Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unistalled Chrome, but program still works. (other issues as well)


  • This topic is locked This topic is locked
42 replies to this topic

#1 Smackyfrog

Smackyfrog

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 02 September 2015 - 09:51 AM

So my co-worker gave me a download for CS5 that was heavily infected with malware. It installed various unwanted programs and I started getting redirects on chrome (plus unwanted extensions). Also, a pop now frequently comes up on my desktop that says "Critical alert: Activate Windows backup now!"

 

Now I followed a typical malware removal procedure and have had some success, but this is unlike any infection I've had before. I started in safe mode and ran Rkill, then used revo unistaller to remove all the unwanted programs. Then I proceeded with adwcleaner, malwarebytes, ccleaner, and finally roguekiller in that order. Computer was still infected, but I noticed the redirects were only happening on chrome. So I tried using revo unistaller to get rid of chrome and reinstall it. It worked, but chrome is still somehow on my desktop and still functions as well. It no longer appears in revo unistaller or the default windows unistaller.

 

Another outcome of this infection is certain programs now "twitch," as in they flash a quick "not responding" on the top of the window. This happens to my internet browser (installed mozilla) most frequently, but has happened in adobed pro a few times.

 

ANy help is appreciated because I'm at the end of my ropes with this, and can't seem to locate a similar problem on these forums or anywhere for that matter. Thank you in advance. I attached the FRST scan txt files.



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:20 AM

Posted 03 September 2015 - 05:11 AM

Hey, :)

Can you please post the logs directly into the thread rather than attaching them. Thank you.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Smackyfrog

Smackyfrog
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 03 September 2015 - 07:08 AM

Hello!

 

Sorry about that, i just followed what the sticky said to do for posts. Here you go:

 

 

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(ShipConstructor Software Inc.) C:\Program Files\Common Files\SSI\SCLicensing\SConLicenseServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7600.16385_none_705720d4c2e4f76e\taskmgr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1317256 2013-07-16] (Autodesk, Inc.)
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll [2006-03-05] (Autodesk)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{A9092306-3BAD-4F6C-80B8-74F41BC5961D}: [DhcpNameServer] 71.10.216.1 71.10.216.2

Internet Explorer:
==================
HKU\S-1-5-21-279859953-1193567709-810979650-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-279859953-1193567709-810979650-1000 -> DefaultScope {2B662D10-3774-4F04-9A18-6F512DE628E1} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-279859953-1193567709-810979650-1000 -> {0BF61FEF-E1AF-495C-BC8C-1D48F6E3326E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-279859953-1193567709-810979650-1000 -> {2B662D10-3774-4F04-9A18-6F512DE628E1} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-07-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} ->  No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-279859953-1193567709-810979650-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\C FLY Marine\AppData\Roaming\Mozilla\Firefox\Profiles\54eoy37y.default
FF DefaultSearchEngine.US: Google
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-06] (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-279859953-1193567709-810979650-1000: @citrixonline.com/appdetectorplugin -> C:\Users\C FLY Marine\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-15] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-07-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\C FLY Marine\AppData\Roaming\Mozilla\Firefox\Profiles\54eoy37y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-09-01]

Chrome:
=======
CHR Profile: C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-01]
CHR Extension: (Google Docs) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-01]
CHR Extension: (Google Drive) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-01]
CHR Extension: (YouTube) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-01]
CHR Extension: (Google Search) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-01]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-01]
CHR Extension: (Yahoo for Chrome) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol [2015-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-01]
CHR Extension: (Gmail) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.FESGYXMOPHOYVT2JTLVA7NAB5A - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\Application\46.10.2479.1\chromer.exe

Opera:
=======
OPR Extension: (Cinema PlusV27.08) - C:\Users\C FLY Marine\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2014-05-14] (Autodesk)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-23] (NVIDIA Corporation)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67944 2015-02-26] (Robert McNeel & Associates)
S4 Mechanical Job Server; C:\Program Files\Autodesk\Mechanical Simulation Job Manager\dssp_jobServer.exe [404992 2014-02-19] (Autodesk Inc.) [File not signed]
S4 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
S4 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1740968 2015-07-01] (Micro-Star INT'L CO., LTD.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-23] (NVIDIA Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 ShipConstructor License Server; C:\Program Files\Common Files\SSI\SCLicensing\SConLicenseServer.exe [65536 2014-01-24] (ShipConstructor Software Inc.) [File not signed]
S2 Siemens PLM License Server; C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe [1830736 2013-01-18] (Flexera Software LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-05-22] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27120 2013-09-26] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-02] (NVIDIA Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58664 2009-07-13] (SafeNet, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-01] ()
S3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [40288 2014-05-13] ()
S3 XRNBO; c:\windows\SysWOW64\drivers\XRNBO.sys [177152 2014-05-15] () [File not signed]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-02 09:32 - 2015-09-02 09:32 - 00020553 _____ C:\Users\C FLY Marine\Downloads\FRST.txt
2015-09-02 09:32 - 2015-09-02 09:32 - 00000000 ____D C:\FRST
2015-09-02 09:31 - 2015-09-02 09:31 - 02188800 _____ (Farbar) C:\Users\C FLY Marine\Downloads\FRST64.exe
2015-09-01 10:11 - 2015-09-01 10:11 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\PDAppFlex
2015-09-01 10:07 - 2015-09-01 10:07 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-09-01 10:07 - 2015-09-01 10:07 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-09-01 10:07 - 2015-09-01 10:07 - 00002140 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2015-09-01 10:07 - 2015-09-01 10:07 - 00002049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-09-01 10:06 - 2015-09-01 10:06 - 00000000 ____D C:\Users\C FLY Marine\Desktop\Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll ) [ChingLiu]
2015-09-01 10:03 - 2015-09-01 10:05 - 00001464 _____ C:\Windows\KB893803v2.log
2015-09-01 10:01 - 2015-09-01 10:01 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-01 10:01 - 2015-09-01 10:01 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-01 10:01 - 2015-09-01 10:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-01 10:01 - 2014-06-23 23:52 - 00760320 _____ (MPT34M ) C:\Users\C FLY Marine\Desktop\adobe.acrobat.xi.pro.patch-MPT.exe
2015-09-01 09:52 - 2015-09-01 09:52 - 01931088 _____ (Symantec Corporation) C:\Users\C FLY Marine\Desktop\FixTDSS.exe
2015-09-01 09:51 - 2015-09-01 09:51 - 00001790 _____ C:\Users\C FLY Marine\Desktop\JRT.txt
2015-09-01 09:51 - 2015-09-01 09:51 - 00000224 _____ C:\Users\C FLY Marine\Desktop\debug.log
2015-09-01 09:24 - 2015-09-01 09:42 - 00002010 _____ C:\Users\C FLY Marine\Desktop\Rkill.txt
2015-09-01 07:42 - 2015-09-01 07:42 - 18501919 _____ C:\Users\C FLY Marine\Downloads\HSC_2015_Full_Set.zip
2015-09-01 07:32 - 2015-09-02 07:34 - 00031602 _____ C:\Windows\WindowsUpdate.log
2015-09-01 07:30 - 2015-09-01 09:54 - 00005892 _____ C:\Windows\PFRO.log
2015-09-01 07:30 - 2015-09-01 09:54 - 00000616 _____ C:\Windows\setupact.log
2015-09-01 07:30 - 2015-09-01 09:22 - 00548000 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-01 07:30 - 2015-09-01 07:30 - 00000000 _____ C:\Windows\setuperr.log
2015-09-01 07:20 - 2015-09-01 07:22 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\C FLY Marine\Downloads\unhide.exe
2015-09-01 07:13 - 2015-09-01 07:13 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\C FLY Marine\Downloads\tdsskiller.exe
2015-08-31 11:09 - 2015-08-31 11:09 - 00090001 _____ C:\Users\C FLY Marine\Desktop\DWG gap analysis.xlsx
2015-08-31 09:26 - 2015-08-31 09:26 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-31 09:24 - 2015-08-27 20:24 - 01798640 _____ (Malwarebytes Corporation) C:\Users\C FLY Marine\Desktop\JRT.exe
2015-08-31 09:13 - 2015-08-31 09:18 - 00035882 _____ C:\Users\C FLY Marine\Downloads\MTB.txt
2015-08-31 09:11 - 2015-08-31 09:12 - 02870984 _____ (ESET) C:\Users\C FLY Marine\Downloads\esetsmartinstaller_enu.exe
2015-08-31 09:10 - 2015-08-31 09:11 - 01798640 _____ (Malwarebytes Corporation) C:\Users\C FLY Marine\Downloads\JRT (1).exe
2015-08-31 09:09 - 2015-08-31 09:10 - 00891392 _____ (Farbar) C:\Users\C FLY Marine\Downloads\MiniToolBox.exe
2015-08-31 08:14 - 2015-08-31 08:40 - 00000000 ____D C:\ProgramData\chrome
2015-08-31 08:12 - 2015-08-31 08:35 - 00000000 ____D C:\Program Files (x86)\360
2015-08-31 08:12 - 2015-08-31 08:12 - 46073439 _____ (Google Inc. ) C:\Users\C FLY Marine\Downloads\chrome-setup.exe
2015-08-27 13:28 - 2015-08-27 13:29 - 01798560 _____ (Malwarebytes Corporation) C:\Users\C FLY Marine\Downloads\JRT.exe
2015-08-27 13:16 - 2015-08-27 13:16 - 00931408 _____ (Google Inc.) C:\Users\C FLY Marine\Downloads\ChromeSetup.exe
2015-08-27 13:14 - 2015-08-27 13:20 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\Mozilla
2015-08-27 13:14 - 2015-08-27 13:14 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\Mozilla
2015-08-27 12:53 - 2015-08-27 12:53 - 00000000 ____D C:\Program Files\dwgs for ROWAN
2015-08-27 12:51 - 2015-08-27 12:51 - 00000000 ____D C:\Windows\Sun
2015-08-27 12:19 - 2015-09-02 09:23 - 00001046 _____ C:\Windows\Tasks\38bhc15ujOnTt8bQnGkVQ7Q.job
2015-08-27 12:19 - 2015-08-27 12:19 - 00004100 _____ C:\Windows\System32\Tasks\38bhc15ujOnTt8bQnGkVQ7Q
2015-08-27 12:18 - 2015-08-27 12:18 - 00003658 _____ C:\Windows\System32\Tasks\Teutqeug
2015-08-27 12:18 - 2014-02-19 00:52 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\ATL90.dll
2015-08-27 12:17 - 2015-09-02 07:05 - 00001016 _____ C:\Windows\Tasks\tF2IQw3F.job
2015-08-27 12:17 - 2015-08-27 12:32 - 00000000 ____D C:\Program Files (x86)\2bc2fa8b-12c1-456d-bebc-1a6c4899cba8
2015-08-27 12:17 - 2015-08-27 12:17 - 00004070 _____ C:\Windows\System32\Tasks\tF2IQw3F
2015-08-27 12:16 - 2015-08-27 12:20 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-27 12:13 - 2015-09-01 09:42 - 00000000 ____D C:\Users\C FLY Marine\Desktop\Malware stuff
2015-08-27 12:07 - 2015-08-31 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop
2015-08-27 12:06 - 2015-08-31 10:09 - 00000000 ____D C:\Program Files (x86)\PCWDownloader
2015-08-27 12:06 - 2015-08-31 10:09 - 00000000 ____D C:\Program Files (x86)\PCW Updater
2015-08-27 12:06 - 2015-08-31 08:12 - 00000000 ____D C:\ProgramData\MSNetCore
2015-08-27 12:06 - 2015-08-27 12:07 - 00000000 ____D C:\Windows\System32\Tasks\PCW
2015-08-27 12:06 - 2015-08-27 12:06 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\youtube-downloader-and-converter
2015-08-27 12:06 - 2015-08-27 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solid YouTube Downloader and Converter
2015-08-27 12:06 - 2015-08-27 12:06 - 00000000 ____D C:\Program Files (x86)\Solid YouTube Downloader and Converter
2015-08-27 12:06 - 2009-06-10 16:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-27 10:23 - 2015-08-31 10:49 - 00000000 ____D C:\Users\C FLY Marine\Desktop\silhouettes
2015-08-27 07:11 - 2015-08-27 07:12 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\C FLY Marine\Downloads\revosetup (1).exe
2015-08-27 07:10 - 2015-08-27 07:12 - 69999448 _____ (Microsoft Corporation) C:\Users\C FLY Marine\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
2015-08-24 14:44 - 2015-08-24 14:44 - 07088086 _____ C:\Users\C FLY Marine\Downloads\wordpress-4.3.zip
2015-08-24 14:41 - 2015-08-25 10:25 - 00000000 ____D C:\Users\C FLY Marine\AppData\OICE_15_974FA576_32C1D314_7AC
2015-08-24 09:16 - 2015-09-01 07:28 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\CrashDumps
2015-08-21 07:21 - 2015-09-01 07:26 - 00000000 ____D C:\Program Files\CCleaner
2015-08-21 07:21 - 2015-08-21 07:21 - 00002818 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-08-21 07:20 - 2015-09-01 09:25 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-21 07:20 - 2015-08-21 07:20 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-21 07:18 - 2015-08-21 07:19 - 06609608 _____ (Piriform Ltd) C:\Users\C FLY Marine\Downloads\ccsetup508.exe
2015-08-21 07:17 - 2015-08-21 07:20 - 18758216 _____ C:\Users\C FLY Marine\Downloads\RogueKiller.exe
2015-08-21 07:15 - 2015-09-01 07:29 - 00000000 ____D C:\AdwCleaner
2015-08-21 07:15 - 2015-08-21 07:16 - 07471104 _____ C:\Users\C FLY Marine\Downloads\Unconfirmed 81540.crdownload
2015-08-21 07:13 - 2015-08-21 07:14 - 01605632 _____ C:\Users\C FLY Marine\Downloads\AdwCleaner.exe
2015-08-21 07:13 - 2015-08-21 07:13 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\C FLY Marine\Downloads\rkill (1).com
2015-08-20 12:31 - 2015-08-20 12:31 - 00000000 ____D C:\Rowan Resolute
2015-08-20 12:04 - 2015-08-20 12:04 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-08-20 12:04 - 2015-08-20 12:04 - 00000000 ____D C:\Program Files\Java
2015-08-20 12:02 - 2015-08-20 12:02 - 56501344 _____ (Oracle Corporation) C:\Users\C FLY Marine\Downloads\jre-8u60-windows-x64.exe
2015-08-20 11:59 - 2015-08-20 12:00 - 00000000 ____D C:\Users\C FLY Marine\AppData\OICE_15_974FA576_32C1D314_2339
2015-08-20 11:51 - 2015-08-20 11:51 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-08-20 11:49 - 2015-08-20 12:04 - 00000000 ____D C:\Users\C FLY Marine\.oracle_jre_usage
2015-08-20 11:49 - 2015-08-20 11:49 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\Sun
2015-08-20 11:17 - 2015-08-20 11:17 - 00584288 _____ (Oracle Corporation) C:\Users\C FLY Marine\Downloads\jre-8u60-windows-i586-iftw.exe
2015-08-20 00:02 - 2015-08-27 12:39 - 00000000 ____D C:\Program Files (x86)\RotaryMaoSters
2015-08-20 00:01 - 2015-08-27 12:39 - 00000000 ____D C:\Program Files (x86)\RoTairyMasTersu
2015-08-20 00:01 - 2015-08-27 12:32 - 00000000 ____D C:\Program Files (x86)\Lightning Speed DialExt
2015-08-20 00:00 - 2015-08-27 12:32 - 00000000 ____D C:\Program Files (x86)\RotaryMeaseteeras
2015-08-19 15:00 - 2015-08-27 12:18 - 00000000 ____D C:\ProgramData\myselfcoupon
2015-08-17 09:30 - 2015-08-06 23:22 - 00573048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-08-17 09:28 - 2015-08-07 06:06 - 42840184 _____ C:\Windows\system32\nvcompiler.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 37819000 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 18540336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 16630096 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 14928048 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 14673920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 13656016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 12179496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 11076216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-08-17 09:28 - 2015-08-07 06:06 - 02937648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 02624816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 01898104 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435560.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435560.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 01104440 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 01063216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 01059960 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 00985208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 00942688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 00931448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 00177088 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-08-17 07:15 - 2015-08-17 07:15 - 04645683 _____ C:\Users\C FLY Marine\Downloads\Response_T1384180_files.zip
2015-08-17 07:15 - 2015-08-17 07:15 - 00577978 _____ C:\Users\C FLY Marine\Downloads\Response_T1400103_files.zip
2015-08-10 14:14 - 2015-08-10 14:14 - 00372066 _____ C:\Users\C FLY Marine\Downloads\fancybox-for-wordpress.3.0.6.zip
2015-08-10 13:25 - 2015-08-10 13:25 - 00466023 _____ C:\Users\C FLY Marine\Downloads\maxbuttons.3.09.zip
2015-08-10 12:00 - 2015-08-10 12:00 - 00000500 _____ C:\Windows\SysWOW64\Drivers\iexixx_422.set
2015-08-10 12:00 - 2015-08-10 12:00 - 00000500 _____ C:\Windows\SysWOW64\Drivers\gexixx_298.set
2015-08-10 12:00 - 2015-08-10 12:00 - 00000500 _____ C:\Windows\SysWOW64\Drivers\fgsqtfk274.dat
2015-08-10 12:00 - 2015-08-10 12:00 - 00000500 _____ C:\Windows\SysWOW64\Drivers\dgsqtfk189.dat
2015-08-10 12:00 - 2015-08-10 12:00 - 00000500 _____ C:\Windows\i_mgpmro419.ini
2015-08-10 12:00 - 2015-08-10 12:00 - 00000500 _____ C:\Windows\d_mgpmro165.ini
2015-08-10 12:00 - 2015-08-10 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhinoceros 5
2015-08-10 11:57 - 2015-08-10 11:57 - 24438392 _____ (DevAge, Vestris Inc. & Contributors) C:\Users\C FLY Marine\Downloads\nXt10_Patch_Release_x64_20140606_1211.exe
2015-08-10 11:22 - 2015-08-10 11:24 - 246067200 _____ C:\Users\C FLY Marine\Downloads\rh50Release_x64_en-us_5.11.50226.17195.msi
2015-08-10 09:00 - 2015-08-10 09:01 - 62627840 _____ C:\Users\C FLY Marine\Downloads\Bongo_20_Release_x64_English_20141114.msi
2015-08-10 08:57 - 2015-08-10 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flamingo nXt
2015-08-10 08:56 - 2015-08-10 11:58 - 00000000 ____D C:\Program Files (x86)\Flamingo nXt
2015-08-10 08:50 - 2015-08-10 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhinoceros 5.0
2015-08-10 08:50 - 2015-08-10 08:50 - 00000000 ____D C:\Program Files\Rhinoceros 5.0 (64-bit)
2015-08-10 08:50 - 2015-08-10 08:50 - 00000000 ____D C:\Program Files (x86)\Rhinoceros 5.0
2015-08-10 08:50 - 2015-08-10 08:50 - 00000000 ____D C:\Program Files (x86)\McNeelUpdate
2015-08-10 08:44 - 2015-08-10 08:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhinoceros 4.0
2015-08-10 08:43 - 2015-08-10 08:44 - 00000000 ____D C:\Program Files (x86)\Rhinoceros 4.0
2015-08-10 08:38 - 2015-08-10 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhinoceros 3.0
2015-08-10 08:37 - 2015-08-10 08:38 - 00000000 ____D C:\Program Files (x86)\Rhinoceros 3.0
2015-08-10 08:37 - 2003-11-11 12:01 - 00720896 _____ (Robert McNeel & Associates) C:\Windows\SysWOW64\RhinoShExt.dll
2015-08-10 07:44 - 2015-09-01 09:51 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-10 07:43 - 2015-08-10 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-10 07:43 - 2015-08-10 07:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-10 07:43 - 2015-08-10 07:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-10 07:43 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-10 07:43 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-10 07:43 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-10 07:42 - 2015-08-10 07:43 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\C FLY Marine\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-10 07:39 - 2015-08-10 07:39 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\C FLY Marine\Downloads\rkill.com
2015-08-10 07:35 - 2015-08-10 07:35 - 00967601 _____ C:\Users\C FLY Marine\Downloads\ProcessMonitor.zip
2015-08-07 11:00 - 2015-08-07 11:16 - 00000000 ____D C:\Users\C FLY Marine\Desktop\new photos
2015-08-07 10:58 - 2015-08-07 10:58 - 00003530 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-AHMED-CFLYMARIN-C FLY Marine
2015-08-07 10:49 - 2015-08-07 10:49 - 00000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2015.lnk
2015-08-07 10:49 - 2015-08-07 10:49 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-08-07 10:40 - 2015-08-07 10:57 - 00000000 ____D C:\Program Files\Adobe
2015-08-07 10:34 - 2015-09-01 07:31 - 00000000 ___RD C:\Users\C FLY Marine\Creative Cloud Files
2015-08-07 10:32 - 2015-08-07 10:32 - 00001221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-08-07 10:09 - 2015-08-07 10:09 - 00000000 ____D C:\Windows\pss
2015-08-07 09:51 - 2015-08-07 09:51 - 00000000 ____D C:\ProgramData\COMODO
2015-08-07 09:43 - 2015-08-07 09:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\C FLY Marine\Downloads\revosetup.exe
2015-08-07 09:42 - 2015-08-07 09:43 - 03007700 _____ C:\Users\C FLY Marine\Downloads\revouninstaller.zip
2015-08-07 09:41 - 2015-08-07 09:41 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\Shortcut
2015-08-07 09:41 - 2015-08-07 09:41 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\Opera Software
2015-08-07 09:41 - 2015-08-07 09:41 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\Opera Software
2015-08-07 09:41 - 2015-08-07 09:41 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\Chromium
2015-08-07 09:40 - 2015-08-31 10:09 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\{C901FF5D-EDA9-93E5-8031-B60DA4594A95}
2015-08-07 09:40 - 2015-08-07 10:00 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-07 09:40 - 2015-08-07 09:40 - 00409168 _____ (Free Picture Solutions ) C:\Users\C FLY Marine\Documents\pictureresizer_setup [1].exe
2015-08-07 09:39 - 2015-08-07 09:39 - 00000000 ____D C:\Program Files (x86)\pictureresizer_setup
2015-08-07 09:36 - 2015-08-07 09:37 - 03246080 _____ C:\Users\C FLY Marine\Downloads\pictureresizer_setup.msi
2015-08-07 09:33 - 2015-08-07 09:33 - 23673633 _____ C:\Users\C FLY Marine\Downloads\Resizer3-4-3-full-May-8-2014.zip
2015-08-07 09:18 - 2015-08-07 09:18 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\WinRAR
2015-08-07 09:17 - 2015-08-27 12:11 - 00000000 ____D C:\Program Files (x86)\Photoshop
2015-08-06 09:02 - 2015-08-06 09:02 - 06864353 _____ C:\Users\C FLY Marine\Downloads\wordpress-4.2.4 (1).zip
2015-08-05 15:30 - 2015-08-05 15:30 - 00360711 _____ C:\Users\C FLY Marine\Downloads\forget-about-shortcode-buttons.1.1.0.zip
2015-08-05 09:58 - 2015-08-05 09:59 - 00642574 _____ C:\Users\C FLY Marine\Downloads\backupwordpress.3.2.7.zip
2015-08-05 09:44 - 2015-08-17 07:16 - 00000000 ____D C:\Users\C FLY Marine\Desktop\Wordpress
2015-08-05 09:36 - 2015-08-05 09:44 - 06864353 _____ C:\Users\C FLY Marine\Downloads\wordpress-4.2.4.zip
2015-08-04 13:01 - 2015-08-04 13:01 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\ControlCenter4
2015-08-04 12:59 - 2015-08-04 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-08-04 12:58 - 2015-08-04 12:58 - 00000066 _____ C:\Windows\Brfaxrx.ini
2015-08-04 12:58 - 2015-08-04 12:58 - 00000000 ____D C:\ProgramData\ControlCenter4
2015-08-04 12:58 - 2015-08-04 12:58 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2015-08-04 12:58 - 2015-08-04 12:58 - 00000000 ____D C:\Program Files (x86)\Browny02
2015-08-04 12:58 - 2015-08-04 12:58 - 00000000 ____D C:\Program Files (x86)\Brother
2015-08-04 12:58 - 2015-08-04 12:58 - 00000000 ____D C:\Brother
2015-08-04 12:58 - 2013-04-11 01:55 - 00227328 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRCOI13Q.DLL
2015-08-04 12:58 - 2013-04-11 01:55 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2015-08-04 12:58 - 2013-01-10 13:56 - 00253952 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2015-08-04 12:58 - 2012-12-03 13:39 - 00002560 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2015-08-04 12:58 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2015-08-04 12:58 - 2007-12-13 22:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2015-08-04 12:57 - 2015-08-04 12:57 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\InstallShield
2015-08-04 12:56 - 2015-08-04 12:56 - 00000000 ____D C:\Users\C FLY Marine\Downloads\install
2015-08-04 07:02 - 2015-08-04 07:03 - 152335688 _____ (A.I.SOFT,INC.) C:\Users\C FLY Marine\Downloads\MFC-J6920DW-inst-A1-us2 (1).EXE
2015-08-03 07:08 - 2015-08-06 23:34 - 02558768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-08-03 07:04 - 2015-08-07 06:06 - 22520624 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-08-03 07:04 - 2015-08-07 06:06 - 15510112 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-08-03 07:04 - 2015-07-24 18:28 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-08-03 07:04 - 2015-07-24 18:28 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-08-03 07:04 - 2015-07-22 23:06 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435362.dll
2015-08-03 07:04 - 2015-07-22 23:06 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435362.dll
2015-08-03 07:00 - 2015-08-03 07:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-08-03 06:59 - 2015-08-03 06:59 - 00000000 ____D C:\MSI

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-02 09:21 - 2015-06-01 13:03 - 00005014 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for AHMED-CFLYMARIN-C FLY Marine AHMED-CFLYMarine
2015-09-02 08:44 - 2014-05-15 10:49 - 00000604 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-279859953-1193567709-810979650-1000.job
2015-09-02 08:37 - 2014-06-13 12:26 - 00000000 ____D C:\NHT
2015-09-02 07:44 - 2015-06-04 14:25 - 00000700 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-279859953-1193567709-810979650-1000.job
2015-09-02 07:34 - 2014-09-14 10:49 - 00164568 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-09-01 10:07 - 2014-05-14 10:49 - 00000000 ____D C:\ProgramData\Adobe
2015-09-01 10:01 - 2014-05-19 14:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-01 09:59 - 2009-07-13 23:45 - 00034624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-01 09:59 - 2009-07-13 23:45 - 00034624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-01 09:58 - 2009-07-14 00:13 - 00785544 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-01 09:54 - 2014-05-20 11:25 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-01 09:54 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-01 09:51 - 2014-05-13 17:59 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\Google
2015-09-01 09:33 - 2014-05-13 17:59 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-01 09:27 - 2014-05-14 10:49 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-09-01 07:44 - 2015-07-29 10:44 - 00000000 ____D C:\Users\C FLY Marine\Desktop\Regulatory rules
2015-09-01 07:41 - 2014-05-14 10:49 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\Adobe
2015-09-01 07:31 - 2014-07-03 10:34 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-31 14:47 - 2009-07-14 02:46 - 00000000 ____D C:\Windows\ShellNew
2015-08-31 08:35 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages
2015-08-27 12:39 - 2015-02-10 12:24 - 00000000 ____D C:\Windows\AutoKMS
2015-08-27 12:23 - 2014-05-13 16:59 - 00001443 _____ C:\Users\C FLY Marine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-27 12:23 - 2014-05-13 16:59 - 00001409 _____ C:\Users\C FLY Marine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-08-27 12:23 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-27 12:23 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-27 12:12 - 2014-06-25 19:22 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-08-27 12:12 - 2014-05-14 10:50 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\Adobe
2015-08-24 11:23 - 2015-06-04 14:25 - 00003754 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-279859953-1193567709-810979650-1000
2015-08-24 11:23 - 2014-05-15 10:49 - 00003658 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-279859953-1193567709-810979650-1000
2015-08-21 07:28 - 2014-05-22 09:30 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\DAEMON Tools Lite
2015-08-21 07:22 - 2014-05-15 10:40 - 00000000 ____D C:\Windows\Minidump
2015-08-21 07:22 - 2014-05-13 17:54 - 00000000 ____D C:\Windows\Panther
2015-08-20 12:04 - 2014-07-22 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-20 11:50 - 2014-05-22 09:52 - 00000000 ____D C:\ProgramData\Oracle
2015-08-20 11:50 - 2014-05-22 09:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-20 11:49 - 2014-05-13 16:59 - 00000000 ____D C:\Users\C FLY Marine
2015-08-20 11:45 - 2014-07-25 14:38 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\cache
2015-08-17 09:30 - 2014-05-21 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-17 09:30 - 2014-05-20 11:25 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-12 14:24 - 2014-05-14 14:04 - 00068900 _____ C:\Users\C FLY Marine\Documents\plot.log
2015-08-11 14:31 - 2014-05-22 14:49 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\McNeel
2015-08-11 07:41 - 2014-06-13 15:21 - 00039757 _____ C:\Windows\BRRBCOM.INI
2015-08-10 12:01 - 2014-07-02 13:20 - 00164568 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-08-10 09:02 - 2014-12-04 07:09 - 00000000 ____D C:\Program Files\Bongo 2.0 (64-bit)
2015-08-10 08:56 - 2014-05-22 14:45 - 00000000 ____D C:\ProgramData\McNeel
2015-08-10 07:54 - 2009-07-14 00:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-10 07:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-08-10 07:17 - 2014-05-13 17:59 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\Deployment
2015-08-07 10:40 - 2014-07-03 10:33 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-07 09:58 - 2014-05-22 12:50 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2015-08-07 09:55 - 2014-05-15 10:49 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\Citrix
2015-08-07 09:54 - 2014-09-14 10:44 - 00000000 ____D C:\Windows\system32\appmgmt
2015-08-07 09:43 - 2015-07-29 10:27 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-07 06:06 - 2014-05-21 14:32 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-08-07 06:06 - 2014-05-21 14:32 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-08-07 06:06 - 2014-05-21 14:32 - 00033050 _____ C:\Windows\system32\nvinfo.pb
2015-08-07 06:06 - 2014-05-21 14:31 - 17124832 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-08-07 06:06 - 2014-05-21 14:31 - 12513288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-08-07 06:06 - 2014-05-21 14:31 - 03518248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-08-07 06:06 - 2014-05-21 14:31 - 03106384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-08-06 23:34 - 2014-05-21 14:32 - 06883448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-08-06 23:34 - 2014-05-21 14:32 - 03492144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-08-06 23:34 - 2014-05-21 14:32 - 00937592 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-08-06 23:34 - 2014-05-21 14:32 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-08-06 23:34 - 2014-05-21 14:32 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-08-05 16:07 - 2014-05-22 12:50 - 00000000 ____D C:\RISA
2015-08-04 12:59 - 2014-06-13 15:21 - 00013172 _____ C:\Windows\BROMJ6920DW.INI
2015-08-04 12:59 - 2014-06-13 15:21 - 00000092 _____ C:\Windows\brpcfx.ini
2015-08-04 12:59 - 2014-06-13 15:21 - 00000024 _____ C:\Windows\Brpfx04a.ini
2015-08-03 11:46 - 2014-06-06 14:57 - 00000860 _____ C:\Users\C
2015-08-03 11:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-03 10:58 - 2014-05-13 17:56 - 00000000 ____D C:\GHS
2015-08-03 10:56 - 2014-05-13 17:57 - 00000000 ____D C:\Users\C FLY Marine\GHSdata
2015-08-03 07:05 - 2014-05-21 14:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-03 06:59 - 2014-06-06 11:35 - 00013816 _____ C:\Windows\SysWOW64\Utility.xml
2015-08-03 05:12 - 2014-05-21 14:32 - 05133709 _____ C:\Windows\system32\nvcoproc.bin

==================== Files in the root of some directories =======

2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\C FLY Marine\AppData\Roaming\38bhc15ujOnTt8bQnGkVQ7Q
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\C FLY Marine\AppData\Roaming\tF2IQw3F
2014-07-25 12:52 - 2014-07-25 12:52 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\C FLY Marine\AppData\Local\Temp\bassmod.dll
C:\Users\C FLY Marine\AppData\Local\Temp\dllnt_dump.dll
C:\Users\C FLY Marine\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-01 07:07

==================== End of FRST.txt ============================

 

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.1 - Adobe Systems Incorporated)
AutoCAD 2007 - English (HKLM-x32\...\{5783F2D7-5001-0409-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk)
AutoCAD 2010 - English (HKLM\...\AutoCAD 2010 - English) (Version: 18.0.55.0 - Autodesk)
AutoCAD 2010 - English (Version: 18.0.55.0 - Autodesk) Hidden
AutoCAD 2010 Language Pack - English (Version: 18.0.55.0 - Autodesk) Hidden
AutoCAD 2014 - English (Version: 19.1.108.0 - Autodesk) Hidden
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.6.12.800 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk AutoCAD 2014 - English SP1 (HKLM\...\AutoCAD 2014 - English SP1) (Version: 1 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.)
Autodesk DWG TrueView 2014 (HKLM\...\DWG TrueView 2014) (Version: 19.1.18.0 - Autodesk)
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Inventor Content Center Libraries 2014 (Desktop Content) (HKLM\...\{B46DECD1-1864-4EF1-0000-22D71E81877C}) (Version: 18.0.17000.0000 - Autodesk)
Autodesk Inventor Professional 2014 - English (HKLM\...\Autodesk Inventor Professional 2014) (Version: 18.0.17000.0000 - Autodesk)
Autodesk Inventor Professional 2014 (Version: 18.0.17000.0000 - Autodesk) Hidden
Autodesk Inventor Professional 2014 English Language Pack (Version: 18.0.17000.0000 - Autodesk) Hidden
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2015 (HKLM-x32\...\{4FBC9635-AC56-4378-8FDE-C4D3ED072681}) (Version: 5.2.9.100 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.27 - Autodesk)
Autodesk ReCap (Version: 1.0.43.27 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.27 - Autodesk) Hidden
Autodesk Revit Interoperability for Inventor 2014 (HKLM\...\Autodesk Revit Interoperability for Inventor 2014) (Version: 13.02.15161 - Autodesk)
Autodesk Revit Interoperability for Inventor 2014 (Version: 13.02.15161 - Autodesk) Hidden
Autodesk Simulation Job Manager Mechanical (HKLM\...\{3d71522e-9075-0400-0105-3e9e8f364eba}) (Version: 4.0.105.14050 - Autodesk)
Autodesk Vault Basic 2014 (Client) (HKLM\...\Autodesk Vault Basic 2014 (Client)) (Version: 18.0.86.0 - Autodesk)
Autodesk Vault Basic 2014 (Client) (Version: 18.0.86.0 - Autodesk) Hidden
Autodesk Vault Basic 2014 (Client) English Language Pack (Version: 18.0.86.0 - Autodesk) Hidden
AViCAD 2013 Professional English (HKLM-x32\...\{48976DC0-B3BB-11E1-6784-00B0700418BE}) (Version: 13.0.14.13 - ASVIC Software Inc)
Bongo 2.0 (64-bit) (HKLM\...\{61E3DED5-AF60-4973-B006-9157A372AA59}) (Version: 2.0.53229.0 - Robert McNeel & Associates)
Brother MFL-Pro Suite MFC-J6920DW (HKLM-x32\...\{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Chromium (HKU\.DEFAULT\...\Chromium) (Version: 46.0.2461.0 - Chromium)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
DWG TrueView 2014 (Version: 19.1.18.0 - Autodesk) Hidden
Eco Materials Adviser for Autodesk Inventor 2014 (64-bit) (HKLM\...\{530B8614-C5DE-475B-AF6F-71BED461552C}) (Version: 4.4.1.0 - Granta Design Limited)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Flamingo 1.1 (HKLM-x32\...\Flamingo 1.1) (Version: 1.1 Release - Robert McNeel & Associates, 3670 Woodland Park Avenue North, Seattle, WA 98103 USA)
Flamingo nXt (HKLM\...\{030BC8B6-1880-4129-911A-51DA3B60A16A}) (Version: 3.1.2012.0327 - Robert McNeel & Associates)
Flamingo nXt en-us Language Pack (HKLM-x32\...\{F72350BB-749A-463D-BA3F-EF32F277841F}) (Version: 3.1.2012.0327 - Robert McNeel & Associates)
Google Chrome (HKLM-x32\...\Google Chrome_is1) (Version:  - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
GoToMeeting 7.2.4.3277 (HKU\S-1-5-21-279859953-1193567709-810979650-1000\...\GoToMeeting) (Version: 7.2.4.3277 - CitrixOnline)
HP LaserJet 200 color M251 (HKLM-x32\...\{6682B5C4-530A-4FB8-ACAC-80DB5CCC68DD}) (Version: 5.0.12200.1036 - Hewlett-Packard)
HP Web Registration (HKLM-x32\...\{7EB211F2-7D8B-4A01-887B-276A227431CA}) (Version: 1.0.0.0 - Hewlett Packard, Co.)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM251DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM251LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM251 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel® Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 3.8.0.1108 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
KNCTR (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.)
Macromedia Flash Player 8 (HKLM-x32\...\ShockwaveFlash) (Version: 8 - Macromedia)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mech-Q AviCAD 2013.046 (HKLM-x32\...\Mech-Q AviCAD 2013_is1) (Version:  - ASVIC Software Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 8.0 Support DLLs (HKLM-x32\...\{342F5437-C87D-4BB5-89B9-B23E16C6A395}) (Version: 1.0.0 - McNeel & Associates)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.024 - MSI)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NCPyros_2014_R2 (Version: 14.210.29889.0 - ShipConstructor Software Inc.) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.60 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PC Backup Wizard (HKLM-x32\...\PC Backup Wizard) (Version:  - PC Backup Wizard)
Python 3.4.1 (HKLM-x32\...\{df32bb9e-3ed8-36b5-a649-e8c845c5f3a2}) (Version: 3.4.1150 - Python Software Foundation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rhinoceros 3.0 (HKLM-x32\...\Rhinoceros 3.0) (Version: 3.0 Release - Robert McNeel & Associates, 3670 Woodland Park Avenue North, Seattle, WA 98103 USA)
Rhinoceros 4.0 SR6 (HKLM-x32\...\{6B9DD988-5ECB-4623-BBFF-8A8F2DA3ED16}) (Version: 4.0.40709 - Robert McNeel & Associates)
Rhinoceros 4.0 SR9 (HKLM-x32\...\{E3355E5C-965C-4f67-8A8C-E9A0FA9FD80F}) (Version: 4.0.60309 - Robert McNeel & Associates)
Rhinoceros 5 (64-bit) (HKLM\...\{08C128A8-D667-49A7-B32E-2D8E1FB74B76}) (Version: 5.11.50226.17195 - Robert McNeel & Associates)
Rhinoceros 5.0 (HKLM-x32\...\{8CD14890-023B-4BFF-82D4-D83AA5D63302}) (Version: 5.1.20927.2215 - Robert McNeel & Associates)
Rhinoceros 5.0 Help Media (HKLM-x32\...\{B247EAD4-805E-4F13-A4D3-E3A80CD0EC36}) (Version: 5.1.20828.1435 - Robert McNeel & Associates)
Rhinoceros 5.0 Language Pack Installer (en-US) (HKLM-x32\...\{FB358CAB-5782-4294-8D9F-FF7E171CDFCB}) (Version: 5.1.20927.2215 - Robert McNeel & Associates)
RISA-3D (HKLM-x32\...\{0596ABF3-DDD6-4C93-BAD7-1302DE1057FA}) (Version: 5.5 - )
Scansoft PDF Professional (x32 Version:  - ) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
ShipCAM_2014_R2 (Version: 14.210.29889.0 - ShipConstructor Software Inc.) Hidden
ShipConstructor 2014 R2 (HKLM-x32\...\{4d85457a-4822-4009-b226-9b00f9d6da86}) (Version: 14.210.29889.0 - ShipConstructor Software Inc)
ShipConstructor_2014_R2 (Version: 14.210.29889.0 - ShipConstructor Software Inc.) Hidden
Siemens PLM License Server (HKLM-x32\...\Siemens PLM License Server) (Version: 6.1.1.3 - Siemens Product Lifecycle Management Software Inc.)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Solid YouTube Downloader and Converter 6.2.0.1 (HKLM-x32\...\{1E911896-3755-4272-99B1-4D18D24D0E19}_is1) (Version:  - DreamVideoSoft,Inc.)
SSI Licensing (HKLM\...\{EF3019D8-1405-4E6F-862E-0C1EC092C7C4}) (Version: 14.100.18673.0 - ShipConstructor Software Inc)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Windows Driver Package - KEYLOK (usbkey) USB  (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{00F064D8-FEC3-48ac-B07D-39C314D1727B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{1029ABC3-2457-11D5-8E9D-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{13009989-EFB5-48C9-8BD2-943E0392BD71}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppCtrl.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{18A21864-E37B-42b9-9612-2C1E8C450A29}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{21DB88B0-BFBF-11D4-8DE6-0010B541CAA8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\idrop.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{244298EC-E661-11d4-BC13-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TI.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{2F8377FC-50C1-44EF-AB7A-8FF1BB8EA277}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{3897B445-D5B8-410d-899A-9789B8ADB643}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{3C3F63EA-C7BA-11d4-8E60-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2014\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{3FC94EB5-AEBD-4f3f-A2A4-B6CE57113C01}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppDocView.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{45122C53-8483-4b62-B15A-EAA9FE5FC3D5}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{4C80573A-9150-11d2-B772-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppDocView.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{4D29B490-49B2-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{4E6F2E83-E7F0-4333-9772-875EB733C820}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxTest.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{62FBB030-24C7-11D3-B78D-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{644190AE-BD8F-493F-B63D-C79404AC5E07}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{6FDE7A70-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{6FDE7A71-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{6FDE7A72-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{6FDE7A73-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{6FDE7A74-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{6FDE7A77-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtCp.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{714D325C-E9CE-44ab-A72A-36BB410BA19B}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\FEAFilesHandler.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{72EC5CC5-88F3-45B1-A865-0A327DF58CC8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{76283A80-50DD-11D3-A7E3-00C04F79D7BC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{81D07C3D-0350-11D3-B7C2-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppCtrl.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{8421A29C-54B8-11D1-9837-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\SolidObject.Dll ()
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{846217D0-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\UCxTextBtn.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{846217D1-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\UCxTextBtn.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\C FLY Marine\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{8B0E6BD9-610C-11D1-9842-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\SolidObject.Dll ()
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{97E17F04-17DF-11d5-BC38-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\BodyReceiver.dll ()
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{B6B5DC40-96E3-11d2-B774-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{B8E7214B-25CA-4116-84CB-E86FB9625B36}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{BBF9FDF1-52DC-11D0-8C04-0800090BE8EC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{BE54741D-E02B-4572-93D6-105AF4EDE777}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{C343ED84-A129-11d3-B799-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxApprenticeServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{C92F8F8C-8B2C-11d4-B872-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{CFEE2BAF-14F9-4D23-853D-B6E2BCC14263}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{D7A1987D-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ColorButton.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{D7A1987E-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ColorButton.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{DA1F437C-9BD9-11d4-B87C-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{DB5D476B-3FF4-4E9D-A606-1E2B473BE571}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\AcInetUI.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{DCA7356C-FF94-4b20-AE04-7AA6A8E14117}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{DDA9A20F-5B56-49F5-9465-CE82FC199352}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{DE6B563C-B074-4BF1-A8A0-B3FED8703E99}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{E1C85E9F-60B2-4007-80C3-2C5E09474C3B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxInventorUtilities.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{E60F81E1-49B3-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{F13E75B9-6AF6-49CB-80B3-6D2FF6E09932}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{F61064CC-DBFB-47ee-9BC8-CA5A1CBDF0DA}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\InvResc.DLL (Autodesk)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{FA62F626-EBD5-4dc5-B970-D9E81E0E20E0}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{FB469644-3F14-4403-ACCA-6B13486FF7BD}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\InvTXTStack.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-279859953-1193567709-810979650-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File

==================== Restore Points =========================

27-08-2015 12:13:51 Revo Uninstaller's restore point - MovieDea 1.0
27-08-2015 12:14:31 Revo Uninstaller's restore point - Health Alert
27-08-2015 12:15:28 Revo Uninstaller's restore point - WordSurfer 1.10.0.19
27-08-2015 12:17:09 Revo Uninstaller's restore point - Crossbrowse
27-08-2015 12:19:11 Revo Uninstaller's restore point - Pro PC Cleaner
27-08-2015 12:25:24 Revo Uninstaller's restore point - Search Protect
27-08-2015 12:26:11 Revo Uninstaller's restore point - System NotifierV27.08
27-08-2015 13:29:34 JRT Pre-Junkware Removal
27-08-2015 13:37:20 Revo Uninstaller's restore point - Adobe Photoshop CS5 FinalSerial
27-08-2015 13:38:08 Revo Uninstaller's restore point - Google Chrome
31-08-2015 07:39:52 Windows Update
31-08-2015 08:14:29 Revo Uninstaller's restore point - 360 Total Security
31-08-2015 08:23:16 Revo Uninstaller's restore point - Microfast PC
31-08-2015 08:23:30 Removed Microfast PC
31-08-2015 08:24:57 Revo Uninstaller's restore point - Mozilla Firefox 40.0.2 (x86 en-US)
31-08-2015 09:24:07 JRT Pre-Junkware Removal
01-09-2015 09:19:04 Revo Uninstaller's restore point - Adobe Acrobat XI Pro
01-09-2015 09:19:30 Removed Adobe Acrobat XI Pro.
01-09-2015 09:26:33 Revo Uninstaller's restore point - Adobe Reader XI (11.0.12)
01-09-2015 09:30:52 Revo Uninstaller's restore point - Google Chrome
01-09-2015 09:33:07 Revo Uninstaller's restore point - Google Chrome
01-09-2015 09:49:25 JRT Pre-Junkware Removal
01-09-2015 10:07:03 Installed Adobe Acrobat XI Pro.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {186517CB-5299-4064-8288-688991814F8B} - System32\Tasks\{308A802D-CFF3-4DD6-A932-BC093355A0F0} => pcalua.exe -a "C:\Users\C FLY Marine\Desktop\emulator\SENTEMUL2007.exe" -d "C:\Users\C FLY Marine\Desktop\emulator"
Task: {1B877E3D-F42A-43DF-844D-8AFD6B8A61F6} - System32\Tasks\PCW\Updater\PCW updater => C:\Program Files (x86)\PCW Updater\updater.exe
Task: {3245C5F2-094F-49A0-9EE7-A33E17E9B0C9} - System32\Tasks\G2MUploadTask-S-1-5-21-279859953-1193567709-810979650-1000 => C:\Users\C FLY Marine\AppData\Local\Citrix\GoToMeeting\3277\g2mupload.exe [2015-08-24] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {3C0D187D-422B-45BD-957E-54250B13FDF3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {40903F8C-541E-482E-B56A-46E907A617E4} - \Microfast_Daily -> No File <==== ATTENTION
Task: {43F57CC1-FB6D-42E2-B82E-7BE7E1BD6CD9} - System32\Tasks\Teutqeug => C:\Program Files\shopperz240820151333\Mitle.bat <==== ATTENTION
Task: {4D08354F-314B-4449-A511-D6E2EEDB2CBD} - System32\Tasks\AdobeAAMUpdater-1.0-AHMED-CFLYMARIN-C FLY Marine => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated)
Task: {65CAB8C5-F237-45BE-AC5B-6CED67A5EEC8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {72FC8950-35BC-4BE1-94F3-007EF6E3C620} - System32\Tasks\PCW\PCWRunner\PCW_5002 => C:\Program Files (x86)\PCWDownloader\PCW\PCW_5002.exe [2015-08-27] ()
Task: {81A3F0DB-88CD-4BCF-9CFB-23F72D0E31BF} - \Microfast_LogOn -> No File <==== ATTENTION
Task: {8ADEF8D0-3381-4707-BCC6-5CA4038E1C99} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {A0A3EFEA-EAE0-43AC-AE85-0C0BD9DDCE2B} - System32\Tasks\tF2IQw3F => C:\Users\C FLY Marine\AppData\Roaming\tF2IQw3F.exe <==== ATTENTION
Task: {AA10BD81-6BF3-461B-8415-0611B2E1D3A6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for AHMED-CFLYMARIN-C FLY Marine AHMED-CFLYMarine => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {AA4F168D-D910-4186-A20B-74923C148080} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {B62031F3-75E0-4B04-A769-7F2949A9DEEA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {BCF2B9EF-028C-489C-B58A-30FB5DDE497C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {C0CDEE2D-5C8A-408D-9637-6995BC4E766F} - System32\Tasks\38bhc15ujOnTt8bQnGkVQ7Q => C:\Users\C FLY Marine\AppData\Roaming\38bhc15ujOnTt8bQnGkVQ7Q.exe <==== ATTENTION
Task: {C594B70C-FEC5-44DF-B003-3469232E5412} - System32\Tasks\PCW\PCWDownloader\PCW Downloader => C:\Program Files (x86)\PCWDownloader\PCW_downloader.exe
Task: {FC2D6623-A5F6-4399-BE81-D3D312F41069} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {FD244802-5158-46D9-B488-0A497A42DDE3} - System32\Tasks\G2MUpdateTask-S-1-5-21-279859953-1193567709-810979650-1000 => C:\Users\C FLY Marine\AppData\Local\Citrix\GoToMeeting\3277\g2mupdate.exe [2015-08-24] (Citrix Online, a division of Citrix Systems, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\38bhc15ujOnTt8bQnGkVQ7Q.job => C:\Users\C FLY Marine\AppData\Roaming\38bhc15ujOnTt8bQnGkVQ7Q.exe <==== ATTENTION
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-279859953-1193567709-810979650-1000.job => C:\Users\C FLY Marine\AppData\Local\Citrix\GoToMeeting\3277\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-279859953-1193567709-810979650-1000.job => C:\Users\C FLY Marine\AppData\Local\Citrix\GoToMeeting\3277\g2mupload.exe
Task: C:\Windows\Tasks\tF2IQw3F.job => C:\Users\C FLY Marine\AppData\Roaming\tF2IQw3F.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-05-21 14:32 - 2015-08-06 23:34 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-13 15:20 - 2005-04-21 23:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2015-07-22 01:02 - 2015-07-22 01:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-07-10 21:31 - 2013-07-10 21:31 - 08865448 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-10-01 22:36 - 2012-10-01 22:36 - 01408624 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2015-07-29 10:50 - 2015-07-23 23:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-06-06 13:35 - 2014-06-06 13:35 - 00019968 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PSIClient\f716357b44c85d7485b679d91fae0efb\PSIClient.ni.dll
2014-06-06 13:34 - 2013-09-17 05:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-07-10 21:31 - 2013-07-10 21:31 - 08865448 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\sqlite.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ooteeotoor => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-279859953-1193567709-810979650-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\C FLY Marine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Mechanical Job Server => 2
MSCONFIG\Services: mitsijm2014 => 2
MSCONFIG\Services: MSI_LiveUpdate_Service => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk => C:\Windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Mechanical Simulation Job Manager.lnk => C:\Windows\pss\Mechanical Simulation Job Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^C FLY Marine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: BrHelp => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: Live Update => C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: RUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: StatusAlerts => "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{C32251B8-CE45-4470-A76F-F7ECBF456592}C:\ghs\kltest.exe] => (Block) C:\ghs\kltest.exe
FirewallRules: [UDP Query User{007002BA-9F83-4DF9-AB5C-25AA539B3AE6}C:\ghs\kltest.exe] => (Block) C:\ghs\kltest.exe
FirewallRules: [{A2F7AAF4-BB2C-481E-8284-9C9D3EB468D6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{BBA734A3-22DD-4F23-9F8C-A23AAB70DAD3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{79289326-DC41-451C-9C3A-A94DA6EA75DA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C8553877-2D25-4720-B928-B38B74F73E95}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FC3893BD-665D-4F0A-A788-995D8B2E631D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4A94103A-2618-4403-AD03-472514FAB05B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{5F04CF06-60AD-4F9E-98FE-74063EDCF3D6}C:\program files\siemens\nx 9.0\ugii\ugraf.exe] => (Block) C:\program files\siemens\nx 9.0\ugii\ugraf.exe
FirewallRules: [UDP Query User{41DD14A5-FA35-4B9E-BA15-CBE862508592}C:\program files\siemens\nx 9.0\ugii\ugraf.exe] => (Block) C:\program files\siemens\nx 9.0\ugii\ugraf.exe
FirewallRules: [{92B20C71-578B-4C4D-9513-7975614A73F4}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{14CEA0E5-6AF2-4265-8A5D-B01E6E81388E}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{E4954169-DF29-4757-8786-D4A7D4FB2F6B}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A441E394-7517-451C-9C20-2047BCF93761}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{B61DF0BF-9F30-402D-8F89-46EDA2EDDD89}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color M251\Bin\HPNetworkCommunicator.exe
FirewallRules: [{F6514EAF-83FD-4BDB-B3B4-76BF1ECDFBC6}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color M251\bin\EWSProxy.exe
FirewallRules: [{B8601CC3-ACC8-4405-9EF2-AC3BAE040CB2}] => (Allow) LPort=50248
FirewallRules: [TCP Query User{F8D042A0-3C9F-4CE8-AB8B-A72FEADA5D04}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{CBFC7011-F046-44D0-B6F4-7F3571F9421B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{DA30A7AF-780B-47F0-9DA5-BD3FC7C96E76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BA710259-86E2-4EC7-BE2B-041FDBA70916}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2433A631-EADC-4E11-A5CF-59006324D0E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{43CAF504-4564-44BB-92A1-306BE7786939}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{08A0C267-CDDA-4204-BE01-C0698A559249}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{67268780-36E3-4400-ABAF-DCE304A0FDAE}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13c\FAXRX.EXE
FirewallRules: [{5CD0740D-8DED-45D3-B8C8-5055D464C424}] => (Allow) LPort=54925
FirewallRules: [{12EAC527-FBBD-4D73-8DAF-CB4658A7502E}] => (Allow) C:\Users\C FLY Marine\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{5C8967CD-DAE3-4A35-AE6F-00F29B012F93}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{8B6C3D34-D4CD-4034-BEAD-31C6E52170E4}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{C27AA0B2-70FC-41DD-AB1A-5AF4473BF6DE}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{63FAD0B9-A567-484E-BD29-E3DC17C50033}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{1B21359C-EE47-47D2-A528-25D5F9846F1D}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{C4C54B62-31CF-4A34-81C8-D271B83DBB6F}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{505B3224-FF16-45D3-99B3-90476E5EA154}] => (Allow) C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe
FirewallRules: [{B02BC655-5200-4682-85E8-74BEC85636A8}] => (Allow) C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msbuild.exe
FirewallRules: [{DF990511-95E2-4482-8500-178CC6D47D5B}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{3559E129-C841-446E-ACCD-DEEB43470146}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{06F801C5-D1A9-4E0F-85F6-70D381EBFA16}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2015 09:32:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: This network connection does not exist.
.

Error: (09/02/2015 09:32:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: This network connection does not exist.
.

Error: (09/02/2015 09:32:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: This network connection does not exist.
.

Error: (09/02/2015 09:32:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: 12029 (0x2efd).

Error: (09/02/2015 09:32:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (09/02/2015 08:49:19 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: This network connection does not exist.
.

Error: (09/02/2015 08:49:19 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: This network connection does not exist.
.

Error: (09/02/2015 08:42:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: This network connection does not exist.
.

Error: (09/02/2015 08:42:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: 12029 (0x2efd).

Error: (09/02/2015 08:10:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: This network connection does not exist.
.


System errors:
=============
Error: (09/01/2015 10:13:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/01/2015 09:55:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (09/01/2015 09:55:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/01/2015 09:54:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Siemens PLM License Server service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/01/2015 09:49:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/01/2015 09:49:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/01/2015 09:49:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/01/2015 09:49:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/01/2015 09:49:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ShipConstructor License Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/01/2015 09:49:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDFProFiltSrvPP service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (09/02/2015 09:32:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist.

Error: (09/02/2015 09:32:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist.

Error: (09/02/2015 09:32:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist.

Error: (09/02/2015 09:32:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12029 (0x2efd)

Error: (09/02/2015 09:32:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\C FLY Marine\Downloads\esetsmartinstaller_enu.exe

Error: (09/02/2015 08:49:19 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist.

Error: (09/02/2015 08:49:19 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist.

Error: (09/02/2015 08:42:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist.

Error: (09/02/2015 08:42:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12029 (0x2efd)

Error: (09/02/2015 08:10:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist.


CodeIntegrity:
===================================
  Date: 2015-08-07 09:58:50.215
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-07 09:58:50.214
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4820K CPU @ 3.70GHz
Percentage of memory in use: 30%
Total physical RAM: 8106.77 MB
Available physical RAM: 5622.82 MB
Total Virtual: 16211.7 MB
Available Virtual: 13068.42 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:137.5 GB) NTFS
Drive s: () (Network) (Total:1430.81 GB) (Free:947.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 656B62A9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Appreciate your help!



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:20 AM

Posted 03 September 2015 - 09:21 AM

Hey, :)

 

STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
  •  

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3

BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S1].txt.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Smackyfrog

Smackyfrog
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 04 September 2015 - 07:56 AM

Okay followed all your steps, here are the log files:

 

Malware bytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/4/2015
Scan Time: 7:33 AM
Logfile: MAlware bytes.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.04.05
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: C FLY Marine

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393307
Time Elapsed: 6 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.WinYahoo, HKU\S-1-5-18\SOFTWARE\wincy, Quarantined, [01e4cf5c2467f93d4f8537ebd92a6f91],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
CrackTool.Agent, C:\Users\C FLY Marine\Desktop\adobe.acrobat.xi.pro.patch-MPT.exe, Quarantined, [d213fa318506c5711dc27d70b34d1fe1],
CrackTool.Agent, C:\Users\C FLY Marine\Desktop\Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll ) [ChingLiu]\adobe.acrobat.xi.pro.patch-MPT.exe, Quarantined, [04e175b6385378beac3339b4916f35cb],
PUP.Optional.PricePeep, C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Quarantined, [1bcaa586ee9db6807939a203a262bc44],
PUP.Optional.PricePeep, C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Quarantined, [e8fd7bb0d8b3da5c2a88c7de8381b947],
PUP.Optional.SelectNGo, C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, Quarantined, [578e27049dee7fb7b1aab6f627dd5ca4],
PUP.Optional.SelectNGo, C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, Quarantined, [b72e5ecd256645f13922852720e426da],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Professional x64
Ran by C FLY Marine on Fri 09/04/2015 at  7:45:52.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\C FLY Marine\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\C FLY Marine\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\C FLY Marine\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\C FLY Marine\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/04/2015 at  7:47:46.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Adw cleaner:

 

# AdwCleaner v5.003 - Logfile created 04/09/2015 at 07:50:01
# Updated 20/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Professional  (x64)
# Username : C FLY Marine - AHMED-CFLYMARIN
# Running from : C:\Users\C FLY Marine\Desktop\Malware stuff\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Proxy settings cleared
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [870 bytes] ##########
 

 

 

Thank you again, this is my work computer, you probably won't here back from me until Tuesday 9/8 since it is a 3-day weekend here in the US due to Labor Day on Monday.



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:20 AM

Posted 05 September 2015 - 07:13 AM

Why do you want to crack Adobe?


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Smackyfrog

Smackyfrog
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 08 September 2015 - 07:16 AM

Is that what is causing it? It was a suite i installed with adobe, not trying to crack anything. Acrobat was already installed on this computer, should i get rid of it?



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:20 AM

Posted 08 September 2015 - 09:31 AM

 

CrackTool.Agent, C:\Users\C FLY Marine\Desktop\adobe.acrobat.xi.pro.patch-MPT.exe, Quarantined, [d213fa318506c5711dc27d70b34d1fe1],
CrackTool.Agent, C:\Users\C FLY Marine\Desktop\Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll ) [ChingLiu]\adobe.acrobat.xi.pro.patch-MPT.exe, Quarantined, [04e175b6385378beac3339b4916f35cb],

Your Adobe is cracked. I ask again: Why do you want to crack Adobe?


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Smackyfrog

Smackyfrog
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 08 September 2015 - 09:43 AM

I don't, the previous user of this desktop must have had it cracked. I have since removed it because we can't have unlicensed software on these computers.



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:20 AM

Posted 08 September 2015 - 04:08 PM

OK

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator)
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Smackyfrog

Smackyfrog
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 09 September 2015 - 07:04 AM

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked glossy antique.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked glossy bumped.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked glossy.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked varied.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked.armaterial
scanner sequence 3.ED.11.DCNAVZ
 ----- EOF -----



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:20 AM

Posted 09 September 2015 - 10:20 AM

What I know now: You have edited this log. Don't ask why but one line in this log shows me that there must be 9 red lines in this log instead of just 6 red lines.

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked glossy antique.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked glossy bumped.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked glossy.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked varied.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked.armaterial

scanner sequence 3.ED.11.DCNAVZ
 ----- EOF -----

We have now two options:

(1) You apologize for lying at me and show me the correct log.
(2) We stop the support.

Regards,
Machiavelli


Edited by Machiavelli, 09 September 2015 - 10:21 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Smackyfrog

Smackyfrog
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 09 September 2015 - 11:47 AM

I should have known better to lie to a person offering their help, and I apologize for this. Truth is there was more unlicensed software on this computer than i realized, and tried to take the easy way out. I have taken the steps to rid the computer of the rest of unlicensed software.

 

Here is the original log file:

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe dreamweaver cc 2015\configuration\taglibraries\html\keygen.vtm
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked glossy antique.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked glossy bumped.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked glossy.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked varied.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked.armaterial
c:\windows\autokms\autokms.exe
c:\windows\prefetch\keygen.exe-88188e62.pf
scanner sequence 3.ED.11.DCNAVZ
 ----- EOF -----

 

 

Here is the new one:

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked glossy antique.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked glossy bumped.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked glossy.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked varied.armaterial
c:\programdata\mcneel\flamingo nxt\language packs\en-us\materials\porcelain\glaze cracked.armaterial
scanner sequence 3.BD.11.CWAAP0
 ----- EOF -----
 



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:20 AM

Posted 09 September 2015 - 01:26 PM

OK
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Smackyfrog

Smackyfrog
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 10 September 2015 - 07:16 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by C FLY Marine (administrator) on AHMED-CFLYMARIN (10-09-2015 07:15:05)
Running from C:\Users\C FLY Marine\Downloads
Loaded Profiles: C FLY Marine (Available Profiles: C FLY Marine)
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(ShipConstructor Software Inc.) C:\Program Files\Common Files\SSI\SCLicensing\SConLicenseServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\AutoCAD 2014\acad.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Autodesk, Inc.) C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\AutoCAD 2014\AdExchange\AcBrowserHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Robert McNeel & Associates) C:\Program Files\Rhinoceros 5.0 (64-bit)\System\Rhino.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1317256 2013-07-16] (Autodesk, Inc.)
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll [2006-03-05] (Autodesk)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{A9092306-3BAD-4F6C-80B8-74F41BC5961D}: [DhcpNameServer] 71.10.216.1 71.10.216.2

Internet Explorer:
==================
HKU\S-1-5-21-279859953-1193567709-810979650-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-279859953-1193567709-810979650-1000 -> DefaultScope {2B662D10-3774-4F04-9A18-6F512DE628E1} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-279859953-1193567709-810979650-1000 -> {0BF61FEF-E1AF-495C-BC8C-1D48F6E3326E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-279859953-1193567709-810979650-1000 -> {2B662D10-3774-4F04-9A18-6F512DE628E1} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-07-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} ->  No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-279859953-1193567709-810979650-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\C FLY Marine\AppData\Roaming\Mozilla\Firefox\Profiles\54eoy37y.default
FF DefaultSearchEngine.US: Google
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-279859953-1193567709-810979650-1000: @citrixonline.com/appdetectorplugin -> C:\Users\C FLY Marine\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-15] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-07-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\C FLY Marine\AppData\Roaming\Mozilla\Firefox\Profiles\54eoy37y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-01]

Chrome:
=======
CHR Profile: C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-01]
CHR Extension: (Google Docs) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-01]
CHR Extension: (Google Drive) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-01]
CHR Extension: (YouTube) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-01]
CHR Extension: (Google Search) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-01]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-01]
CHR Extension: (Yahoo for Chrome) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol [2015-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-01]
CHR Extension: (Gmail) - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-01]
CHR Extension: (Chrome core) - C:\ProgramData\chrome\extension\chrome-core [2015-08-31]
CHR Extension: (__MSG_extName__) - C:\ProgramData\chrome\extension\dream-youtube-downloader [2015-08-31]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.FESGYXMOPHOYVT2JTLVA7NAB5A - C:\Users\C FLY Marine\AppData\Local\Google\Chrome\Application\46.10.2479.1\chromer.exe

Opera:
=======
OPR Extension: (Cinema PlusV27.08) - C:\Users\C FLY Marine\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2014-05-14] (Autodesk)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67944 2015-02-26] (Robert McNeel & Associates)
S4 Mechanical Job Server; C:\Program Files\Autodesk\Mechanical Simulation Job Manager\dssp_jobServer.exe [404992 2014-02-19] (Autodesk Inc.) [File not signed]
S4 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
S4 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1740968 2015-07-01] (Micro-Star INT'L CO., LTD.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 ShipConstructor License Server; C:\Program Files\Common Files\SSI\SCLicensing\SConLicenseServer.exe [65536 2014-01-24] (ShipConstructor Software Inc.) [File not signed]
S2 Siemens PLM License Server; C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe [1830736 2013-01-18] (Flexera Software LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-05-22] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27120 2013-09-26] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58664 2009-07-13] (SafeNet, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-01] ()
S3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [40288 2014-05-13] ()
S3 XRNBO; c:\windows\SysWOW64\drivers\XRNBO.sys [177152 2014-05-15] () [File not signed]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 07:14 - 2015-09-10 07:14 - 00000000 ____D C:\Users\C FLY Marine\Downloads\FRST-OlderVersion
2015-09-09 07:02 - 2015-09-09 11:45 - 00000741 _____ C:\Users\C FLY Marine\Desktop\ckfiles.txt
2015-09-09 07:00 - 2015-09-09 07:00 - 00468480 _____ () C:\Users\C FLY Marine\Desktop\CKScanner.exe
2015-09-08 13:34 - 2015-09-08 13:34 - 00007487 _____ C:\Users\C FLY Marine\AppData\Local\recently-used.xbel
2015-09-08 10:20 - 2015-09-08 13:34 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\gtk-2.0
2015-09-08 09:45 - 2015-09-08 09:45 - 00000000 ____D C:\Users\C FLY Marine\.thumbnails
2015-09-08 07:57 - 2015-09-08 07:57 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-09-08 07:57 - 2015-09-08 07:57 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\CEF
2015-09-08 07:56 - 2015-09-08 07:56 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-09-08 07:56 - 2015-09-08 07:56 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-09-08 07:54 - 2015-09-08 13:34 - 00000000 ____D C:\Users\C FLY Marine\Desktop\Images for sillys
2015-09-08 07:51 - 2015-09-08 13:34 - 00000000 ____D C:\Users\C FLY Marine\.gimp-2.8
2015-09-08 07:51 - 2015-09-08 07:51 - 25424256 _____ ( ) C:\Users\C FLY Marine\Downloads\gimp-help-2-2.8.1-en-setup.exe
2015-09-08 07:51 - 2015-09-08 07:51 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-09-08 07:51 - 2015-09-08 07:51 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\gegl-0.2
2015-09-08 07:51 - 2015-09-08 07:51 - 00000000 ____D C:\Program Files\GIMP 2
2015-09-08 07:49 - 2015-09-08 07:49 - 91931728 _____ (The GIMP Team ) C:\Users\C FLY Marine\Downloads\gimp-2.8.14-setup-1.exe
2015-09-08 07:45 - 2015-08-25 09:08 - 00574072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-09-08 07:44 - 2015-08-25 13:46 - 42840368 _____ C:\Windows\system32\nvcompiler.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 37819184 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 22525560 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 18543736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 16637336 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 15512888 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 14936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 13661160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 12185152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 11089200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-09-08 07:44 - 2015-08-25 13:46 - 02940720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 02627704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435582.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 01558648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435582.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 01106672 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 01075320 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 01064752 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 00986232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 00945456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 00944736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-09-08 07:44 - 2015-08-25 13:46 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-09-08 07:28 - 2015-09-08 07:45 - 00000000 ____D C:\Windows\LastGood
2015-09-08 07:28 - 2015-08-10 23:52 - 00072504 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-09-08 07:28 - 2015-08-10 23:52 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-09-08 07:28 - 2015-08-10 23:52 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-09-04 11:06 - 2015-09-04 11:06 - 00001932 _____ C:\Users\C FLY Marine\Desktop\design page code.txt
2015-09-04 10:44 - 2015-09-04 10:44 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-09-04 07:49 - 2015-09-04 07:51 - 00000948 _____ C:\Users\C FLY Marine\Desktop\AdwCleaner[S1].txt
2015-09-04 07:42 - 2015-09-04 07:42 - 00002288 _____ C:\Users\C FLY Marine\Desktop\MAlware bytes.txt
2015-09-03 08:22 - 2015-09-03 08:22 - 07088086 _____ C:\Users\C FLY Marine\Downloads\wordpress-4.3(1).zip
2015-09-02 09:34 - 2015-09-02 09:34 - 00078818 _____ C:\Users\C FLY Marine\Desktop\Addition.txt
2015-09-02 09:34 - 2015-09-02 09:34 - 00051333 _____ C:\Users\C FLY Marine\Desktop\FRST.txt
2015-09-02 09:32 - 2015-09-10 07:15 - 00018523 _____ C:\Users\C FLY Marine\Downloads\FRST.txt
2015-09-02 09:32 - 2015-09-10 07:15 - 00000000 ____D C:\FRST
2015-09-02 09:32 - 2015-09-02 09:33 - 00078818 _____ C:\Users\C FLY Marine\Downloads\Addition.txt
2015-09-02 09:31 - 2015-09-10 07:14 - 02190336 _____ (Farbar) C:\Users\C FLY Marine\Downloads\FRST64.exe
2015-09-01 10:11 - 2015-09-01 10:11 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\PDAppFlex
2015-09-01 10:03 - 2015-09-01 10:05 - 00001464 _____ C:\Windows\KB893803v2.log
2015-09-01 10:01 - 2015-09-01 10:01 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-01 10:01 - 2015-09-01 10:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-01 07:42 - 2015-09-01 07:42 - 18501919 _____ C:\Users\C FLY Marine\Downloads\HSC_2015_Full_Set.zip
2015-09-01 07:32 - 2015-09-10 07:13 - 00110439 _____ C:\Windows\WindowsUpdate.log
2015-09-01 07:30 - 2015-09-08 07:45 - 00001158 _____ C:\Windows\setupact.log
2015-09-01 07:30 - 2015-09-04 07:50 - 00008664 _____ C:\Windows\PFRO.log
2015-09-01 07:30 - 2015-09-04 07:41 - 00548720 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-01 07:30 - 2015-09-01 07:30 - 00000000 _____ C:\Windows\setuperr.log
2015-09-01 07:24 - 2015-08-31 17:44 - 01799392 _____ (Malwarebytes Corporation) C:\Users\C FLY Marine\Desktop\JRT.exe
2015-09-01 07:20 - 2015-09-01 07:22 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\C FLY Marine\Downloads\unhide.exe
2015-09-01 07:13 - 2015-09-01 07:13 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\C FLY Marine\Downloads\tdsskiller.exe
2015-08-31 09:26 - 2015-08-31 09:26 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-31 09:13 - 2015-08-31 09:18 - 00035882 _____ C:\Users\C FLY Marine\Downloads\MTB.txt
2015-08-31 09:11 - 2015-08-31 09:12 - 02870984 _____ (ESET) C:\Users\C FLY Marine\Downloads\esetsmartinstaller_enu.exe
2015-08-31 09:10 - 2015-08-31 09:11 - 01798640 _____ (Malwarebytes Corporation) C:\Users\C FLY Marine\Downloads\JRT (1).exe
2015-08-31 09:09 - 2015-08-31 09:10 - 00891392 _____ (Farbar) C:\Users\C FLY Marine\Downloads\MiniToolBox.exe
2015-08-31 08:14 - 2015-08-31 08:40 - 00000000 ____D C:\ProgramData\chrome
2015-08-31 08:12 - 2015-08-31 08:35 - 00000000 ____D C:\Program Files (x86)\360
2015-08-31 08:12 - 2015-08-31 08:12 - 46073439 _____ (Google Inc. ) C:\Users\C FLY Marine\Downloads\chrome-setup.exe
2015-08-27 13:28 - 2015-08-27 13:29 - 01798560 _____ (Malwarebytes Corporation) C:\Users\C FLY Marine\Downloads\JRT.exe
2015-08-27 13:16 - 2015-08-27 13:16 - 00931408 _____ (Google Inc.) C:\Users\C FLY Marine\Downloads\ChromeSetup.exe
2015-08-27 13:14 - 2015-08-27 13:20 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\Mozilla
2015-08-27 13:14 - 2015-08-27 13:14 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\Mozilla
2015-08-27 12:53 - 2015-08-27 12:53 - 00000000 ____D C:\Program Files\dwgs for ROWAN
2015-08-27 12:51 - 2015-08-27 12:51 - 00000000 ____D C:\Windows\Sun
2015-08-27 12:19 - 2015-09-10 07:13 - 00001046 _____ C:\Windows\Tasks\38bhc15ujOnTt8bQnGkVQ7Q.job
2015-08-27 12:19 - 2015-08-27 12:19 - 00004100 _____ C:\Windows\System32\Tasks\38bhc15ujOnTt8bQnGkVQ7Q
2015-08-27 12:18 - 2015-08-27 12:18 - 00003658 _____ C:\Windows\System32\Tasks\Teutqeug
2015-08-27 12:18 - 2014-02-19 00:52 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\ATL90.dll
2015-08-27 12:17 - 2015-09-10 07:13 - 00001016 _____ C:\Windows\Tasks\tF2IQw3F.job
2015-08-27 12:17 - 2015-08-27 12:32 - 00000000 ____D C:\Program Files (x86)\2bc2fa8b-12c1-456d-bebc-1a6c4899cba8
2015-08-27 12:17 - 2015-08-27 12:17 - 00004070 _____ C:\Windows\System32\Tasks\tF2IQw3F
2015-08-27 12:16 - 2015-08-27 12:20 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-27 12:13 - 2015-09-04 10:26 - 00000000 ____D C:\Users\C FLY Marine\Desktop\Malware stuff
2015-08-27 12:06 - 2015-08-31 10:09 - 00000000 ____D C:\Program Files (x86)\PCWDownloader
2015-08-27 12:06 - 2015-08-31 10:09 - 00000000 ____D C:\Program Files (x86)\PCW Updater
2015-08-27 12:06 - 2015-08-31 08:12 - 00000000 ____D C:\ProgramData\MSNetCore
2015-08-27 12:06 - 2015-08-27 12:07 - 00000000 ____D C:\Windows\System32\Tasks\PCW
2015-08-27 12:06 - 2015-08-27 12:06 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\youtube-downloader-and-converter
2015-08-27 12:06 - 2015-08-27 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solid YouTube Downloader and Converter
2015-08-27 12:06 - 2015-08-27 12:06 - 00000000 ____D C:\Program Files (x86)\Solid YouTube Downloader and Converter
2015-08-27 12:06 - 2009-06-10 16:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-27 10:23 - 2015-09-08 13:20 - 00000000 ____D C:\Users\C FLY Marine\Desktop\silhouettes
2015-08-27 07:11 - 2015-08-27 07:12 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\C FLY Marine\Downloads\revosetup (1).exe
2015-08-27 07:10 - 2015-08-27 07:12 - 69999448 _____ (Microsoft Corporation) C:\Users\C FLY Marine\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
2015-08-24 14:44 - 2015-08-24 14:44 - 07088086 _____ C:\Users\C FLY Marine\Downloads\wordpress-4.3.zip
2015-08-24 14:41 - 2015-08-25 10:25 - 00000000 ____D C:\Users\C FLY Marine\AppData\OICE_15_974FA576_32C1D314_7AC
2015-08-24 09:16 - 2015-09-08 12:31 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\CrashDumps
2015-08-21 07:21 - 2015-09-01 07:26 - 00000000 ____D C:\Program Files\CCleaner
2015-08-21 07:21 - 2015-08-21 07:21 - 00002818 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-08-21 07:20 - 2015-09-01 09:25 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-21 07:20 - 2015-08-21 07:20 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-21 07:18 - 2015-08-21 07:19 - 06609608 _____ (Piriform Ltd) C:\Users\C FLY Marine\Downloads\ccsetup508.exe
2015-08-21 07:17 - 2015-08-21 07:20 - 18758216 _____ C:\Users\C FLY Marine\Downloads\RogueKiller.exe
2015-08-21 07:15 - 2015-09-04 07:50 - 00000000 ____D C:\AdwCleaner
2015-08-21 07:15 - 2015-08-21 07:16 - 07471104 _____ C:\Users\C FLY Marine\Downloads\Unconfirmed 81540.crdownload
2015-08-21 07:13 - 2015-08-21 07:14 - 01605632 _____ C:\Users\C FLY Marine\Downloads\AdwCleaner.exe
2015-08-21 07:13 - 2015-08-21 07:13 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\C FLY Marine\Downloads\rkill (1).com
2015-08-20 12:31 - 2015-08-20 12:31 - 00000000 ____D C:\Rowan Resolute
2015-08-20 12:04 - 2015-08-20 12:04 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-08-20 12:04 - 2015-08-20 12:04 - 00000000 ____D C:\Program Files\Java
2015-08-20 12:02 - 2015-08-20 12:02 - 56501344 _____ (Oracle Corporation) C:\Users\C FLY Marine\Downloads\jre-8u60-windows-x64.exe
2015-08-20 11:59 - 2015-08-20 12:00 - 00000000 ____D C:\Users\C FLY Marine\AppData\OICE_15_974FA576_32C1D314_2339
2015-08-20 11:51 - 2015-08-20 11:51 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-08-20 11:49 - 2015-08-20 12:04 - 00000000 ____D C:\Users\C FLY Marine\.oracle_jre_usage
2015-08-20 11:49 - 2015-08-20 11:49 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\Sun
2015-08-20 11:17 - 2015-08-20 11:17 - 00584288 _____ (Oracle Corporation) C:\Users\C FLY Marine\Downloads\jre-8u60-windows-i586-iftw.exe
2015-08-20 00:02 - 2015-08-27 12:39 - 00000000 ____D C:\Program Files (x86)\RotaryMaoSters
2015-08-20 00:01 - 2015-08-27 12:39 - 00000000 ____D C:\Program Files (x86)\RoTairyMasTersu
2015-08-20 00:01 - 2015-08-27 12:32 - 00000000 ____D C:\Program Files (x86)\Lightning Speed DialExt
2015-08-20 00:00 - 2015-08-27 12:32 - 00000000 ____D C:\Program Files (x86)\RotaryMeaseteeras
2015-08-19 15:00 - 2015-08-27 12:18 - 00000000 ____D C:\ProgramData\myselfcoupon
2015-08-17 09:28 - 2015-08-25 13:46 - 14635792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 14673920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\SETAC91.tmp
2015-08-17 09:28 - 2015-08-07 06:06 - 01898104 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435560.dll
2015-08-17 09:28 - 2015-08-07 06:06 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435560.dll
2015-08-17 07:15 - 2015-08-17 07:15 - 04645683 _____ C:\Users\C FLY Marine\Downloads\Response_T1384180_files.zip
2015-08-17 07:15 - 2015-08-17 07:15 - 00577978 _____ C:\Users\C FLY Marine\Downloads\Response_T1400103_files.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 07:13 - 2015-06-04 14:25 - 00000648 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-279859953-1193567709-810979650-1000.job
2015-09-10 07:13 - 2014-05-15 10:49 - 00000552 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-279859953-1193567709-810979650-1000.job
2015-09-09 11:43 - 2014-05-14 10:50 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\Adobe
2015-09-09 09:51 - 2014-06-13 15:21 - 00039757 _____ C:\Windows\BRRBCOM.INI
2015-09-09 09:10 - 2015-06-01 13:03 - 00005012 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for AHMED-CFLYMARIN-C FLY Marine AHMED-CFLYMarine
2015-09-09 07:09 - 2014-05-14 10:49 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\Adobe
2015-09-08 13:40 - 2014-07-02 13:20 - 00164176 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-09-08 13:39 - 2009-07-14 00:13 - 00785544 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-08 09:45 - 2014-05-13 16:59 - 00000000 ____D C:\Users\C FLY Marine
2015-09-08 08:08 - 2014-05-14 14:04 - 00069147 _____ C:\Users\C FLY Marine\Documents\plot.log
2015-09-08 07:56 - 2014-05-14 10:49 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-09-08 07:55 - 2015-08-10 07:44 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-08 07:46 - 2014-05-21 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-09-08 07:46 - 2014-05-20 11:25 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-09-08 07:46 - 2014-05-20 11:25 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-08 07:38 - 2014-09-14 10:49 - 00164176 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-09-08 07:32 - 2009-07-13 23:45 - 00034624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-08 07:32 - 2009-07-13 23:45 - 00034624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-08 07:28 - 2014-05-14 10:49 - 00000000 ____D C:\ProgramData\Adobe
2015-09-04 10:44 - 2015-06-04 14:25 - 00003706 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-279859953-1193567709-810979650-1000
2015-09-04 10:44 - 2014-05-15 10:49 - 00003610 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-279859953-1193567709-810979650-1000
2015-09-04 07:50 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-04 07:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
2015-09-04 07:28 - 2014-06-13 12:26 - 00000000 ____D C:\NHT
2015-09-01 10:01 - 2014-05-19 14:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-01 09:51 - 2014-05-13 17:59 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\Google
2015-09-01 09:33 - 2014-05-13 17:59 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-01 07:44 - 2015-07-29 10:44 - 00000000 ____D C:\Users\C FLY Marine\Desktop\Regulatory rules
2015-09-01 07:31 - 2015-08-07 10:34 - 00000000 ___RD C:\Users\C FLY Marine\Creative Cloud Files
2015-09-01 07:31 - 2014-07-03 10:34 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-31 14:47 - 2009-07-14 02:46 - 00000000 ____D C:\Windows\ShellNew
2015-08-31 10:09 - 2015-08-07 09:40 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\{C901FF5D-EDA9-93E5-8031-B60DA4594A95}
2015-08-31 08:35 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages
2015-08-27 12:23 - 2014-05-13 16:59 - 00001443 _____ C:\Users\C FLY Marine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-27 12:23 - 2014-05-13 16:59 - 00001409 _____ C:\Users\C FLY Marine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-08-27 12:23 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-27 12:23 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-27 12:12 - 2014-06-25 19:22 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-08-27 12:11 - 2015-08-07 09:17 - 00000000 ____D C:\Program Files (x86)\Photoshop
2015-08-26 19:37 - 2015-07-29 10:50 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-08-26 19:37 - 2014-05-21 14:33 - 01423120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-08-26 19:36 - 2015-07-29 10:50 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-08-26 19:36 - 2014-05-21 14:33 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-08-25 13:46 - 2014-05-21 14:32 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-08-25 13:46 - 2014-05-21 14:32 - 00105264 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-08-25 13:46 - 2014-05-21 14:32 - 00033025 _____ C:\Windows\system32\nvinfo.pb
2015-08-25 13:46 - 2014-05-21 14:31 - 17082392 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-08-25 13:46 - 2014-05-21 14:31 - 12515016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-08-25 13:46 - 2014-05-21 14:31 - 03527696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-08-25 13:46 - 2014-05-21 14:31 - 03112904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-08-25 09:24 - 2015-08-03 07:08 - 02558584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-08-25 09:24 - 2014-05-21 14:32 - 06884984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-08-25 09:24 - 2014-05-21 14:32 - 03496752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-08-25 09:24 - 2014-05-21 14:32 - 00937776 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-08-25 09:24 - 2014-05-21 14:32 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-08-25 09:24 - 2014-05-21 14:32 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-08-25 07:35 - 2014-05-21 14:32 - 05165808 _____ C:\Windows\system32\nvcoproc.bin
2015-08-21 07:28 - 2014-05-22 09:30 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\DAEMON Tools Lite
2015-08-21 07:22 - 2014-05-15 10:40 - 00000000 ____D C:\Windows\Minidump
2015-08-21 07:22 - 2014-05-13 17:54 - 00000000 ____D C:\Windows\Panther
2015-08-20 12:04 - 2014-07-22 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-20 11:50 - 2014-05-22 09:52 - 00000000 ____D C:\ProgramData\Oracle
2015-08-20 11:50 - 2014-05-22 09:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-20 11:45 - 2014-07-25 14:38 - 00000000 ____D C:\Users\C FLY Marine\AppData\Local\cache
2015-08-11 14:31 - 2014-05-22 14:49 - 00000000 ____D C:\Users\C FLY Marine\AppData\Roaming\McNeel

==================== Files in the root of some directories =======

2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\C FLY Marine\AppData\Roaming\38bhc15ujOnTt8bQnGkVQ7Q
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\C FLY Marine\AppData\Roaming\tF2IQw3F
2015-09-08 13:34 - 2015-09-08 13:34 - 0007487 _____ () C:\Users\C FLY Marine\AppData\Local\recently-used.xbel
2014-07-25 12:52 - 2014-07-25 12:52 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\C FLY Marine\AppData\Local\Temp\bassmod.dll
C:\Users\C FLY Marine\AppData\Local\Temp\dllnt_dump.dll
C:\Users\C FLY Marine\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\C FLY Marine\AppData\Local\Temp\nvStInst.exe
C:\Users\C FLY Marine\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-01 07:07

==================== End of FRST.txt ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users