-19 23:12 - 2015-08-26 17:45 - 00000000 ____D C:\Users\rob_2\Desktop\FRST-OlderVersion
2015-08-19 23:06 - 2015-08-23 21:39 - 00000000 ____D C:\Program Files (x86)\VIPRE
2015-08-19 23:05 - 2015-08-19 23:05 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\VIPRE
2015-08-19 23:05 - 2015-08-19 23:05 - 00000000 ____D C:\Users\rob_2\AppData\Local\VIPRE
2015-08-19 22:30 - 2015-08-19 22:30 - 00000085 _____ C:\WINDOWS\wininit.ini
2015-08-19 22:11 - 2015-08-19 22:11 - 00000000 ____D C:\Users\rob_2\AppData\Local\Apps\2.0
2015-08-19 22:04 - 2015-08-19 22:04 - 00000263 _____ C:\Users\rob_2\Downloads\MUICacheView.cfg
2015-08-19 22:02 - 2010-01-05 16:06 - 00014339 _____ C:\Users\rob_2\Downloads\MUICacheView.chm
2015-08-19 22:02 - 2010-01-05 16:06 - 00005159 _____ C:\Users\rob_2\Downloads\readme.txt
2015-08-19 22:02 - 2010-01-05 15:49 - 00030208 _____ (NirSoft) C:\Users\rob_2\Downloads\MUICacheView.exe
2015-08-19 22:01 - 2015-08-19 22:01 - 00035729 _____ C:\Users\rob_2\Downloads\muicacheview.zip
2015-08-19 21:51 - 2015-08-19 21:51 - 629693372 _____ C:\Users\rob_2\Documents\19-08-2015.reg
2015-08-19 19:12 - 2015-08-19 19:12 - 01186640 _____ C:\Users\rob_2\Downloads\ProcessExplorer.zip
2015-08-19 19:12 - 2015-06-11 09:36 - 00072154 ____N C:\Users\rob_2\Downloads\procexp.chm
2015-08-19 19:12 - 2015-05-11 13:56 - 02508432 ____N (Sysinternals - www.sysinternals.com) C:\Users\rob_2\Downloads\procexp.exe
2015-08-19 19:12 - 2015-01-26 09:19 - 00002009 ____N C:\Users\rob_2\Downloads\Eula.txt
2015-08-19 18:21 - 2015-08-19 18:21 - 00034440 _____ C:\ComboFix.txt
2015-08-19 17:52 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-08-19 17:52 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-08-19 17:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-08-19 17:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-08-19 17:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-08-19 17:52 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-08-19 17:52 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-08-19 17:52 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-08-19 17:52 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-08-19 17:51 - 2015-08-19 18:21 - 00000000 ____D C:\Qoobox
2015-08-19 17:22 - 2015-08-23 21:01 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2015-08-19 17:22 - 2015-08-19 17:22 - 00001085 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2015-08-19 17:22 - 2015-08-19 17:22 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\Curiolab
2015-08-19 17:22 - 2015-08-19 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2015-08-19 17:13 - 2015-08-19 17:14 - 154834656 _____ (CURIOLAB S.M.B.A.) C:\Users\rob_2\Downloads\ExterminateItSetup.exe
2015-08-19 16:40 - 2015-08-28 15:16 - 00000000 ____D C:\FRST
2015-08-19 16:39 - 2015-08-26 17:45 - 02186752 _____ (Farbar) C:\Users\rob_2\Desktop\FRST64.exe
2015-08-19 16:36 - 2015-08-19 16:36 - 00000000 ____D C:\Users\rob_2\AppData\Local\Macromedia
2015-08-19 16:34 - 2015-08-19 16:34 - 00000000 ____D C:\Users\rob_2\AppData\Local\GoldenFrog
2015-08-19 16:34 - 2015-08-19 16:34 - 00000000 ____D C:\Users\rob_2\AppData\Local\Dropbox
2015-08-19 16:34 - 2015-08-19 16:34 - 00000000 ____D C:\Users\rob_2\AppData\Local\AirVideoServer
2015-08-19 16:18 - 2015-08-19 16:18 - 05635271 ____R (Swearware) C:\Users\rob_2\Desktop\ComboFix.exe
2015-08-19 16:16 - 2015-08-19 16:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\rob_2\Downloads\HijackThis.exe
2015-08-19 16:16 - 2015-08-19 16:16 - 00050688 _____ (Atribune.org) C:\Users\rob_2\Downloads\ATF-Cleaner.exe
2015-08-19 16:14 - 2015-08-19 16:14 - 00000000 ____D C:\Users\rob_2\Downloads\Malwarebytes Anti-Malware
2015-08-19 16:06 - 2015-08-19 16:06 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\rob_2\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-08-19 14:19 - 2015-07-20 09:39 - 00000572 _____ C:\Users\rob_2\Desktop\VIPREServiceFix.bat
2015-08-19 14:18 - 2015-08-19 14:18 - 00000464 _____ C:\Users\rob_2\Downloads\VIPREServiceFix.zip
2015-08-18 23:13 - 2010-04-12 20:12 - 00001698 _____ C:\bd.key.asc
2015-08-17 17:32 - 2015-08-17 17:32 - 00000000 ___RD C:\acroldr
2015-08-17 17:17 - 2015-08-17 17:17 - 00000000 ____D C:\$SysReset
2015-08-17 17:13 - 2015-08-22 06:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-17 17:13 - 2015-08-17 17:13 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\rob_2\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-17 17:13 - 2015-08-17 17:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-17 08:51 - 2015-08-17 08:53 - 1054867456 _____ C:\Users\rob_2\Downloads\ubuntu-14.04.3-desktop-amd64.iso
2015-08-17 07:41 - 2015-08-17 07:41 - 04831744 _____ (Geza Kovacs) C:\Users\rob_2\Downloads\unetbootin-windows-613.exe
2015-08-16 22:56 - 2015-08-16 22:57 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\rob_2\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-16 22:52 - 2015-08-16 22:52 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\rob_2\Downloads\iExplore64.exe
2015-08-16 22:52 - 2015-08-16 22:52 - 00002316 _____ C:\Users\rob_2\Desktop\Rkill.txt
2015-08-16 22:52 - 2015-08-16 22:52 - 00000000 ____D C:\Users\rob_2\Desktop\rkill
2015-08-16 22:51 - 2015-08-16 22:52 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\rob_2\Downloads\iExplore.exe
2015-08-16 22:50 - 2015-08-16 22:50 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\rob_2\Downloads\tdsskiller.exe
2015-08-16 19:23 - 2012-07-26 06:26 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20150816-192304.backup
2015-08-16 17:03 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-08-16 16:54 - 2015-08-19 22:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-16 16:54 - 2015-08-16 16:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-08-16 16:53 - 2015-08-16 16:53 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\rob_2\Downloads\spybot-2.4.exe
2015-08-16 13:42 - 2015-08-16 13:42 - 06557296 _____ (ThreatTrack Security, Inc) C:\Users\rob_2\Downloads\setup-vipre-internet-security-en-us.exe
2015-08-15 18:51 - 2015-08-16 04:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-08-14 06:49 - 2015-08-14 06:49 - 00000000 ____D C:\Users\rob_2\Downloads\.Trash-1000
2015-08-14 01:42 - 2015-08-14 13:48 - 00000030 _____ C:\Users\rob_2\Desktop\Karen-DBag.txt
2015-08-13 12:03 - 2015-08-13 12:03 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-08-12 04:55 - 2015-08-28 14:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-12 04:55 - 2015-08-12 04:55 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-12 04:06 - 2015-08-12 04:07 - 00000000 ____D C:\Users\rob_2\Downloads\John Adams
2015-08-12 04:05 - 2015-08-21 00:48 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\deluge
2015-08-11 21:12 - 2015-08-11 21:12 - 13595245 _____ C:\Users\rob_2\Downloads\deluge-1.3.11-win32-setup.exe
2015-08-11 21:12 - 2015-08-11 21:12 - 00000983 _____ C:\Users\Public\Desktop\Deluge.lnk
2015-08-11 21:12 - 2015-08-11 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2015-08-11 21:12 - 2015-08-11 21:12 - 00000000 ____D C:\Program Files (x86)\Deluge
2015-08-11 20:06 - 2015-07-30 14:11 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 20:06 - 2015-07-30 14:10 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 19:59 - 2015-08-15 20:01 - 00000000 ____D C:\Users\rob_2\AppData\Local\NVIDIA Corporation
2015-08-11 19:59 - 2015-07-24 05:21 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-08-11 19:59 - 2015-07-24 05:21 - 01710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-08-11 19:59 - 2015-07-24 05:21 - 01423304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-08-11 19:59 - 2015-07-24 05:21 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-08-11 19:58 - 2015-08-11 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-11 19:58 - 2015-08-11 19:58 - 00002137 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-08-11 19:57 - 2015-07-23 01:46 - 00572232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-08-11 19:54 - 2015-07-25 00:28 - 00204648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-08-11 19:54 - 2015-07-25 00:28 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 42730128 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 30487880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 22950544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 16151688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 15892200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 14503880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 13268712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 11836680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 11055248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-08-11 19:54 - 2015-07-23 05:06 - 03407144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 03008880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 02933576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 02600592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 01898128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435362.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435362.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 01101856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 01061008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 01053000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00983368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00976528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00940104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00503592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00407296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00155280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-08-11 19:54 - 2015-07-23 05:06 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-08-11 19:54 - 2015-07-03 05:28 - 00069992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-08-11 19:54 - 2015-07-03 05:28 - 00065896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-08-11 19:54 - 2015-07-03 05:28 - 00047976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-08-11 19:51 - 2015-08-11 19:52 - 292456168 _____ (NVIDIA Corporation) C:\Users\rob_2\Downloads\353.62-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-08-11 19:46 - 2015-08-23 20:32 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-08-11 19:45 - 2015-08-23 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-11 19:45 - 2015-08-11 19:45 - 00563296 _____ (Oracle Corporation) C:\Users\rob_2\Downloads\chromeinstall-8u51.exe
2015-08-11 19:45 - 2015-08-11 19:45 - 00000000 ____D C:\ProgramData\Oracle
2015-08-11 14:16 - 2015-08-11 14:16 - 00000528 _____ C:\Users\rob_2\Documents\spacing.txt
2015-08-11 12:39 - 2012-12-16 01:43 - 00333496 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkstsC211LM.dll
2015-08-11 12:39 - 2012-12-16 01:43 - 00272056 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkcoiC211.dll
2015-08-11 12:39 - 2012-12-16 00:36 - 02878648 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkinsC211.exe
2015-08-11 12:00 - 2015-08-15 11:22 - 00000309 _____ C:\Users\rob_2\Desktop\New Text Document.txt
2015-08-08 20:25 - 2015-08-08 20:25 - 00000000 ____D C:\Program Files\Wireshark
2015-08-08 07:13 - 2015-08-08 07:13 - 00000009 _____ C:\Users\rob_2\Documents\Quote_1.txt
2015-08-07 17:02 - 2015-08-07 17:48 - 13824241 _____ C:\Users\rob_2\Downloads\eofs.zip
2015-08-07 16:07 - 2015-08-19 14:07 - 00000000 ___RD C:\Users\rob_2\Dropbox
2015-08-07 16:04 - 2015-08-07 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-07 15:01 - 2015-08-07 15:01 - 05848832 _____ (Mozilla) C:\Users\rob_2\Downloads\Firefox Setup 2.0.0.20.exe
2015-08-07 15:01 - 2015-08-07 15:01 - 00000186 _____ C:\Users\rob_2\Downloads\Firefox Setup 2.0.0.20.exe.asc
2015-08-07 14:58 - 2015-08-07 14:58 - 06243296 _____ (Tim Kosse) C:\Users\rob_2\Downloads\FileZilla_3.12.0.2_win32-setup.exe
2015-08-07 14:51 - 2015-08-07 14:51 - 00242728 _____ C:\Users\rob_2\Downloads\Firefox Setup Stub 39.0.3.exe
2015-08-07 00:42 - 2015-08-07 00:42 - 00392734 _____ C:\Users\rob_2\Downloads\Fusion364.zip
2015-08-07 00:42 - 2015-08-07 00:42 - 00000000 ____D C:\Users\rob_2\Downloads\Fusion364
2015-08-06 22:35 - 2015-08-08 03:27 - 00793544 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-06 22:35 - 2015-08-08 03:27 - 00177632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-06 21:11 - 2015-08-15 07:25 - 00469312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-06 10:38 - 2015-08-15 09:10 - 00000000 ____D C:\Users\rob_2\Documents\UPC_Bill_06-08-2015_files
2015-08-06 10:38 - 2015-08-06 10:38 - 00041127 _____ C:\Users\rob_2\Documents\UPC_Bill_06-08-2015.htm
2015-08-06 07:37 - 2015-08-06 07:37 - 00242720 _____ C:\Users\rob_2\Downloads\Firefox Setup Stub 39.0.exe
2015-08-05 20:20 - 2015-08-05 20:20 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\Quest3D
2015-08-05 20:16 - 2015-08-26 20:39 - 00000000 ____D C:\Users\rob_2\Documents\Project Aura
2015-08-05 20:01 - 2015-08-05 20:01 - 00000000 ____D C:\Users\rob_2\.bitrock
2015-08-05 19:59 - 2015-08-05 19:59 - 00000000 ____D C:\Users\rob_2\AppData\Local\Universe Sandbox
2015-08-05 19:59 - 2015-08-05 19:59 - 00000000 ____D C:\Users\rob_2\AppData\Local\Skyrim
2015-08-05 19:58 - 2015-08-05 19:58 - 00000000 ____D C:\Users\rob_2\AppData\Local\Paradox Interactive
2015-08-05 19:38 - 2015-08-05 19:38 - 00000000 ____D C:\Users\rob_2\AppData\Local\Steam
2015-08-05 18:50 - 2015-08-05 19:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-05 18:40 - 2015-08-05 18:40 - 00597304 _____ C:\Users\rob_2\Downloads\flux-setup.exe
2015-08-05 18:40 - 2015-08-05 18:40 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-08-05 14:37 - 2015-08-05 14:37 - 00000000 ____D C:\Program Files\VideoLAN
2015-08-05 14:36 - 2015-08-05 14:36 - 29833438 _____ C:\Users\rob_2\Downloads\vlc-2.2.1-win64.exe
2015-08-05 13:56 - 2015-08-25 13:35 - 00000000 ____D C:\Users\rob_2\Downloads\Usenet
2015-08-05 13:53 - 2015-08-28 04:13 - 00000000 ____D C:\Users\rob_2\Downloads\SickBeard-win32-alpha-build503
2015-08-05 13:35 - 2015-08-05 13:35 - 00000000 ____D C:\Users\rob_2 - Copy\.zenmap
2015-08-05 13:35 - 2015-08-05 13:35 - 00000000 ____D C:\Users\rob_2 - Copy\.thumbnails
2015-08-05 13:35 - 2015-08-05 13:35 - 00000000 ____D C:\Users\rob_2 - Copy\.ssh
2015-08-05 13:35 - 2015-08-05 13:35 - 00000000 ____D C:\Users\rob_2 - Copy\.ResophNotes
2015-08-05 13:35 - 2015-08-05 13:35 - 00000000 ____D C:\Users\rob_2 - Copy\.gimp-2.8
2015-08-05 13:34 - 2015-08-23 21:00 - 00000000 ____D C:\Users\rob_2 - Copy
2015-08-05 13:34 - 2015-08-05 13:34 - 00000000 ____D C:\Users\rob_2 - Copy\.eclipse
2015-08-05 13:34 - 2015-08-05 13:34 - 00000000 ____D C:\Users\rob_2 - Copy\.android
2015-08-05 13:34 - 2015-08-05 12:58 - 04145152 _____ C:\Users\rob_2\sickbeard.db
2015-08-05 13:34 - 2015-08-05 12:58 - 04145152 _____ C:\Users\rob_2 - Copy\sickbeard.db
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2\sickbeard.db.v18
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2\sickbeard.db.v17
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2\sickbeard.db.v16
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2\sickbeard.db.v15
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2 - Copy\sickbeard.db.v18
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2 - Copy\sickbeard.db.v17
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2 - Copy\sickbeard.db.v16
2015-08-05 13:34 - 2015-08-04 15:33 - 00011264 _____ C:\Users\rob_2 - Copy\sickbeard.db.v15
2015-08-05 13:34 - 2013-05-04 14:14 - 00000005 _____ C:\Users\rob_2 - Copy\Untitled1
2015-08-05 13:34 - 2012-11-25 06:33 - 00000020 ___SH C:\Users\rob_2 - Copy\ntuser.ini
2015-08-05 13:22 - 2015-08-05 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite
2015-08-05 13:22 - 2015-08-05 13:22 - 00000000 ____D C:\Program Files\SqliteBrowser3
2015-08-05 13:21 - 2015-08-05 13:22 - 21500548 _____ C:\Users\rob_2\Downloads\sqlitebrowser-3.7.0-win64.exe
2015-08-05 12:47 - 2015-08-05 12:47 - 00000000 ____D C:\Users\rob\AppData\Roaming\VIPRE
2015-08-05 12:47 - 2015-08-05 12:47 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\VIPRE
2015-08-05 12:47 - 2015-08-05 12:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\VIPRE
2015-08-05 12:47 - 2015-08-05 12:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\VIPRE
2015-08-05 12:47 - 2015-08-05 12:47 - 00000000 ____D C:\Users\cyg_server\AppData\Roaming\VIPRE
2015-08-05 12:47 - 2015-08-05 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIPRE
2015-08-05 12:47 - 2015-08-05 12:47 - 00000000 ____D C:\ProgramData\GFI
2015-08-04 17:48 - 2014-06-05 02:12 - 00678600 ____C (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2015-08-04 17:48 - 2014-06-04 00:12 - 00536776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2015-08-04 17:47 - 2015-08-24 04:01 - 01160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-08-04 17:47 - 2015-08-24 04:01 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-08-04 17:47 - 2015-08-24 04:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-08-04 17:47 - 2015-08-24 04:01 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-08-04 17:47 - 2015-08-24 04:01 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-08-04 17:47 - 2015-08-24 04:01 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-08-04 17:47 - 2015-08-24 04:01 - 00096600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-08-04 17:44 - 2013-07-01 23:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
2015-08-04 17:44 - 2013-07-01 23:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2015-08-04 17:44 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2015-08-04 17:44 - 2013-06-29 04:07 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2015-08-04 17:40 - 2014-07-24 04:33 - 00875688 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-08-04 17:40 - 2014-07-24 04:33 - 00869544 ____C (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-08-04 17:15 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-08-04 17:15 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-08-04 17:15 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-08-04 17:15 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-08-04 17:15 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-08-04 17:15 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2015-08-04 17:12 - 2015-08-24 04:00 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2015-08-04 17:12 - 2015-08-24 04:00 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2015-08-04 17:11 - 2015-08-24 04:00 - 01889280 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-08-04 17:11 - 2015-08-24 03:59 - 01568256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-08-04 17:11 - 2015-08-24 03:59 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-08-04 17:11 - 2015-08-24 03:59 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-08-04 17:11 - 2015-08-24 03:59 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2015-08-04 17:11 - 2015-08-24 03:59 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2015-08-04 17:11 - 2015-08-24 03:59 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2015-08-04 17:11 - 2015-08-24 03:59 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2015-08-04 17:11 - 2015-08-24 03:59 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2015-08-04 17:02 - 2015-08-15 20:01 - 00000000 ____D C:\Users\rob_2\AppData\Local\NVIDIA
2015-08-04 16:19 - 2015-08-04 16:19 - 00000000 ____D C:\Users\cyg_server\AppData\Roaming\TeamViewer
2015-08-04 15:43 - 2015-08-28 14:48 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-08-04 15:43 - 2015-08-28 06:06 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-08-04 15:43 - 2015-08-07 16:04 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-08-04 15:43 - 2015-08-04 15:43 - 00003888 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2015-08-04 15:43 - 2015-08-04 15:43 - 00003652 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2015-08-04 15:37 - 2015-08-04 15:37 - 00660960 _____ (Dropbox, Inc.) C:\Users\rob_2\Downloads\DropboxInstaller.exe
2015-08-04 15:25 - 2015-08-04 15:25 - 10679851 _____ C:\Users\rob_2\Downloads\SickBeard-win32-alpha-build503.zip
2015-08-04 15:22 - 2015-02-18 08:39 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-08-04 15:22 - 2015-02-18 08:38 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2015-08-04 15:09 - 2015-08-04 15:09 - 00000000 ____D C:\Users\rob_2\Downloads\Cheetah-2.4.4.tar
2015-08-04 15:00 - 2015-08-04 15:00 - 00190989 _____ C:\Users\rob_2\Downloads\Cheetah-2.4.4.tar.gz
2015-08-04 14:51 - 2015-08-04 14:51 - 00000000 ____D C:\Users\rob_2\AppData\Local\sabnzbd
2015-08-04 14:48 - 2015-08-04 14:48 - 00000995 _____ C:\Users\rob_2\Desktop\SABnzbd.lnk
2015-08-04 14:48 - 2015-08-04 14:48 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SABnzbd
2015-08-04 14:48 - 2015-08-04 14:48 - 00000000 ____D C:\Program Files (x86)\SABnzbd
2015-08-04 14:47 - 2015-08-04 14:47 - 10926924 _____ C:\Users\rob_2\Downloads\SABnzbd-0.7.20-win32-setup.exe
2015-08-04 14:46 - 2015-08-04 15:18 - 00000000 ____D C:\Users\rob_2\Downloads\SickBeard
2015-08-04 14:41 - 2015-08-04 14:41 - 00000000 ____D C:\ProgramData\Dropbox
2015-08-04 14:40 - 2015-08-19 22:04 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-04 14:40 - 2015-08-19 22:04 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-04 14:40 - 2015-08-19 22:04 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-04 14:40 - 2015-08-19 22:04 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-04 14:40 - 2015-08-12 16:05 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-04 14:40 - 2015-08-12 16:05 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-08-04 14:40 - 2015-08-12 16:05 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-08-04 14:40 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-08-04 11:06 - 2015-08-16 17:03 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-04 11:06 - 2015-08-10 19:00 - 00002966 _____ C:\WINDOWS\System32\Tasks\VIPRE Upgrade Task
2015-08-04 11:06 - 2015-08-05 12:48 - 00000000 ____D C:\ProgramData\VIPRE

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-28 15:02 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-28 06:13 - 2012-11-25 06:42 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3757410904-3081483913-1924136660-1005
2015-08-28 06:07 - 2012-10-15 18:30 - 00000000 ____D C:\jexepackres
2015-08-28 05:42 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\rescache
2015-08-28 05:14 - 2012-07-26 08:28 - 00982850 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-28 05:08 - 2013-03-05 00:40 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-08-28 05:07 - 2012-09-18 21:15 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-28 05:07 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-28 05:07 - 2012-06-12 09:07 - 00000000 ____D C:\ProgramData\VMware
2015-08-28 05:06 - 2012-06-12 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-28 05:03 - 2012-06-30 06:35 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\vlc
2015-08-28 05:03 - 2012-06-12 09:02 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-28 04:33 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-28 04:32 - 2012-10-18 14:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-28 04:28 - 2009-07-14 03:34 - 00000607 _____ C:\WINDOWS\win.ini
2015-08-28 00:00 - 2013-08-15 23:01 - 00000000 ____D C:\Program Files (x86)\VyprVPN
2015-08-26 17:53 - 2012-09-17 13:10 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-24 10:07 - 2013-03-14 03:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-24 10:07 - 2013-03-14 03:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-24 10:05 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-08-24 10:05 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-08-24 04:01 - 2013-03-14 03:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-23 21:30 - 2012-11-02 19:46 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\Media Player Classic
2015-08-23 21:29 - 2012-12-11 23:44 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-23 21:01 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-23 21:00 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-08-23 21:00 - 2009-07-14 04:20 - 00000000 ____D C:\Users\Default.migrated
2015-08-23 20:47 - 2012-06-12 09:09 - 00000000 ____D C:\ProgramData\TEMP
2015-08-23 20:32 - 2012-11-25 06:10 - 00000000 ____D C:\Users\rob_2
2015-08-23 20:31 - 2012-06-30 08:07 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-21 18:43 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-20 22:06 - 2012-06-12 09:01 - 00000000 ____D C:\Program Files\PeerBlock
2015-08-20 21:27 - 2012-06-30 06:24 - 00001933 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2015-08-19 18:21 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default
2015-08-19 18:15 - 2012-08-19 18:25 - 00000000 ____D C:\WINDOWS\ERDNT
2015-08-19 18:03 - 2012-07-26 06:26 - 00000215 _____ C:\WINDOWS\system.ini
2015-08-19 16:07 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-17 17:28 - 2012-09-20 21:34 - 00142336 ___SH C:\Users\rob_2\Downloads\Thumbs.db
2015-08-17 07:38 - 2012-11-25 06:07 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-08-16 16:46 - 2012-06-29 22:04 - 00000000 ____D C:\Temp
2015-08-15 20:09 - 2012-11-25 06:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-14 15:57 - 2012-10-02 20:23 - 00000000 ____D C:\Users\rob_2\Downloads\imgdl
2015-08-13 18:43 - 2012-09-15 19:43 - 00002240 ____H C:\Users\rob_2\Documents\Default.rdp
2015-08-13 12:01 - 2012-08-28 19:23 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2015-08-12 06:10 - 2012-11-04 03:05 - 00000000 ____D C:\WINDOWS\Patches
2015-08-12 04:01 - 2012-08-28 11:12 - 00000000 ____D C:\Users\rob_2\AppData\Local\Thunderbird
2015-08-11 19:59 - 2012-11-25 06:08 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-11 19:59 - 2012-11-25 06:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-08-11 19:43 - 2012-08-28 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-08-11 14:01 - 2013-07-12 09:04 - 00000000 ____D C:\Users\rob_2\Documents\Spam
2015-08-11 10:53 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-08 20:25 - 2013-08-07 20:04 - 00001595 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-08-08 20:24 - 2012-06-12 09:16 - 00001137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-08-08 14:24 - 2013-02-18 23:55 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-07 15:01 - 2012-08-28 19:23 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\FileZilla
2015-08-07 14:37 - 2013-02-13 21:28 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\VMware
2015-08-07 14:37 - 2013-02-13 21:28 - 00000000 ____D C:\Users\rob_2\AppData\Local\VMware
2015-08-06 22:03 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ToastData
2015-08-06 22:03 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\WinStore
2015-08-06 22:03 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-08-06 22:03 - 2012-07-26 06:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-06 22:02 - 2012-07-26 10:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-08-06 22:01 - 2012-07-26 09:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-06 22:00 - 2012-07-26 09:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-06 22:00 - 2012-07-26 09:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-06 22:00 - 2012-07-26 09:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-06 22:00 - 2012-07-26 09:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-06 22:00 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-06 22:00 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-06 21:59 - 2012-07-26 06:38 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-08-06 15:50 - 2012-06-30 06:35 - 00000000 ____D C:\Users\rob_2\AppData\Local\Mozilla
2015-08-06 07:38 - 2012-06-12 08:58 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-05 19:59 - 2012-06-30 06:51 - 00000000 ____D C:\Users\rob_2\AppData\Local\Origin
2015-08-05 14:37 - 2013-08-20 01:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-08-05 13:44 - 2012-08-19 17:48 - 00000000 ____D C:\Users\rob\Downloads\Usenet
2015-08-05 13:04 - 2012-06-30 06:45 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-05 12:47 - 2012-08-19 17:45 - 00000000 ____D C:\Users\rob\AppData\Roaming\GFI Software
2015-08-05 12:47 - 2012-08-02 04:57 - 00000000 ____D C:\Users\cyg_server\AppData\Roaming\GFI Software
2015-08-04 17:51 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-08-04 17:03 - 2012-10-13 11:42 - 00000000 ____D C:\Users\rob_2\AppData\Roaming\Dropbox
2015-08-04 15:02 - 2012-06-30 06:45 - 00003860 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3757410904-3081483913-1924136660-1005UA
2015-08-04 14:36 - 2012-10-13 11:46 - 00000000 ___RD C:\Users\rob_2\Dropbox (Old)

==================== Files in the root of some directories =======

2012-09-21 17:05 - 2013-08-27 20:23 - 0000600 _____ () C:\Users\rob_2\AppData\Local\PUTTY.RND
2015-08-22 05:59 - 2015-08-22 05:59 - 0000218 _____ () C:\Users\rob_2\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\rob_2\AppData\Local\Temp\dllnt_dump.dll
C:\Users\rob_2\AppData\Local\Temp\jre-8u60-windows-au.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-28 05:18

==================== End of FRST.txt ============================
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 28 August 2015 - 01:35 PM


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CloseProcesses:

FF user.js: detected! => C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\user.js [2015-08-23]
U3 aznftyrv; C:\Windows\System32\Drivers\aznftyrv.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
C:\Windows\System32\Drivers\aznftyrv.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Are you now able to run or install Vipre?

I see these running in your last log. They may have to be removed if you are unable to install it. Keep me posted.

(Sunbelt Software) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Sunbelt Software) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [2804280 2011-09-06] (Sunbelt Software)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [181584 2011-09-06] (Sunbelt Software)

#9 puddingmomentum

puddingmomentum
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 30 August 2015 - 04:03 AM

Hi, I can't access the VIPRE front end. I didn't realise it ran at all.

Please find the fixlog below. Thank you for your help.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-08-2015 02
Ran by Rob (2015-08-30 09:52:27) Run:2
Running from C:\Users\rob_2\Desktop
Loaded Profiles: Rob & cyg_server (Available Profiles: Rob & cyg_server & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CloseProcesses:

FF user.js: detected! => C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\user.js [2015-08-23]
U3 aznftyrv; C:\Windows\System32\Drivers\aznftyrv.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
C:\Windows\System32\Drivers\aznftyrv.sys

End
*****************

Processes closed successfully.
C:\Users\rob_2\AppData\Roaming\Mozilla\Firefox\Profiles\43zicwu0.default\user.js => moved successfully
aznftyrv => service removed successfully
klkbdflt2 => service could not remove
Could not move "C:\Windows\System32\Drivers\aznftyrv.sys" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-30 09:55:43)<=

C:\Windows\System32\Drivers\aznftyrv.sys => Is moved successfully

==== End of Fixlog 09:55:43 ====



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 30 August 2015 - 07:32 AM


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

EmptyTemp:
CloseProcesses:

(Sunbelt Software) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Sunbelt Software) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [2804280 2011-09-06] (Sunbelt Software)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [181584 2011-09-06] (Sunbelt Software) 
C:\Program Files (x86)\VIPRE

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Download and run the Revo Uninstaller and remove all traces of Vipre.
http://www.revouninstaller.com/

Restart the computer when completed.

Try to reinstall Vipre.

How is it now?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 05 September 2015 - 09:27 AM

Are you still with me?

#12 puddingmomentum

puddingmomentum
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 06 September 2015 - 06:48 PM

Hi nasdaq,

   I tried to post before but it didn't appear. I followed the instructions and was able to install VIPRE. I can now access the VIPRE frontend. I ran a deep scan and it found nothing. The following is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Rob (2015-09-02 18:17:05) Run:3
Running from C:\Users\rob_2\Desktop
Loaded Profiles: Rob & cyg_server (Available Profiles: Rob & cyg_server & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

EmptyTemp:
CloseProcesses:

(Sunbelt Software) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Sunbelt Software) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [2804280 2011-09-06] (Sunbelt Software)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [181584 2011-09-06] (Sunbelt Software)
C:\Program Files (x86)\VIPRE

End
*****************

Processes closed successfully.
C:\Program Files (x86)\VIPRE\SBAMSvc.exe => No running process found
C:\Program Files (x86)\VIPRE\SBPIMSvc.exe => No running process found
SBAMSvc => service not found.
SBPIMSvc => service not found.
"C:\Program Files (x86)\VIPRE" => File/Folder not found.
EmptyTemp: => 1.7 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 18:17:20 ====



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 07 September 2015 - 06:58 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 puddingmomentum

puddingmomentum
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 07 September 2015 - 11:52 AM

Thank you very much for your help. That was a bad trojan. You helped me immensely.

.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 07 September 2015 - 01:40 PM

Glad we could help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users