Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with totaladperformance.com redirect virus as well as others


  • This topic is locked This topic is locked
22 replies to this topic

#1 teardroprain

teardroprain

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 17 September 2015 - 07:00 AM

Nasdaq was helping me with the tradeadexchange.com virus issue, but I've been unable to deal with it since my computer has been deluged with other viruses as if I'm under serious attack. Never in my 25+ years as a serious computer user have I encountered such a thing.

 

Shortly after I wrote to your site with my tradeadexchange.com problem, I ran Windows Defender in Full Scan mode and it showed I had two serious viruses: noancooe.c and fynloski.r. It was unable to quarantine them due to error code 0x800700df. 

 

The next day, I received an unusual package notification pick up card in the normal snail mail post. By coincidence, I also received in my email an AusPost saying I had a package to be picked up, so I clicked on the link. I then learned it puts the cryptolocker virus on the computer. But my virus programs seemed to defend against it since none of the tell-tale signs of the virus are present.

 

The next day, I noticed my computer was infected with the totaladperformance.com virus. I ran FRST as I've done before but I was unable to save the addition.txt file as it bombed my notepad program. So I reran FRST twice now, but it is no longer creating an addition.txt file, just the FRST file which I pasted below.

 

When I tried to search for the addition.txt file, it is clearly not present anywhere. The only addition.txt file that is present is the one I created on 9/10 when I first wrote to you with my tradeadexchange.com virus issue.

 

Please HELP !!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Chris (administrator) on DRK2013 (17-09-2015 13:35:42)
Running from C:\Users\Chris\Downloads
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\NMSAccessU.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\AuthenTec TrueSuite\x86\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AddGadgets) C:\PCMeterV4\PCMeterV0.4.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(IM) C:\Program Files (x86)\smarshIM\sIM.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\SoulseekNS\slsk.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Peter Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(eSignal) C:\Program Files (x86)\eSignal\WinSig.exe
(William O'Neil & Co.) C:\Oneil1\wonda.exe
(eSignal) C:\Program Files (x86)\eSignal\winros.exe
(eSignal) C:\Program Files (x86)\eSignal\nm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Irfan Skiljan) C:\Program Files (x86)\IrfanView\i_view32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(BitTorrent Inc.) C:\Users\Chris\AppData\Roaming\uTorrent\uTorrent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Farbar) C:\Users\Chris\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-22] (Authentec)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2015-03-18] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6729920 2015-05-23] (SoftPerfect Research)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12326768 2015-08-30] (Zemana Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056 2011-08-30] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2013-04-11] (Bitleader)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Instan-t] => C:\Program Files (x86)\smarshIM\itLoad.exe [106554 2009-12-09] (IM)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2014-12-30] (Zemana Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-20] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782008 2015-08-06] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [o7E3kBfAjo] => C:\Users\Chris\AppData\Roaming\D6e9wsrI8\SEBuAMe.exe.lnk
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4566664 2014-06-16] (Plex, Inc.)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [Spotify] => C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-01-29] (Spotify Ltd)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [Spotify Web Helper] => C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-29] (Spotify Ltd)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [Dropbox Update] => C:\Users\Chris\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-01] (Dropbox, Inc.)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53736048 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\RunOnce: [Application Restart #0] => C:\Windows\SysWOW64\mshta.exe [12800 2014-10-31] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(3).dll [94664 2014-12-30] (Zemana Ltd.)
AppInit_DLLs: , C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(3).dll [86400 2014-12-30] (Zemana Ltd.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-06-29] (IvoSoft)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-22] (Authentec)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-22] (Authentec)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-06-29] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2015-08-03]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-04-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-05-01]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2014-06-25]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk [2014-10-22]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar897.lnk [2015-09-12]
ShortcutTarget: Sidebar897.lnk -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2A428221-E678-4B70-A8AA-FACBC7EC507F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9F335C40-3AF4-4AD2-A69B-A45B05037365}: [NameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.facebook.com/lists/10153047911143768
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll [2009-10-15] (TechSmith Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-06-29] (IvoSoft)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL [2012-08-24] (AuthenTec Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12] (Microsoft Corporation.)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll [2013-06-29] (IvoSoft)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll [2009-10-15] (TechSmith Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-06-29] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-22] (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll [2012-08-24] (AuthenTec Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-08-26] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-22] (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll [2013-06-29] (IvoSoft)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-06-29] (IvoSoft)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-10-15] (TechSmith Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-06-29] (IvoSoft)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-21243597-2329895611-2280867389-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-21243597-2329895611-2280867389-1005 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-04-23] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\AuthenTec TrueSuite\x86\npffwloplugin.dll [2012-08-24] (AuthenTec, Inc)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-22] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-04-23] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-21243597-2329895611-2280867389-1005: @citrixonline.com/appdetectorplugin -> C:\Users\Chris\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-21243597-2329895611-2280867389-1005: cloudon.com/CloudOn -> C:\Users\Chris\AppData\Roaming\CloudOnInc\CloudOn\2.0.55\npCloudOn.dll [2014-01-22] (CloudOn Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-10-01] (Cisco WebEx LLC)
FF Extension: Avira Browser Safety - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\abs@avira.com [2015-09-17]
FF Extension: iCloud Bookmarks - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\firefoxdav@icloud.com [2015-07-10]
FF Extension: Xmarks - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\foxmarks@kei.com [2015-07-10]
FF Extension: NetVideoHunter - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\netvideohunter@netvideohunter.com [2015-07-28]
FF Extension: LastPass - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\support@lastpass.com [2015-07-29]
FF Extension: AddThis - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2015-07-28]
FF Extension: FEBE - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2015-07-28]
FF Extension: WOT - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-28]
FF Extension: SearchPreview - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2015-07-29]
FF Extension: FindBar Tweak - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\fbt@quicksaver.xpi [2013-11-06]
FF Extension: OptimizeGoogle - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\optimizegoogle@optimizegoogle.com.xpi [2013-04-10]
FF Extension: S3.Google Translator - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\s3google@translator.xpi [2013-09-30]
FF Extension: Save My Tabs - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\savemytabs@dmitriy.khudorozhkov.xpi [2013-04-10]
FF Extension: Shorten URL - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\ShortenURL@loucypher.xpi [2013-04-10]
FF Extension: Google Translator for Firefox - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\translator@zoli.bod.xpi [2013-04-10]
FF Extension: Tree Style Tab - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2013-04-10]
FF Extension: Screengrab  (fix version) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2013-04-10]
FF Extension: Screengrab - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi [2013-04-10]
FF Extension: Locator - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3fff}.xpi [2013-10-01]
FF Extension: CacheViewer Continued - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi [2013-04-10]
FF Extension: Gmail Manager - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi [2013-04-10]
FF Extension: ReloadEvery - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-04-10]
FF Extension: Amplify - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba}.xpi [2013-04-10]
FF Extension: Download status - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}.xpi [2013-04-10]
FF Extension: Video DownloadHelper - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-07-10]
FF Extension: Adblock Plus - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-10]
FF Extension: Download Statusbar - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-04-10]
FF Extension: QuickJava - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x9lyrjpt.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013-10-01]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-28]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-07-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-14]
 
Chrome: 
=======
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2015-07-23]
CHR Extension: (Google Translate) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-09-10]
CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-05]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-09-10]
CHR Extension: (Unfriend Notify for Facebook) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2015-06-28]
CHR Extension: (Bookmarks Side Panel) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankkfflbgjokclfgfehiinnlijdlicdb [2015-09-10]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-30]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-30]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-09-10]
CHR Extension: (Sidewise Tree Style Tabs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\biiammgklaefagjclmnlialkmaemifgo [2015-06-05]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-30]
CHR Extension: (Adblock Plus) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-10]
CHR Extension: (Alexa Traffic Rank) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2015-09-10]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-30]
CHR Extension: (Tampermonkey) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-07-25]
CHR Extension: (Facebook Unseen) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmdhkalcecemojegheiohcghkamlipof [2015-09-10]
CHR Extension: (Video Downloader professional) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-09-10]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-05]
CHR Extension: (Google Docs Offline) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-09]
CHR Extension: (Video Downloader Super) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghciphhakbampjemlfbahnhhaemoeolf [2015-06-05]
CHR Extension: (AdBlock) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-29]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-06-07]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2015-09-10]
CHR Extension: (Alexa) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahagolkpaghhinaljhjihagjgomdokb [2015-06-05]
CHR Extension: (Pixlr Editor) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2015-06-07]
CHR Extension: (Facebook Unseen) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2015-09-10]
CHR Extension: (Pixlr Touch Up) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2015-06-07]
CHR Extension: (Evernote Web) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-09-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Skype Click to Call) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-13]
CHR Extension: (Pocket) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-09-10]
CHR Extension: (Ghostery) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-09-10]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2015-06-05]
CHR Extension: (Save to Pocket) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-09-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2015-09-10]
CHR Extension: (Website Logon) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelloajafbopojkjmieelljfkcmdpdhf [2013-09-30]
CHR Extension: (Audio Converter) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfphighcpfimfhblaigjckljcoeipga [2015-07-24]
CHR Extension: (Evernote Web Clipper) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-09-10]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-21243597-2329895611-2280867389-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iahagolkpaghhinaljhjihagjgomdokb] - C:\Users\Chris\AppData\Local\Alexa\atbpg-7ZXQft-1.3.crx [2014-03-04]
CHR HKU\S-1-5-21-21243597-2329895611-2280867389-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [oelloajafbopojkjmieelljfkcmdpdhf] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2012-08-13]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [887128 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-08-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1213072 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2125160 2012-08-24] (AuthenTec, Inc)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-12] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46080 2013-12-26] () [File not signed]
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2015-03-18] (Copyright 2013 SAMSUNG)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12326768 2015-08-30] (Zemana Ltd.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-08-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-08-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-08-06] (Avira Operations GmbH & Co. KG)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-09-10] ()
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [69608 2015-05-19] (NetFilterSDK.com)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RDID1046; C:\Windows\system32\Drivers\rdwm1046.sys [199680 2012-10-23] (Roland Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [109432 2015-09-09] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [109432 2015-09-09] (Zemana Ltd.)
R3 WinRing0_1_2_0; \??\C:\Users\Chris\AppData\Local\Temp\tmp60E3.tmp [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-17 13:26 - 2015-09-17 13:26 - 02191360 _____ (Farbar) C:\Users\Chris\Downloads\FRST64 (1).exe
2015-09-17 12:51 - 2015-09-17 12:51 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Avira
2015-09-17 12:49 - 2015-08-06 20:58 - 00148632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-09-17 12:49 - 2015-08-06 20:58 - 00137288 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-09-17 12:49 - 2015-08-06 20:58 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-09-17 12:49 - 2015-08-06 20:58 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-09-17 12:28 - 2015-09-17 12:28 - 00020705 _____ C:\Users\Chris\Downloads\Adobe.Photoshop.CS5.Extended.torrent
2015-09-17 12:17 - 2015-09-17 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-17 12:17 - 2015-09-17 12:49 - 00000000 ____D C:\ProgramData\Avira
2015-09-17 12:17 - 2015-09-17 12:49 - 00000000 ____D C:\Program Files (x86)\Avira
2015-09-17 12:17 - 2015-09-17 12:17 - 00001222 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-09-17 12:16 - 2015-09-17 12:16 - 04772888 _____ (Avira Operations GmbH & Co. KG) C:\Users\Chris\Downloads\avira_en_av_55fa9307a3ca7__ws.exe
2015-09-17 01:13 - 2015-09-17 01:13 - 00896504 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\mssstool64.exe
2015-09-17 01:11 - 2015-09-17 01:11 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Downloads\tdsskiller.exe
2015-09-17 01:03 - 2015-09-17 01:08 - 00000000 ____D C:\KVRT_Data
2015-09-17 01:00 - 2015-09-17 01:03 - 94392480 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Downloads\KVRT.exe
2015-09-16 23:27 - 2015-09-16 23:27 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer.exe
2015-09-15 01:35 - 2015-09-15 01:35 - 00015865 _____ C:\Users\Chris\Downloads\Breaking_Bad_Season_5_720p_BRRIP_HEVC_x265_PSA.torrent
2015-09-14 18:15 - 2015-09-14 18:15 - 00031162 _____ C:\Users\Chris\Downloads\PastedGraphic-3.tiff
2015-09-10 16:56 - 2015-09-10 16:56 - 00098635 _____ C:\Users\Chris\Downloads\Adobe_Photoshop_CS6_Full_Version_[English]_+_Crack.torrent
2015-09-10 15:38 - 2015-09-10 15:50 - 00083153 _____ C:\Users\Chris\Downloads\Addition.txt
2015-09-10 15:35 - 2015-09-17 13:35 - 00059107 _____ C:\Users\Chris\Downloads\FRST.txt
2015-09-10 15:35 - 2015-09-17 13:35 - 00000000 ____D C:\FRST
2015-09-10 15:21 - 2015-09-10 15:21 - 02190848 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2015-09-10 13:30 - 2015-09-10 13:30 - 00043664 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-09-09 19:22 - 2015-09-09 19:22 - 00004598 _____ C:\WINDOWS\system32\.crusader
2015-09-09 18:29 - 2015-09-17 12:37 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-09 18:29 - 2015-09-09 18:29 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-09 18:29 - 2015-09-09 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-09 18:29 - 2015-09-09 18:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-09 18:29 - 2015-09-09 18:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-09 18:29 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-09 18:29 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-09 18:29 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-09 18:24 - 2015-09-09 18:24 - 00109432 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2015-09-09 18:24 - 2015-09-09 18:24 - 00109432 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2015-09-09 18:24 - 2015-09-09 18:24 - 00000000 ____D C:\Users\Chris\AppData\Local\Zemana
2015-09-09 18:24 - 2015-09-09 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-09-09 18:24 - 2015-09-09 18:24 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-09-09 18:22 - 2015-09-09 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-09 11:35 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 11:35 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 11:35 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 11:35 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 11:35 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-09 11:35 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-09 11:35 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-09 11:35 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-09 11:35 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-09 11:35 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-09 11:35 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-09 11:35 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-09 11:35 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-09 11:35 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-09 11:35 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-09 11:35 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-09 11:35 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 11:35 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 11:35 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 11:35 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 11:35 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 11:35 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 11:35 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 11:35 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 11:35 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 11:35 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 11:35 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 11:35 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 11:35 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 11:35 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 11:35 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 11:35 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 11:35 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 11:35 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 11:35 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 11:35 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 11:35 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 11:35 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 11:35 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 11:35 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 11:35 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 11:35 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 11:35 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 11:35 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 11:35 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 11:35 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 11:35 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 11:35 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 11:35 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 11:35 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 11:35 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 11:35 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 11:35 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-09 11:35 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-09 11:35 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-09 11:35 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-09 11:35 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-09 11:35 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-09 11:35 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-09 11:35 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-09 11:34 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 11:34 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 11:34 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 11:34 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 11:34 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 11:34 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 11:34 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 11:34 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 11:34 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 11:34 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 11:34 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 11:34 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 11:34 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 11:34 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 11:34 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 11:34 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 11:34 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-09 11:34 - 2015-07-13 21:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-09 11:34 - 2015-07-10 21:06 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-09-09 11:34 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-08 12:06 - 2015-09-08 12:06 - 00001857 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-09-08 12:06 - 2015-09-08 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-08 12:06 - 2015-09-08 12:06 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-09-08 12:05 - 2015-09-08 12:05 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-08 12:05 - 2015-09-08 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-08 12:04 - 2015-09-08 12:05 - 00000000 ____D C:\Program Files\iTunes
2015-09-08 12:04 - 2015-09-08 12:04 - 00000000 ____D C:\Program Files\iPod
2015-09-08 12:04 - 2015-09-08 12:04 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-04 17:08 - 2015-09-04 17:08 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-02 01:36 - 2015-09-02 01:36 - 00015561 _____ C:\Users\Chris\Downloads\[kat.cr]what.s.happening.season.3.fiveofseven.torrent
2015-09-01 20:38 - 2015-09-01 20:38 - 00190656 _____ C:\Users\Chris\Downloads\SecureMessageAtt.html
2015-08-31 23:13 - 2015-08-31 23:13 - 00012518 _____ C:\Users\Chris\Downloads\Breaking.Bad.Season.1.torrent
2015-08-31 23:08 - 2015-08-31 23:08 - 00028871 _____ C:\Users\Chris\Downloads\Breaking bad S01E03.torrent
2015-08-27 21:38 - 2015-08-27 21:38 - 00381952 _____ C:\Users\Chris\Downloads\Quantitative Easing Monetary Policy.ppt
2015-08-26 23:29 - 2015-08-26 23:29 - 00110348 _____ C:\Users\Chris\Downloads\StraightOuttaCompton2015720pCAM - ThePirateBay.TO.torrent
2015-08-20 20:02 - 2015-08-20 20:04 - 135189068 _____ C:\Users\Chris\Downloads\2015-08-20 08.04 Live Intraday VoSI Market Webinar.mp4
2015-08-18 01:24 - 2015-08-18 01:24 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-18 01:24 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-08-18 01:19 - 2015-08-18 14:21 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-18 01:19 - 2015-08-18 01:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-18 01:19 - 2015-08-18 01:19 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-08-18 01:19 - 2015-08-18 01:19 - 00001391 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-08-18 01:19 - 2015-08-18 01:19 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-08-18 01:19 - 2015-08-18 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-08-18 01:19 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-17 13:36 - 2013-04-10 19:54 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Skype
2015-09-17 13:35 - 2013-04-10 20:51 - 00000000 ____D C:\Users\Chris\AppData\Roaming\uTorrent
2015-09-17 13:27 - 2015-07-01 21:17 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-21243597-2329895611-2280867389-1005UA.job
2015-09-17 13:18 - 2014-08-06 14:12 - 01752783 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-17 13:07 - 2013-09-30 22:56 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-17 13:04 - 2013-04-09 23:53 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-21243597-2329895611-2280867389-1005
2015-09-17 13:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-17 12:46 - 2014-02-27 18:00 - 00000578 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-21243597-2329895611-2280867389-1005.job
2015-09-17 12:43 - 2013-04-10 20:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-17 12:20 - 2015-06-02 14:39 - 00000674 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-21243597-2329895611-2280867389-1005.job
2015-09-17 12:17 - 2014-06-23 16:31 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-17 11:43 - 2014-08-06 15:08 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CCFAF34B-8C9B-4029-8DF3-85EE4FF9EA3F}
2015-09-17 11:39 - 2014-08-06 15:44 - 00245250 _____ C:\WINDOWS\setupact.log
2015-09-17 02:00 - 2013-04-11 22:11 - 00000000 ____D C:\Users\Chris\AppData\Local\Adobe
2015-09-17 01:56 - 2013-10-01 18:19 - 00000000 ____D C:\Users\Chris\AppData\Roaming\vlc
2015-09-17 01:56 - 2013-04-10 14:43 - 00000000 ____D C:\Oneil1
2015-09-17 01:16 - 2014-03-18 12:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-17 01:08 - 2014-03-09 04:11 - 00000000 _RSHD C:\Users\Chris\AppData\Roaming\uW3XdhyA
2015-09-17 01:07 - 2013-09-30 22:56 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-17 00:27 - 2015-07-01 21:17 - 00000882 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-21243597-2329895611-2280867389-1005Core.job
2015-09-16 20:07 - 2013-09-30 22:56 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-16 20:02 - 2013-09-30 22:56 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 20:02 - 2013-09-30 22:56 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 19:23 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-16 15:59 - 2013-09-30 20:26 - 00000000 ____D C:\ProgramData\performance
2015-09-16 15:51 - 2013-04-09 23:45 - 00000000 ____D C:\Users\Chris\AppData\Local\VirtualStore
2015-09-15 12:52 - 2013-04-14 01:33 - 00337920 ___SH C:\Users\Chris\Desktop\Thumbs.db
2015-09-12 16:27 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-12 15:38 - 2013-04-10 16:07 - 00000000 ____D C:\Users\Chris\AppData\Roaming\foobar2000
2015-09-12 14:28 - 2013-04-10 20:37 - 00000000 ____D C:\ProgramData\Soulseek
2015-09-12 14:11 - 2014-04-27 00:01 - 00000000 ___RD C:\Users\Chris\Desktop\Dropbox
2015-09-12 14:11 - 2014-04-26 23:59 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Dropbox
2015-09-12 14:11 - 2013-04-11 17:37 - 00000344 _____ C:\WINDOWS\lgfwup.ini
2015-09-12 14:11 - 2013-04-11 17:37 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2015-09-12 14:10 - 2014-08-06 14:16 - 00000000 ___DO C:\Users\Chris\OneDrive
2015-09-12 14:08 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-12 14:08 - 2013-08-22 16:44 - 05034856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-12 14:06 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-12 14:06 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-12 13:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-10 16:06 - 2013-11-16 22:15 - 02911744 ___SH C:\Users\Chris\Downloads\Thumbs.db
2015-09-10 14:03 - 2013-04-10 00:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-10 13:13 - 2014-03-18 11:54 - 00067996 _____ C:\WINDOWS\PFRO.log
2015-09-09 20:32 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-09 19:50 - 2014-03-18 11:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 19:49 - 2013-09-30 19:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-09 18:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Branding
2015-09-09 18:22 - 2014-03-27 14:34 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-09 18:22 - 2013-04-10 19:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-09 18:22 - 2013-04-10 19:54 - 00000000 ____D C:\ProgramData\Skype
2015-09-09 18:18 - 2015-06-05 15:23 - 00000000 ____D C:\AdwCleaner
2015-09-09 17:31 - 2013-09-30 22:56 - 00000000 ____D C:\Users\Chris\AppData\Local\Google
2015-09-08 12:04 - 2013-10-02 19:45 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-02 14:51 - 2015-06-02 14:39 - 00003672 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-21243597-2329895611-2280867389-1005
2015-09-02 14:51 - 2014-02-27 18:00 - 00003576 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-21243597-2329895611-2280867389-1005
2015-08-26 18:37 - 2013-04-11 01:26 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-19 01:57 - 2014-07-22 12:51 - 00002058 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-08-19 01:57 - 2014-07-22 12:51 - 00002056 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-08-19 01:57 - 2014-07-22 12:51 - 00002046 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-08-19 01:57 - 2014-07-22 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
==================== Files in the root of some directories =======
 
2014-01-30 16:18 - 2014-01-30 16:18 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-02-20 18:28 - 2014-04-29 19:38 - 0000626 _____ () C:\Users\Chris\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-12-21 21:09 - 2014-12-21 21:09 - 0000046 _____ () C:\Users\Chris\AppData\Roaming\Camdata.ini
2014-12-21 21:09 - 2014-12-21 21:09 - 0000408 _____ () C:\Users\Chris\AppData\Roaming\CamLayout.ini
2014-12-21 21:09 - 2014-12-21 21:09 - 0000408 _____ () C:\Users\Chris\AppData\Roaming\CamShapes.ini
2014-12-21 21:09 - 2014-12-21 21:09 - 0004510 _____ () C:\Users\Chris\AppData\Roaming\CamStudio.cfg
2014-02-20 18:29 - 2014-04-29 19:40 - 0000841 _____ () C:\Users\Chris\AppData\Roaming\Drives Meter_Settings.ini
2014-03-09 04:11 - 2014-03-12 15:06 - 0020482 _____ () C:\Users\Chris\AppData\Roaming\systemuj.exe.tmp
2015-02-25 20:46 - 2015-02-25 20:46 - 0000000 _____ () C:\Users\Chris\AppData\Local\{A6B36514-6E6F-4378-972B-8B63F012BF60}
2014-06-25 18:58 - 2014-06-25 18:58 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-10-02 19:53 - 2014-07-01 14:38 - 0011146 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\avgnt.exe
C:\Users\Chris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpku4bzr.dll
C:\Users\Chris\AppData\Local\Temp\HitmanPro.exe
C:\Users\Chris\AppData\Local\Temp\i4jdel0.exe
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1027748536439674065.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1040948750117728072.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1427219831699089342.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1662368125613242857.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1684515661399797345.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1731938727258887637.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_2248780659995278631.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_225398822932461757.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_2374001942363847438.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_2517587540781336815.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_276467246927852038.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_3354455512905003516.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_35042627448878540.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_368857735287004349.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_3976332010321282610.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4144731834257224851.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4182131049150213946.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4368302033818518969.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4387785354491478995.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4783140725540469784.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4785966484072217703.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4854044681794630846.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4957220891861074212.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_5152916650674190038.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_5309530019248399176.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_533642357149137297.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_5831321676272687912.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6205637122113944895.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6393832589057077143.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6659359521279617050.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6810288985428258476.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6886406008338524852.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6974624635467252802.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_7309981388614303104.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_7939377479907195312.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8023408761800820332.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8045391102455573339.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8301125110042944353.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8395870804791112513.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8577278782862471029.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_882741918817934609.dll
C:\Users\Chris\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1408620636879.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1412173517392.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1415207315866.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1415368601191.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1418998660716.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1425337853384.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1427195297243.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1427203095605.exe
C:\Users\Chris\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Chris\AppData\Local\Temp\sfareca00001.dll
C:\Users\Chris\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll
C:\Users\Chris\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Chris\AppData\Local\Temp\{CDB019AA-66F8-492A-99A4-0CCC373D5972}-DropboxClient_3.8.5.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-15 13:45
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 teardroprain

teardroprain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 17 September 2015 - 07:09 AM

PS: It kept saying your site was offline when I tried to post this three times. But when I looked just now, it shows three posts of the same message. So at least it got posted, but something is clearly very wrong with my google chrome/computer. 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:25 PM

Posted 17 September 2015 - 12:53 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\...\Run: [o7E3kBfAjo] => C:\Users\Chris\AppData\Roaming\D6e9wsrI8\SEBuAMe.exe.lnk
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-21243597-2329895611-2280867389-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-21243597-2329895611-2280867389-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-21243597-2329895611-2280867389-1005 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
CHR Extension: (Alexa) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahagolkpaghhinaljhjihagjgomdokb [2015-06-05]
CHR Extension: (Evernote Web) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-09-10]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-21243597-2329895611-2280867389-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iahagolkpaghhinaljhjihagjgomdokb] - C:\Users\Chris\AppData\Local\Alexa\atbpg-7ZXQft-1.3.crx [2014-03-04]
CHR HKU\S-1-5-21-21243597-2329895611-2280867389-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [X]
R3 WinRing0_1_2_0; \??\C:\Users\Chris\AppData\Local\Temp\tmp60E3.tmp [X]
C:\Users\Chris\AppData\Local\Temp\avgnt.exe
C:\Users\Chris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpku4bzr.dll
C:\Users\Chris\AppData\Local\Temp\HitmanPro.exe
C:\Users\Chris\AppData\Local\Temp\i4jdel0.exe
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1027748536439674065.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1040948750117728072.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1427219831699089342.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1662368125613242857.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1684515661399797345.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_1731938727258887637.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_2248780659995278631.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_225398822932461757.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_2374001942363847438.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_2517587540781336815.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_276467246927852038.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_3354455512905003516.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_35042627448878540.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_368857735287004349.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_3976332010321282610.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4144731834257224851.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4182131049150213946.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4368302033818518969.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4387785354491478995.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4783140725540469784.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4785966484072217703.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4854044681794630846.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_4957220891861074212.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_5152916650674190038.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_5309530019248399176.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_533642357149137297.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_5831321676272687912.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6205637122113944895.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6393832589057077143.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6659359521279617050.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6810288985428258476.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6886406008338524852.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_6974624635467252802.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_7309981388614303104.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_7939377479907195312.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8023408761800820332.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8045391102455573339.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8301125110042944353.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8395870804791112513.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_8577278782862471029.dll
C:\Users\Chris\AppData\Local\Temp\JNativeHook_882741918817934609.dll
C:\Users\Chris\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1408620636879.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1412173517392.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1415207315866.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1415368601191.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1418998660716.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1425337853384.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1427195297243.exe
C:\Users\Chris\AppData\Local\Temp\SamsungAPInstaller_1427203095605.exe
C:\Users\Chris\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Chris\AppData\Local\Temp\sfareca00001.dll
C:\Users\Chris\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll
C:\Users\Chris\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Chris\AppData\Local\Temp\{CDB019AA-66F8-492A-99A4-0CCC373D5972}-DropboxClient_3.8.5.exe
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahagolkpaghhinaljhjihagjgomdokb
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
C:\Users\Chris\AppData\Local\Alexa\atbpg-7ZXQft-1.3.crx

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.


How is the computer running now?

#4 teardroprain

teardroprain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 18 September 2015 - 05:07 AM

Nasdaq,

I did as you said but then It wiped out all 516 pages of my chrome app Sidewise tabs, which is over a year's worth of categorization. I lost my tabs once before, but was able to recover them. But now I cant seem to recover them. How can I recover them? 

 

Chris



#5 teardroprain

teardroprain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 18 September 2015 - 05:20 AM

PS: I saved the sidewise tabs data about 3 months ago but I dont know how to restore it. I use sidewise options to paste the data but nothing happens. Please advise. 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:25 PM

Posted 18 September 2015 - 08:08 AM


You are the first to inform me that you lost this data after cleaning up Chrome.

Is the Chrome extension still present but all empty?

It his is the case please reinstall the application.
I lost all the datae once on a Chrome extension and my settings were all restore after the re-installation. Hope his will work.
Restart Chrome after this.
https://chrome.google.com/webstore/detail/sidewise-tree-style-tabs/biiammgklaefagjclmnlialkmaemifgo?hl=en

===

If you have a backup of this folder in bold
C:\Users\<username>\AppData\Local\Google\Chrome you may be able to restore that folder on the last time you saved it.

If you have followed my instructions and executed the Fixlist.txt file there should be a restore point created on that date.
You can restore it and see if you get you data back.

This could also restore the bad items but we can run the fix one more time.

I'm sorry about this but believe me I did not anything about this extension.
I will certainly include a note to save that data before cleaning up Chrome.
The only thing is that I do not know the best way to do it.

Keep me posted.

#7 teardroprain

teardroprain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 18 September 2015 - 10:31 AM

I decided to reconstruct my sidewise tabs manually by going through the long saved list and only adding the more relevant ones. That said, I've saved the new sidewise tabs list, but since there's no guarantees this saved list will work as the Sidewise "export" function doesnt seem to work, I added the chrome app "Tabs Outliner" which automatically backs up everything I do on Sidewise, even in the event of a system crash.

 

As for the virus issues, I did everything you suggested a few hours ago except for running AdwCleaner and resetting chrome browser settings as this would be a big issue to lose all those settings. I also had run Avira yesterday which is supposed to be far superior to Windows Defender, so it automatically overrides Defender so it can remain active all the time. Avira, after a 4 hour scan, removed several hundred "issues". So far, my computer over the last few hours seems to be running better than ever. There have been no instances of any unwanted sites or redirects, so thank you for your help. Hopefully, the problem has been resolved !

 

Best,

Chris



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:25 PM

Posted 19 September 2015 - 06:45 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 teardroprain

teardroprain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 19 September 2015 - 06:51 AM

Thanks nasdaq !

#10 teardroprain

teardroprain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 19 September 2015 - 07:31 AM

I spoke too soon. After over a hundred pages of surfing, that old unwanted ad page popped up. I will apply the adaware fix you suggested and clear cache/cookies in chrome.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:25 PM

Posted 19 September 2015 - 09:16 AM

Post a fresh FRST log if it happens again.

#12 teardroprain

teardroprain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 21 September 2015 - 06:10 AM

Hi Nasdaq,

 

I just ran AdwCleaner. It shows the following attached logfile. If I remove the chrome extension files that I assume are shown in the logfile, will that corrupt or erase my sidewise tabs? If not, should I go ahead and have AdwCleaner remove all the chrome related files?

 

Best,

Chris

 

Attached Files



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:25 PM

Posted 21 September 2015 - 06:46 AM

I think that cleaning the Chrome cache remove your bookmarks/sidewise tabs not the AdwCleaner tool.


I would remove these

Folder Found : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Folder Found : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
File Found : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage
File Found : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage-journal
File Found : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage
File Found : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage-journal
[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : cknebhggccemgcnbidipinkifmmegdel
[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : elicpjhcidhpjomhibiffojpinpmmpil


Source:
http://home.mcafee.com/virusinfo/virusprofile.aspx?key=8573234#none
http://home.mcafee.com/virusinfo/virusprofile.aspx?key=9358099#none

This one is you call.

Folder Found : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
File Found : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : niloccemoadcdkdjlinkgdfekeahmflj


https://chrome.google.com/webstore/detail/video-downloader-professi/elicpjhcidhpjomhibiffojpinpmmpil/reviews?hl=en

===

The items under the ***** [ Registry ] ***** keys can be left alone.
You searches are directed by Avira and they can gather all the sites you visit.

p.s.
The Adwcleaner tool has a restore function that you can use to restore removed items.

#14 teardroprain

teardroprain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 21 September 2015 - 07:49 AM

I ran Adw and attached the log file. I also cleared my cache and cookies from chrome (though did not reset browser settings since this would be an issue).

 

I will let you know if that ad site reappears.

 

One question: Malwarebytes Anti-Malware program says its trial expires in 2 days. I assume I dont need to buy it because Avira seems to be one of the best, and that's running on my computer now.

 

Thanks,

Chris

 

 

Attached Files



#15 teardroprain

teardroprain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 21 September 2015 - 11:58 AM

One other question: Do you think it is necessary to buy Avira Anti Virus Pro which scans web pages as it claims some web pages implant viruses onto your computer just by visiting them? 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users