Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tradeadexchange.com virus in google chrome


  • This topic is locked This topic is locked
6 replies to this topic

#1 teardroprain

teardroprain

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 10 September 2015 - 09:21 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015
Ran by Chris (administrator) on DRK2013 (10-09-2015 15:35:58)
Running from C:\Users\Chris\Downloads
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\NMSAccessU.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AddGadgets) C:\PCMeterV4\PCMeterV0.4.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
() C:\Program Files\AuthenTec TrueSuite\x86\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Dropbox, Inc.) C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(IM) C:\Program Files (x86)\smarshIM\sIM.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(eSignal) C:\Program Files (x86)\eSignal\WinSig.exe
(William O'Neil & Co.) C:\Oneil1\wonda.exe
(eSignal) C:\Program Files (x86)\eSignal\winros.exe
(eSignal) C:\Program Files (x86)\eSignal\nm.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Config.Msi\1d4e79.rbf
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Config.Msi\1d4eac.rbf
(Peter Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-22] (Authentec)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2015-03-18] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6729920 2015-05-23] (SoftPerfect Research)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12326768 2015-08-30] (Zemana Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056 2011-08-30] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2013-04-11] (Bitleader)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Instan-t] => C:\Program Files (x86)\smarshIM\itLoad.exe [106554 2009-12-09] (IM)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2014-12-30] (Zemana Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-20] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [eXuU9r4A8e] => "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Chris\AppData\Roaming\uW3XdhyA\IurkAC2.9gP"
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [o7E3kBfAjo] => C:\Users\Chris\AppData\Roaming\D6e9wsrI8\SEBuAMe.exe.lnk
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4566664 2014-06-16] (Plex, Inc.)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [Spotify] => C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-01-29] (Spotify Ltd)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [Spotify Web Helper] => C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-29] (Spotify Ltd)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [Dropbox Update] => C:\Users\Chris\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-01] (Dropbox, Inc.)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53736048 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\RunOnce: [Application Restart #0] => C:\Windows\SysWOW64\mshta.exe [12800 2014-10-31] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(3).dll [94664 2014-12-30] (Zemana Ltd.)
AppInit_DLLs: , C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(3).dll [86400 2014-12-30] (Zemana Ltd.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-06-29] (IvoSoft)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-22] (Authentec)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-22] (Authentec)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-06-29] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2015-08-03]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-04-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-05-01]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2014-06-25]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk [2014-10-22]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar394.lnk [2015-09-10]
ShortcutTarget: Sidebar394.lnk -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2A428221-E678-4B70-A8AA-FACBC7EC507F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9F335C40-3AF4-4AD2-A69B-A45B05037365}: [NameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.facebook.com/lists/10153047911143768
SearchScopes: HKU\S-1-5-21-21243597-2329895611-2280867389-1005 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll [2009-10-15] (TechSmith Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-06-29] (IvoSoft)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL [2012-08-24] (AuthenTec Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12] (Microsoft Corporation.)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll [2013-06-29] (IvoSoft)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll [2009-10-15] (TechSmith Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-06-29] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-22] (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll [2012-08-24] (AuthenTec Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-08-26] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-22] (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll [2013-06-29] (IvoSoft)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-06-29] (IvoSoft)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-10-15] (TechSmith Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-06-29] (IvoSoft)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-21243597-2329895611-2280867389-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-21243597-2329895611-2280867389-1005 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-04-23] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\AuthenTec TrueSuite\x86\npffwloplugin.dll [2012-08-24] (AuthenTec, Inc)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-22] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-04-23] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-21243597-2329895611-2280867389-1005: @citrixonline.com/appdetectorplugin -> C:\Users\Chris\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-21243597-2329895611-2280867389-1005: cloudon.com/CloudOn -> C:\Users\Chris\AppData\Roaming\CloudOnInc\CloudOn\2.0.55\npCloudOn.dll [2014-01-22] (CloudOn Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-10-01] (Cisco WebEx LLC)
FF Extension: iCloud Bookmarks - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\firefoxdav@icloud.com [2015-07-10]
FF Extension: Xmarks - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\foxmarks@kei.com [2015-07-10]
FF Extension: NetVideoHunter - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\netvideohunter@netvideohunter.com [2015-07-28]
FF Extension: LastPass - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\support@lastpass.com [2015-07-29]
FF Extension: AddThis - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2015-07-28]
FF Extension: FEBE - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2015-07-28]
FF Extension: WOT - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-28]
FF Extension: SearchPreview - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2015-07-29]
FF Extension: FindBar Tweak - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\fbt@quicksaver.xpi [2013-11-06]
FF Extension: OptimizeGoogle - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\optimizegoogle@optimizegoogle.com.xpi [2013-04-10]
FF Extension: S3.Google Translator - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\s3google@translator.xpi [2013-09-30]
FF Extension: Save My Tabs - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\savemytabs@dmitriy.khudorozhkov.xpi [2013-04-10]
FF Extension: Shorten URL - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\ShortenURL@loucypher.xpi [2013-04-10]
FF Extension: Google Translator for Firefox - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\translator@zoli.bod.xpi [2013-04-10]
FF Extension: Tree Style Tab - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2013-04-10]
FF Extension: Screengrab  (fix version) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2013-04-10]
FF Extension: Screengrab - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi [2013-04-10]
FF Extension: Locator - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3fff}.xpi [2013-10-01]
FF Extension: CacheViewer Continued - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi [2013-04-10]
FF Extension: Gmail Manager - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi [2013-04-10]
FF Extension: ReloadEvery - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-04-10]
FF Extension: Amplify - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba}.xpi [2013-04-10]
FF Extension: Download status - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}.xpi [2013-04-10]
FF Extension: Video DownloadHelper - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-07-10]
FF Extension: Adblock Plus - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-10]
FF Extension: Download Statusbar - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-04-10]
FF Extension: QuickJava - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013-10-01]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-28]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-07-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-14]

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2015-07-23]
CHR Extension: (Google Translate) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-09-10]
CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-05]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-09-10]
CHR Extension: (Unfriend Notify for Facebook) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2015-06-28]
CHR Extension: (Bookmarks Side Panel) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankkfflbgjokclfgfehiinnlijdlicdb [2015-09-10]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-30]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-30]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-09-10]
CHR Extension: (Sidewise Tree Style Tabs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\biiammgklaefagjclmnlialkmaemifgo [2015-06-05]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-30]
CHR Extension: (Adblock Plus) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-10]
CHR Extension: (Alexa Traffic Rank) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2015-09-10]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-30]
CHR Extension: (Tampermonkey) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-07-25]
CHR Extension: (Facebook Unseen) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmdhkalcecemojegheiohcghkamlipof [2015-09-10]
CHR Extension: (Video Downloader professional) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-09-10]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-05]
CHR Extension: (Google Docs Offline) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-09]
CHR Extension: (Video Downloader Super) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghciphhakbampjemlfbahnhhaemoeolf [2015-06-05]
CHR Extension: (AdBlock) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-29]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-06-07]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2015-09-10]
CHR Extension: (Alexa) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahagolkpaghhinaljhjihagjgomdokb [2015-06-05]
CHR Extension: (Pixlr Editor) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2015-06-07]
CHR Extension: (Facebook Unseen) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2015-09-10]
CHR Extension: (Pixlr Touch Up) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2015-06-07]
CHR Extension: (Evernote Web) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-09-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Skype Click to Call) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-13]
CHR Extension: (Pocket) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-09-10]
CHR Extension: (Ghostery) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-09-10]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2015-06-05]
CHR Extension: (Save to Pocket) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-09-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2015-09-10]
CHR Extension: (Website Logon) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelloajafbopojkjmieelljfkcmdpdhf [2013-09-30]
CHR Extension: (Audio Converter) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfphighcpfimfhblaigjckljcoeipga [2015-07-24]
CHR Extension: (Evernote Web Clipper) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-09-10]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-30]
CHR HKU\S-1-5-21-21243597-2329895611-2280867389-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iahagolkpaghhinaljhjihagjgomdokb] - C:\Users\Chris\AppData\Local\Alexa\atbpg-7ZXQft-1.3.crx [2014-03-04]
CHR HKU\S-1-5-21-21243597-2329895611-2280867389-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [oelloajafbopojkjmieelljfkcmdpdhf] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2012-08-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2125160 2012-08-24] (AuthenTec, Inc)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-12] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46080 2013-12-26] () [File not signed]
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2015-03-18] (Copyright 2013 SAMSUNG)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12326768 2015-08-30] (Zemana Ltd.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-09-10] ()
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R1 MpKsl0b52523f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B308A589-7DA3-406D-ADA8-F422C0392946}\MpKsl0b52523f.sys [44928 2015-09-10] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [69608 2015-05-19] (NetFilterSDK.com)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RDID1046; C:\Windows\system32\Drivers\rdwm1046.sys [199680 2012-10-23] (Roland Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [109432 2015-09-09] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [109432 2015-09-09] (Zemana Ltd.)
R3 WinRing0_1_2_0; \??\C:\Users\Chris\AppData\Local\Temp\tmp85F8.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 15:35 - 2015-09-10 15:37 - 00054125 _____ C:\Users\Chris\Downloads\FRST.txt
2015-09-10 15:35 - 2015-09-10 15:36 - 00000000 ____D C:\FRST
2015-09-10 15:21 - 2015-09-10 15:21 - 02190848 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2015-09-10 13:30 - 2015-09-10 13:30 - 00043664 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-09-09 23:56 - 2015-09-09 23:56 - 00011363 _____ C:\Users\Chris\Downloads\Adobe_Photoshop_CS6_Extended_32+64bit.torrent
2015-09-09 23:55 - 2015-09-09 23:55 - 00020096 _____ C:\Users\Chris\Downloads\Adobe_PhotoShop_CC_2015_Full_32x64_With_Keys.torrent
2015-09-09 19:22 - 2015-09-09 19:22 - 00004598 _____ C:\WINDOWS\system32\.crusader
2015-09-09 18:29 - 2015-09-10 13:47 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-09 18:29 - 2015-09-09 18:29 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-09 18:29 - 2015-09-09 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-09 18:29 - 2015-09-09 18:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-09 18:29 - 2015-09-09 18:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-09 18:29 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-09 18:29 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-09 18:29 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-09 18:24 - 2015-09-09 18:24 - 00109432 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2015-09-09 18:24 - 2015-09-09 18:24 - 00109432 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2015-09-09 18:24 - 2015-09-09 18:24 - 00000000 ____D C:\Users\Chris\AppData\Local\Zemana
2015-09-09 18:24 - 2015-09-09 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-09-09 18:24 - 2015-09-09 18:24 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-09-09 18:22 - 2015-09-09 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-09 11:35 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 11:35 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 11:35 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-09 11:35 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-09 11:34 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 11:34 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 11:34 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 11:34 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-09 11:34 - 2015-07-13 21:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-08 12:06 - 2015-09-08 12:06 - 00001857 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-09-08 12:06 - 2015-09-08 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-08 12:06 - 2015-09-08 12:06 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-09-08 12:05 - 2015-09-08 12:05 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-08 12:05 - 2015-09-08 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-08 12:04 - 2015-09-08 12:05 - 00000000 ____D C:\Program Files\iTunes
2015-09-08 12:04 - 2015-09-08 12:04 - 00000000 ____D C:\Program Files\iPod
2015-09-08 12:04 - 2015-09-08 12:04 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-04 17:08 - 2015-09-04 17:08 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-02 01:36 - 2015-09-02 01:36 - 00015561 _____ C:\Users\Chris\Downloads\[kat.cr]what.s.happening.season.3.fiveofseven.torrent
2015-09-01 20:38 - 2015-09-01 20:38 - 00190656 _____ C:\Users\Chris\Downloads\SecureMessageAtt.html
2015-08-31 23:13 - 2015-08-31 23:13 - 00012518 _____ C:\Users\Chris\Downloads\Breaking.Bad.Season.1.torrent
2015-08-31 23:08 - 2015-08-31 23:08 - 00028871 _____ C:\Users\Chris\Downloads\Breaking bad S01E03.torrent
2015-08-27 21:38 - 2015-08-27 21:38 - 00381952 _____ C:\Users\Chris\Downloads\Quantitative Easing Monetary Policy.ppt
2015-08-26 23:29 - 2015-08-26 23:29 - 00110348 _____ C:\Users\Chris\Downloads\StraightOuttaCompton2015720pCAM - ThePirateBay.TO.torrent
2015-08-20 20:02 - 2015-08-20 20:04 - 135189068 _____ C:\Users\Chris\Downloads\2015-08-20 08.04 Live Intraday VoSI Market Webinar.mp4
2015-08-19 13:38 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-19 13:38 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-18 01:24 - 2015-08-18 01:24 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-18 01:24 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-08-18 01:19 - 2015-08-18 14:21 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-18 01:19 - 2015-08-18 01:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-18 01:19 - 2015-08-18 01:19 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-08-18 01:19 - 2015-08-18 01:19 - 00001391 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-08-18 01:19 - 2015-08-18 01:19 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-08-18 01:19 - 2015-08-18 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-08-18 01:19 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-08-17 00:12 - 2015-08-17 00:13 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Chris\Downloads\spybot-2.4.exe
2015-08-13 13:10 - 2015-08-13 13:10 - 00000000 ____D C:\Users\Chris\AppData\Local\GWX
2015-08-13 02:30 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-08-13 02:30 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-13 02:20 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 02:20 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 01:36 - 2015-08-13 01:37 - 00000000 ____D C:\Program Files (x86)\Hotkey
2015-08-12 17:57 - 2015-07-19 03:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 17:57 - 2015-07-18 20:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 17:57 - 2015-07-18 20:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 17:57 - 2015-07-18 20:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 17:57 - 2015-07-18 20:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 17:57 - 2015-07-18 20:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 17:57 - 2015-07-18 20:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 17:57 - 2015-07-18 20:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 17:57 - 2015-07-18 20:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 17:57 - 2015-07-18 20:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 17:57 - 2015-07-18 20:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 17:57 - 2015-07-18 20:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 17:57 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-08-12 17:57 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-08-12 17:57 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-08-12 17:57 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-08-12 17:56 - 2015-07-29 01:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-12 17:56 - 2015-07-28 16:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-12 17:56 - 2015-07-28 16:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-12 17:56 - 2015-07-28 16:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-12 17:56 - 2015-07-28 16:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-12 17:56 - 2015-07-28 16:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-12 17:56 - 2015-07-28 16:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-12 17:56 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 17:56 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 17:56 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 17:56 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 17:56 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 17:56 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 17:56 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 17:56 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 17:56 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 17:56 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 17:56 - 2015-07-16 21:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 17:56 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 17:56 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 17:56 - 2015-07-16 21:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 17:56 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 17:56 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 17:56 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 17:56 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 17:56 - 2015-07-16 21:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 17:56 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 17:56 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 17:56 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 17:56 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 17:56 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 17:56 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 17:56 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 17:56 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 17:56 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 17:56 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 17:56 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 17:56 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 17:56 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 17:56 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 17:56 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 17:56 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-12 17:56 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-12 17:56 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-12 17:56 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 17:56 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 17:56 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 17:56 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 17:56 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-08-12 17:56 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-08-12 17:56 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-08-12 17:56 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-08-12 17:56 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-08-12 17:56 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-08-12 17:56 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-08-12 17:56 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-08-12 17:56 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-08-12 17:56 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-08-12 17:56 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-08-12 17:56 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-08-12 17:56 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-08-12 17:56 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-08-12 17:56 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-08-12 17:56 - 2015-06-12 19:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-12 17:56 - 2015-06-12 18:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 17:55 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 17:55 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 17:55 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 17:55 - 2015-07-24 20:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 17:55 - 2015-07-24 20:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 17:55 - 2015-07-24 20:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 17:55 - 2015-07-24 19:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 17:55 - 2015-07-24 19:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-12 17:55 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-12 17:55 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-12 17:55 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-12 17:55 - 2015-07-14 05:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 17:55 - 2015-07-14 05:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 17:55 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 17:55 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 17:55 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 17:55 - 2015-07-10 19:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 17:55 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 17:55 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 17:55 - 2015-07-10 18:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 17:55 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-12 17:55 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 17:55 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 17:55 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 17:55 - 2015-06-11 22:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-12 17:55 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-12 17:55 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 15:32 - 2013-04-10 19:54 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Skype
2015-09-10 15:27 - 2015-07-01 21:17 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-21243597-2329895611-2280867389-1005UA.job
2015-09-10 15:02 - 2013-09-30 22:56 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-10 15:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-10 14:46 - 2014-08-06 14:12 - 01909643 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-10 14:46 - 2014-02-27 18:00 - 00000578 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-21243597-2329895611-2280867389-1005.job
2015-09-10 14:43 - 2013-04-10 20:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-10 14:20 - 2015-06-02 14:39 - 00000674 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-21243597-2329895611-2280867389-1005.job
2015-09-10 14:03 - 2013-04-10 00:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-10 14:01 - 2013-04-09 23:53 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-21243597-2329895611-2280867389-1005
2015-09-10 13:53 - 2013-04-10 16:07 - 00000000 ____D C:\Users\Chris\AppData\Roaming\foobar2000
2015-09-10 13:40 - 2013-04-10 14:43 - 00000000 ____D C:\Oneil1
2015-09-10 13:39 - 2013-09-30 20:26 - 00000000 ____D C:\ProgramData\performance
2015-09-10 13:39 - 2013-04-09 23:45 - 00000000 ____D C:\Users\Chris\AppData\Local\VirtualStore
2015-09-10 13:37 - 2014-03-18 12:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-10 13:33 - 2014-08-06 15:08 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CCFAF34B-8C9B-4029-8DF3-85EE4FF9EA3F}
2015-09-10 13:32 - 2014-04-27 00:01 - 00000000 ___RD C:\Users\Chris\Desktop\Dropbox
2015-09-10 13:32 - 2014-04-26 23:59 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Dropbox
2015-09-10 13:31 - 2014-08-06 14:16 - 00000000 ___DO C:\Users\Chris\OneDrive
2015-09-10 13:30 - 2014-08-06 15:44 - 00240126 _____ C:\WINDOWS\setupact.log
2015-09-10 13:30 - 2013-09-30 22:56 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-10 13:30 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-10 13:13 - 2014-03-18 11:54 - 00067996 _____ C:\WINDOWS\PFRO.log
2015-09-10 13:11 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-10 13:10 - 2013-04-10 20:51 - 00000000 ____D C:\Users\Chris\AppData\Roaming\uTorrent
2015-09-10 02:00 - 2013-04-11 22:11 - 00000000 ____D C:\Users\Chris\AppData\Local\Adobe
2015-09-10 00:27 - 2015-07-01 21:17 - 00000882 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-21243597-2329895611-2280867389-1005Core.job
2015-09-09 21:17 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-09 20:32 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-09 19:50 - 2014-03-18 11:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 19:49 - 2013-09-30 19:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-09 19:26 - 2013-04-11 17:37 - 00000344 _____ C:\WINDOWS\lgfwup.ini
2015-09-09 19:26 - 2013-04-11 17:37 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2015-09-09 18:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Branding
2015-09-09 18:22 - 2014-03-27 14:34 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-09 18:22 - 2013-04-10 19:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-09 18:22 - 2013-04-10 19:54 - 00000000 ____D C:\ProgramData\Skype
2015-09-09 18:18 - 2015-06-05 15:23 - 00000000 ____D C:\AdwCleaner
2015-09-09 17:31 - 2013-09-30 22:56 - 00000000 ____D C:\Users\Chris\AppData\Local\Google
2015-09-08 12:04 - 2013-10-02 19:45 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-08 01:11 - 2013-10-01 18:19 - 00000000 ____D C:\Users\Chris\AppData\Roaming\vlc
2015-09-06 13:59 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-04 23:03 - 2013-09-30 22:56 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-04 21:40 - 2013-04-10 20:37 - 00000000 ____D C:\ProgramData\Soulseek
2015-09-02 14:51 - 2015-06-02 14:39 - 00003672 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-21243597-2329895611-2280867389-1005
2015-09-02 14:51 - 2014-02-27 18:00 - 00003576 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-21243597-2329895611-2280867389-1005
2015-08-28 12:57 - 2013-09-30 22:56 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-28 12:57 - 2013-09-30 22:56 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-26 18:37 - 2013-04-11 01:26 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-20 20:19 - 2013-11-16 22:15 - 02844160 ___SH C:\Users\Chris\Downloads\Thumbs.db
2015-08-19 01:57 - 2014-07-22 12:51 - 00002058 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-08-19 01:57 - 2014-07-22 12:51 - 00002056 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-08-19 01:57 - 2014-07-22 12:51 - 00002046 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-08-19 01:57 - 2014-07-22 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-13 18:08 - 2014-03-13 23:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 18:08 - 2014-03-13 23:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 18:08 - 2013-08-22 16:44 - 05034856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-13 18:06 - 2015-07-09 12:14 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-13 18:06 - 2014-07-10 16:32 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-13 18:06 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-08-13 18:06 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 18:06 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 18:06 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-08-13 18:06 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-08-13 18:06 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-13 18:06 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-13 02:20 - 2014-03-13 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 01:54 - 2015-07-09 12:13 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-08-13 01:54 - 2015-07-09 12:13 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-08-13 01:54 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 01:54 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 01:53 - 2012-07-26 07:26 - 00000202 _____ C:\WINDOWS\win.ini
2015-08-13 01:35 - 2015-08-03 13:45 - 00000000 ____D C:\Users\Chris\Downloads\Hotkey_W81
2015-08-12 18:43 - 2013-04-10 20:25 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2014-01-30 16:18 - 2014-01-30 16:18 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-02-20 18:28 - 2014-04-29 19:38 - 0000626 _____ () C:\Users\Chris\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-12-21 21:09 - 2014-12-21 21:09 - 0000046 _____ () C:\Users\Chris\AppData\Roaming\Camdata.ini
2014-12-21 21:09 - 2014-12-21 21:09 - 0000408 _____ () C:\Users\Chris\AppData\Roaming\CamLayout.ini
2014-12-21 21:09 - 2014-12-21 21:09 - 0000408 _____ () C:\Users\Chris\AppData\Roaming\CamShapes.ini
2014-12-21 21:09 - 2014-12-21 21:09 - 0004510 _____ () C:\Users\Chris\AppData\Roaming\CamStudio.cfg
2014-02-20 18:29 - 2014-04-29 19:40 - 0000841 _____ () C:\Users\Chris\AppData\Roaming\Drives Meter_Settings.ini
2014-03-09 04:11 - 2014-03-12 15:06 - 0020482 _____ () C:\Users\Chris\AppData\Roaming\systemuj.exe.tmp
2015-02-25 20:46 - 2015-02-25 20:46 - 0000000 _____ () C:\Users\Chris\AppData\Local\{A6B36514-6E6F-4378-972B-8B63F012BF60}
2014-06-25 18:58 - 2014-06-25 18:58 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-10-02 19:53 - 2014-07-01 14:38 - 0011146 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl4iq10.dll
C:\Users\Chris\AppData\Local\Temp\HitmanPro.exe
C:\Users\Chris\AppData\Local\Temp\i4jdel0.exe
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1027748536439674065.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1040948750117728072.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1427219831699089342.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1662368125613242857.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1684515661399797345.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1731938727258887637.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_2248780659995278631.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_225398822932461757.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_2374001942363847438.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_2517587540781336815.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_276467246927852038.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_3354455512905003516.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_35042627448878540.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_368857735287004349.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_3976332010321282610.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4144731834257224851.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4182131049150213946.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4368302033818518969.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4387785354491478995.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4783140725540469784.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4785966484072217703.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4854044681794630846.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4957220891861074212.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_5152916650674190038.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_5309530019248399176.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_533642357149137297.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_5831321676272687912.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6205637122113944895.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6393832589057077143.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6659359521279617050.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6810288985428258476.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6886406008338524852.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6974624635467252802.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_7309981388614303104.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_7939377479907195312.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8023408761800820332.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8045391102455573339.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8301125110042944353.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8395870804791112513.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8577278782862471029.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_882741918817934609.dll
C:\Users\Chris\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1408620636879.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1412173517392.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1415207315866.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1415368601191.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1418998660716.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1425337853384.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1427195297243.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1427203095605.exe
C:\Users\Chris\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Chris\AppData\Local\Temp\sfareca00001.dll
C:\Users\Chris\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll
C:\Users\Chris\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Chris\AppData\Local\Temp\{CDB019AA-66F8-492A-99A4-0CCC373D5972}-DropboxClient_3.8.5.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-10 14:01

==================== End of FRST.txt ============================Attached File  Addition.txt   81.2KB   1 downloads



BC AdBot (Login to Remove)

 


#2 teardroprain

teardroprain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 10 September 2015 - 09:24 AM

I forgot to mention the issue at the top of the message. When I use google chrome, it sometimes brings me to tradeadexchange.com where it then says my java is out of date, or it brings me to some other site that looks suspicious. Please advise. Thanks in advance for your help !



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:29 AM

Posted 11 September 2015 - 09:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Microsoft Corporation) C:\Config.Msi\1d4e79.rbf
(Microsoft Corporation) C:\Config.Msi\1d4eac.rbf
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [o7E3kBfAjo] => C:\Users\Chris\AppData\Roaming\D6e9wsrI8\SEBuAMe.exe.lnk
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-21243597-2329895611-2280867389-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-21243597-2329895611-2280867389-1005 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
CHR Extension: (Evernote Web) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-09-10]
CHR HKU\S-1-5-21-21243597-2329895611-2280867389-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iahagolkpaghhinaljhjihagjgomdokb] - C:\Users\Chris\AppData\Local\Alexa\atbpg-7ZXQft-1.3.crx [2014-03-04]
CHR HKU\S-1-5-21-21243597-2329895611-2280867389-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [X]
R3 WinRing0_1_2_0; \??\C:\Users\Chris\AppData\Local\Temp\tmp85F8.tmp [X]
C:\Users\Chris\AppData\Roaming\D6e9wsrI8
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
C:\Users\Chris\AppData\Local\Alexa\atbpg-7ZXQft-1.3.crx
C:\Users\Chris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl4iq10.dll
C:\Users\Chris\AppData\Local\Temp\HitmanPro.exe
C:\Users\Chris\AppData\Local\Temp\i4jdel0.exe
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1027748536439674065.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1040948750117728072.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1427219831699089342.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1662368125613242857.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1684515661399797345.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1731938727258887637.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_2248780659995278631.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_225398822932461757.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_2374001942363847438.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_2517587540781336815.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_276467246927852038.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_3354455512905003516.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_35042627448878540.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_368857735287004349.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_3976332010321282610.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4144731834257224851.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4182131049150213946.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4368302033818518969.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4387785354491478995.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4783140725540469784.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4785966484072217703.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4854044681794630846.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4957220891861074212.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_5152916650674190038.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_5309530019248399176.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_533642357149137297.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_5831321676272687912.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6205637122113944895.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6393832589057077143.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6659359521279617050.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6810288985428258476.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6886406008338524852.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6974624635467252802.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_7309981388614303104.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_7939377479907195312.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8023408761800820332.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8045391102455573339.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8301125110042944353.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8395870804791112513.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8577278782862471029.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_882741918817934609.dll
C:\Users\Chris\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1408620636879.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1412173517392.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1415207315866.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1415368601191.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1418998660716.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1425337853384.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1427195297243.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1427203095605.exe
C:\Users\Chris\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Chris\AppData\Local\Temp\sfareca00001.dll
C:\Users\Chris\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll
C:\Users\Chris\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Chris\AppData\Local\Temp\{CDB019AA-66F8-492A-99A4-0CCC373D5972}-DropboxClient_3.8.5.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
===

Please include the Addition.txt file created by the Farbar tool for my review.

How is the computer running now?

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:29 AM

Posted 17 September 2015 - 09:42 AM

are you still with me?

#5 teardroprain

teardroprain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 17 September 2015 - 09:51 AM

Since that post, I was away for a few days, then upon my return before I could apply your solution, I've encountered severe difficulties regarding new viruses. I posted the issue  today and explained what's going on. Here is the link to the new issue:

http://www.bleepingcomputer.com/forums/t/590656/infected-with-totaladperformancecom-redirect-virus-as-well-as-others/

 

Please help.

 

Big thanks,

Chris 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:29 AM

Posted 17 September 2015 - 12:54 PM

Closing this topic.

Lets work with the new one.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:29 AM

Posted 17 September 2015 - 12:54 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users