Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wondering if there is any infection


  • Please log in to reply
5 replies to this topic

#1 juniorelson4

juniorelson4

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 28 September 2015 - 04:37 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
Ran by ElsonJunior (administrator) on NOTE14R (28-09-2015 06:31:25)
Running from C:\Users\jr_-_000\Desktop
Loaded Profiles: ElsonJunior (Available Profiles: ElsonJunior & Guest)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Datpol) C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(CSIS Security Group) C:\Program Files (x86)\Heimdal\Service\HeimdalAgentService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Node.js) C:\Windows\Prey\versions\1.4.1\bin\node.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.4.1\node_modules\triggers\bin\lightevt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Almico Software (almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flux Software LLC) C:\Users\jr_-_000\AppData\Local\FluxSoftware\Flux\flux.exe
(CSIS Security Group) C:\Program Files (x86)\Heimdal\Client\HeimdalAgent.exe
(Zemana Ltd.) C:\Program Files (x86)\AntiLogger\AntiLogger.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Mega Limited) C:\Users\jr_-_000\AppData\Local\MEGAsync\MEGAsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Spotify Ltd) C:\Users\jr_-_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft) C:\Program Files (x86)\Heimdal\HeimdalSecureDNS\DNSService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
() C:\ProgramData\CSIS\HeimdalData\heimdal_temp\HeimdalMalwareDetector.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.922.11070.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6208.42001.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6208.42001.0_x64__8wekyb3d8bbwe\HxTsr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2728568 2015-09-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-08-14] (Realtek Semiconductor)
HKLM\...\Run: [SpyShelter] => C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe [3524872 2015-09-25] (Datpol)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [98256 2015-08-31] (Razer Inc.)
HKLM-x32\...\Run: [AntiLogger] => C:\Program Files (x86)\AntiLogger\AntiLogger.exe [14679464 2014-12-30] (Zemana Ltd.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-09-05] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-09-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-09-01] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\...\Run: [GoogleChromeAutoLaunch_B354586D5C3C5961DB42859F0B26272A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [800072 2015-09-22] (Google Inc.)
HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\...\Run: [Spotify Web Helper] => C:\Users\jr_-_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2025016 2015-09-19] (Spotify Ltd)
HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\...\Run: [f.lux] => C:\Users\jr_-_000\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-09-21] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\...\Run: [Free Download Manager] => C:\Program Files (x86)\Free Download Manager\fdm.exe [5693544 2015-08-07] (FreeDownloadManager.ORG)
HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\...\RunOnce: [Uninstall C:\Users\jr_-_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jr_-_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\...\RunOnce: [Uninstall C:\Users\jr_-_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jr_-_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\...\RunOnce: [Uninstall C:\Users\jr_-_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jr_-_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\FAHSCR~1.SCR
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\jr_-_000\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\jr_-_000\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\jr_-_000\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\jr_-_000\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\jr_-_000\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\jr_-_000\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk [2015-09-23]
ShortcutTarget: Heimdal.lnk -> C:\Program Files (x86)\Heimdal\Client\HeimdalAgent.exe (CSIS Security Group)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-08-15]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-09-23]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\jr_-_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-09-25]
ShortcutTarget: MEGAsync.lnk -> C:\Users\jr_-_000\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\jr_-_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-09-25]
ShortcutTarget: MEGAsync.lnk -> C:\Users\jr_-_000\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
BootExecute: PDBoot.exeautocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-2383060744-1632920453-3574771285-1002] => http://127.0.0.1:9614/proxy.pac
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{30c8f18d-3852-47a3-b8f9-a45f3a636205}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d365d5ef-8911-4da9-bc8a-c14d75ce8fcc}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://feedly.com/i/my
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-04] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-04] (Oracle Corporation)
BHO-x32: PDFXChange 2012 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange 5\Win32\PXCIEaddin5.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-04] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-08-15] (LastPass)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-08-07] (FreeDownloadManager.ORG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-04] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-08-15] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-08-15] (LastPass)
Toolbar: HKLM-x32 - PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\Win32\PXCIEaddin5.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-15] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\jr_-_000\AppData\Roaming\Mozilla\Firefox\Profiles\fRFYrAAo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-04] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-08-15] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2015-09-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-04] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-08-15] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-15] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-08-27] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2015-09-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2015-09-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2383060744-1632920453-3574771285-1002: SkypePlugin -> C:\Users\jr_-_000\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi.dll [2015-08-02] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2383060744-1632920453-3574771285-1002: SkypePlugin64 -> C:\Users\jr_-_000\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi-x64.dll [2015-08-02] (Skype Technologies S.A.)
FF Extension: Avira Browser Safety - C:\Users\jr_-_000\AppData\Roaming\Mozilla\Firefox\Profiles\fRFYrAAo.default\Extensions\abs@avira.com [2015-09-25]
FF Extension: Avira SafeSearch Plus - C:\Users\jr_-_000\AppData\Roaming\Mozilla\Firefox\Profiles\fRFYrAAo.default\Extensions\safesearchplus@avira.com [2015-09-25]
FF HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\jr_-_000\AppData\Local\XDM\xdmff => not found
FF HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager extension - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-09-25]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR NewTab: Default -> "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://safesearch.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> f
CHR DefaultSuggestURL: Default -> hxxps://safesearch.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-14]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-08-14]
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2015-09-25]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-08-14]
CHR Extension: (Taco) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aogabobfbepcehdkbfagdflinolncebh [2015-09-01]
CHR Extension: (Google Docs) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-14]
CHR Extension: (Google Drive) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-14]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-08-15]
CHR Extension: (MEGA) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-09-25]
CHR Extension: (Auto Copy) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bijpdibkloghppkbmhcklkogpjaenfkg [2015-08-14]
CHR Extension: (Skype Calling) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-09-06]
CHR Extension: (YouTube) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-14]
CHR Extension: (Nimbus Screenshot and Screencast) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2015-08-14]
CHR Extension: (Pushbullet) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-08-14]
CHR Extension: (uBlock Origin) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-09-02]
CHR Extension: (Google Search) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-14]
CHR Extension: (Cupcake) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajjbehmbnbppjkcnpdkaniapgdppdnc [2015-08-14]
CHR Extension: (Session Buddy) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-08-14]
CHR Extension: (Context Bookmarks) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednnkpljcbpjcoplcooifiblghkephlh [2015-08-14]
CHR Extension: (Feedly Notifier) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\egikgfbhipinieabdmcpigejkaomgjgb [2015-08-14]
CHR Extension: (Home - New Tab Page) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2015-09-22]
CHR Extension: (Google Sheets) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-14]
CHR Extension: (Avira Browser Safety) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-09-25]
CHR Extension: (Facebook Quick Share) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccankbfoldbmopamiokjlnnafnoiadd [2015-09-26]
CHR Extension: (Select and Speak - Text to Speech) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjopfpjmkcfgjpogepmdjmcnihfpokn [2015-08-14]
CHR Extension: (Google Docs Offline) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-08-29]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-08-14]
CHR Extension: (feedly) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-08-14]
CHR Extension: (Referer Control) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcfpcejkafcihlgbojoidoihckciin [2015-08-14]
CHR Extension: (Clearly) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-08-14]
CHR Extension: (Spreed - speed read the web) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2015-08-14]
CHR Extension: (Facebook Share Button (by Shareaholic)) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf [2015-08-14]
CHR Extension: (Speed Dial 2) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-08-14]
CHR Extension: (The Great Suspender) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-08-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-15]
CHR Extension: (SmoothScroll) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbokbjkabcmbfdlbddjidfmibcpneigj [2015-08-14]
CHR Extension: (MultiLogin) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccllfnllopfpcbjdgjdlfmomnfgnnbk [2015-08-14]
CHR Extension: (Webutation) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj [2015-08-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2015-08-15]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-08-14]
CHR Extension: (Autosave Text) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgpghebcjlafeegihofjnhhmllplnie [2015-08-14]
CHR Extension: (Gmail) - C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
CHR HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ahmpjcflkgiildlgicmcieglgoilbfdp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-09-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1148688 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [240872 2015-09-10] (Avira Operations GmbH & Co. KG)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2015-09-23] (Fork, Ltd.) [File not signed]
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-09-14] (NVIDIA Corporation)
R2 HeimdalSecureDNS; C:\Program Files (x86)\Heimdal\HeimdalSecureDNS\DnsService.exe [93776 2015-08-14] (Microsoft)
R2 HeimdalService; C:\Program Files (x86)\Heimdal\Service\HeimdalAgentService.exe [132688 2015-08-14] (CSIS Security Group)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-08-14] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-08] (IObit)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739128 2015-09-05] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-09-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568120 2015-09-14] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-02] (Electronic Arts)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-08-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-08-14] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-08-31] (Razer Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-09-21] (Sandboxie Holdings, LLC)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 SpyShelterSrv; C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe [49320 2015-09-25] (Datpol)
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [105112 2015-07-16] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-26] () [File not signed]
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [151480 2015-02-26] () [File not signed]
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [17848 2015-02-26] () [File not signed]
R1 AntiLog32; C:\WINDOWS\system32\drivers\AntiLog64.sys [49752 2015-09-03] (Zemana Ltd.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4301304 2015-09-20] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
S3 cpuz136; C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [23856 2015-09-23] (CPUID)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-09-05] ()
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [43696 2015-06-17] (Microsoft Corporation)
S3 GGSAFERDriver; C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [27744 2015-09-24] ()
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2015-09-12] (REALiX™)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-14] (REALiX™)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-08-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-09-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32568 2015-08-15] (EldoS Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2015-09-23] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410848 2015-08-14] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [191624 2015-09-21] (Sandboxie Holdings, LLC)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R1 Spyshelter; C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.sys [1805064 2015-09-25] (SpyShelter)
R2 SpyshelterFw; C:\Program Files (x86)\SpyShelter Firewall\SpyshelterWFP.sys [98568 2015-09-25] (SpyShelter)
R1 SpyshelterKb; C:\Program Files (x86)\SpyShelter Firewall\SpyshelterKb.sys [180488 2015-09-25] (SpyShelter)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-28 06:31 - 2015-09-28 06:32 - 00039746 _____ C:\Users\jr_-_000\Desktop\FRST.txt
2015-09-28 06:31 - 2015-09-28 06:31 - 00000000 ____D C:\FRST
2015-09-28 06:29 - 2015-09-28 06:30 - 02192384 _____ (Farbar) C:\Users\jr_-_000\Desktop\FRST64.exe
2015-09-28 05:13 - 2015-09-28 05:13 - 00016148 _____ C:\WINDOWS\system32\NOTE14R_ElsonJunior_HistoryPrediction.bin
2015-09-28 05:13 - 2015-09-28 05:13 - 00003604 _____ C:\WINDOWS\System32\Tasks\gg_uac_daemon_ElsonJunior
2015-09-26 16:01 - 2015-09-26 15:58 - 15323428 _____ C:\Users\jr_-_000\Desktop\cbs.txt
2015-09-26 13:49 - 2015-09-26 13:49 - 00000000 ___HD C:\OneDriveTemp
2015-09-26 13:20 - 2015-09-26 13:20 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\niemiro
2015-09-26 13:17 - 2015-09-26 13:17 - 00000649 _____ C:\Users\jr_-_000\Desktop\SFCFix.zip
2015-09-26 04:19 - 2015-09-26 04:19 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2015-09-26 01:23 - 2015-09-26 01:24 - 01319424 _____ (niemiro) C:\Users\jr_-_000\Desktop\SFCFix.exe
2015-09-25 12:03 - 2015-09-26 12:51 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\SpyShelter
2015-09-25 12:03 - 2015-09-25 12:03 - 00001181 _____ C:\Users\Public\Desktop\SpyShelter Firewall.lnk
2015-09-25 12:03 - 2015-09-25 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyShelter
2015-09-25 12:03 - 2015-09-25 12:03 - 00000000 ____D C:\Program Files (x86)\SpyShelter Firewall
2015-09-25 12:03 - 2015-09-18 10:30 - 00044328 _____ (Datpol) C:\WINDOWS\system32\SpyShelterShellExt.dll
2015-09-25 12:03 - 2015-09-18 10:30 - 00035624 _____ (Datpol) C:\WINDOWS\SysWOW64\SpyShelterShellExt.dll
2015-09-25 11:55 - 2015-09-26 12:46 - 00000444 _____ C:\WINDOWS\Tasks\AOMEI System Backup 2015-09-06, 11-58-10.job
2015-09-25 11:54 - 2015-09-25 11:54 - 00001024 ____H C:\SYSTAG.BIN
2015-09-25 03:48 - 2015-09-25 03:48 - 00001289 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-09-25 03:40 - 2015-09-25 03:40 - 00000000 ____D C:\Users\jr_-_000\Documents\MEGAsync
2015-09-25 03:40 - 2015-09-25 03:40 - 00000000 ____D C:\Users\jr_-_000\Documents\MEGA
2015-09-25 03:39 - 2015-09-25 03:39 - 00001140 _____ C:\Users\jr_-_000\Desktop\MEGAsync.lnk
2015-09-25 03:39 - 2015-09-25 03:39 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-09-25 03:39 - 2015-09-25 03:39 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\MEGAsync
2015-09-25 03:39 - 2015-09-25 03:39 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\Mega Limited
2015-09-25 03:06 - 2015-09-25 03:06 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\Avira
2015-09-25 03:02 - 2015-09-25 03:02 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\Mozilla
2015-09-25 03:00 - 2015-09-01 17:09 - 00148632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-09-25 03:00 - 2015-09-01 17:09 - 00137800 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-09-25 03:00 - 2015-09-01 17:09 - 00074440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-09-25 03:00 - 2015-09-01 17:09 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-09-25 02:51 - 2015-09-28 05:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-25 02:51 - 2015-09-25 03:00 - 00000000 ____D C:\ProgramData\Avira
2015-09-25 02:51 - 2015-09-25 03:00 - 00000000 ____D C:\Program Files (x86)\Avira
2015-09-25 02:45 - 2015-09-25 02:45 - 00003520 _____ C:\WINDOWS\System32\Tasks\{BEAC58BD-B45B-45B6-8F32-73A40629203B}
2015-09-25 02:44 - 2015-09-25 02:44 - 00000000 ____D C:\Users\jr_-_000\Downloads\VirusTotalScanner
2015-09-25 02:40 - 2015-09-28 06:29 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\Free Download Manager
2015-09-25 02:40 - 2015-09-25 02:40 - 00001154 _____ C:\Users\jr_-_000\Desktop\Free Download Manager.lnk
2015-09-25 02:40 - 2015-09-25 02:40 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\FreeDownloadManager.ORG
2015-09-25 02:40 - 2015-09-25 02:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2015-09-25 02:40 - 2015-09-25 02:40 - 00000000 ____D C:\ProgramData\FreeDownloadManager.ORG
2015-09-25 02:40 - 2015-09-25 02:40 - 00000000 ____D C:\Program Files (x86)\Free Download Manager
2015-09-25 02:36 - 2015-09-25 02:36 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\GetGo Software
2015-09-25 02:35 - 2015-09-25 02:35 - 03874104 _____ C:\Users\jr_-_000\Downloads\GetGoDMSetup.exe
2015-09-25 02:34 - 2015-09-25 02:39 - 10780232 _____ (FreeDownloadManager.ORG ) C:\Users\jr_-_000\Downloads\fdminst.exe
2015-09-25 02:23 - 2015-09-25 02:25 - 20188128 _____ (FreeDownloadManager.ORG ) C:\Users\jr_-_000\Downloads\fdminst.5.0.4520.3.exe
2015-09-25 02:19 - 2015-09-25 02:25 - 00000000 ____D C:\Users\jr_-_000\Downloads\TCPOptimizer
2015-09-25 01:14 - 2015-09-25 01:16 - 00000000 ____D C:\Users\jr_-_000\Downloads\ffmpeg-20150924-git-aa6c43f-win64-static
2015-09-25 01:14 - 2015-09-24 23:14 - 00000000 ____D C:\ffmpeg
2015-09-25 01:11 - 2015-09-25 01:13 - 33253733 _____ C:\Users\jr_-_000\Downloads\ffmpeg-20150924-git-aa6c43f-win64-static.7z
2015-09-25 01:05 - 2015-09-25 01:05 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\Subhra Das Gupta
2015-09-25 01:04 - 2015-09-25 01:04 - 00657184 _____ C:\Users\jr_-_000\Downloads\xdm5setup.exe
2015-09-24 14:23 - 2015-09-25 03:34 - 00000878 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2015-09-23 19:30 - 2015-09-23 19:30 - 00001164 _____ C:\Users\jr_-_000\Desktop\OOSU10.exe - Shortcut.lnk
2015-09-23 19:29 - 2015-09-23 19:29 - 00001604 _____ C:\Users\jr_-_000\Desktop\rinseandrepeat-rc2_windows.exe - Shortcut.lnk
2015-09-23 19:13 - 2015-09-26 13:19 - 00001624 _____ C:\WINDOWS\Sandboxie.ini
2015-09-23 19:13 - 2015-09-23 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-09-23 19:13 - 2015-09-23 19:12 - 00000939 _____ C:\Users\jr_-_000\Desktop\Sandboxed Web Browser.lnk
2015-09-23 19:12 - 2015-09-23 19:12 - 00000000 ____D C:\Program Files\Sandboxie
2015-09-23 19:06 - 2015-09-25 01:48 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\XYplorer
2015-09-23 19:06 - 2015-09-23 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XYplorer
2015-09-23 19:06 - 2015-09-23 19:06 - 00000000 ____D C:\Program Files (x86)\XYplorer
2015-09-23 18:52 - 2015-09-23 18:52 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\IsolatedStorage
2015-09-23 07:39 - 2015-09-23 07:39 - 00001148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-09-23 07:39 - 2015-09-23 07:39 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\Secunia PSI
2015-09-23 07:39 - 2015-09-23 07:39 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-09-23 06:34 - 2015-09-15 13:12 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-23 06:34 - 2015-09-15 13:12 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-23 06:09 - 2015-09-23 06:09 - 00000000 ____D C:\WINDOWS\Prey
2015-09-23 06:04 - 2015-09-23 06:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSIS Heimdal
2015-09-23 06:04 - 2015-09-23 06:04 - 00000000 ____D C:\ProgramData\CSIS
2015-09-23 06:03 - 2015-09-23 06:04 - 00000000 ____D C:\Program Files (x86)\Heimdal
2015-09-23 05:53 - 2015-09-23 05:53 - 00003428 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2015-09-23 05:53 - 2015-09-23 05:53 - 00003088 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (ElsonJunior)
2015-09-23 05:53 - 2015-09-23 05:53 - 00002239 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2015-09-23 05:53 - 2015-09-23 05:53 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2015-09-23 05:53 - 2015-09-23 05:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2015-09-23 05:08 - 2015-09-23 05:08 - 00888064 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2015-09-23 05:08 - 2015-09-23 05:08 - 00082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2015-09-23 04:58 - 2015-09-23 04:58 - 00002100 _____ C:\Users\Public\Desktop\PerfectDisk.lnk
2015-09-23 04:58 - 2015-09-23 04:58 - 00002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerfectDisk.lnk
2015-09-23 04:58 - 2015-09-23 04:58 - 00000000 ____D C:\ProgramData\Raxco
2015-09-23 04:58 - 2015-09-23 04:58 - 00000000 ____D C:\Program Files\Raxco
2015-09-23 04:58 - 2015-09-23 04:58 - 00000000 ____D C:\Program Files\Common Files\Raxco
2015-09-23 04:58 - 2015-09-23 04:58 - 00000000 ____D C:\Program Files (x86)\Raxco
2015-09-23 04:58 - 2015-06-09 13:24 - 00120960 _____ (Raxco Software, Inc.) C:\WINDOWS\system32\Drivers\DefragFS.sys
2015-09-23 04:56 - 2015-09-23 04:56 - 00000000 ____D C:\Users\jr_-_000\Downloads\rinseandrepeat-rc2_windows
2015-09-23 04:47 - 2015-09-23 04:47 - 00003106 _____ C:\WINDOWS\System32\Tasks\Process Lasso Management Console (GUI)
2015-09-23 04:47 - 2015-09-23 04:47 - 00003096 _____ C:\WINDOWS\System32\Tasks\Process Lasso Core Engine Only
2015-09-22 21:56 - 2015-09-13 19:04 - 01062008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-09-22 21:56 - 2015-09-13 19:04 - 00074872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-09-22 21:53 - 2015-09-21 19:56 - 00041600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-09-22 21:53 - 2015-09-21 19:55 - 11198080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-09-22 21:53 - 2015-09-13 21:24 - 42840184 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 37819000 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 22559352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 18569848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 17934400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 16646112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 15631128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 15336024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 14945040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 13666840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 12611632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 12191856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 03484216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 03077544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 02354808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 02105976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 01898104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435598.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 01558832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435598.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 01178248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 01075320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 01064056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 01001440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 00986416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 00945272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 00787384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 00632664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 00408184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 00387720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 00364152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 00316120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 00177088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 00155792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 00150648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-09-22 21:53 - 2015-09-13 21:24 - 00034098 _____ C:\WINDOWS\system32\nvinfo.pb
2015-09-22 21:43 - 2015-09-14 06:11 - 01794160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-09-22 21:43 - 2015-09-14 06:11 - 00110616 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2015-09-21 15:52 - 2015-09-21 15:52 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\TeamViewer
2015-09-21 15:49 - 2015-09-27 17:34 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-21 15:49 - 2015-09-21 17:46 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\TeamViewer
2015-09-21 15:49 - 2015-09-21 15:49 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-21 15:49 - 2015-09-21 15:49 - 00001110 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-09-21 00:32 - 2015-09-21 00:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\cFos
2015-09-20 04:03 - 2015-09-20 04:03 - 04301304 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2015-09-20 04:01 - 2015-09-20 04:01 - 00003278 _____ C:\WINDOWS\System32\Tasks\iolo DNS Fix
2015-09-20 04:01 - 2015-09-20 04:01 - 00001152 _____ C:\WINDOWS\ioloDNSFix.lnk
2015-09-20 03:42 - 2015-09-20 03:42 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\pokerth
2015-09-20 03:33 - 2015-09-20 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerTH
2015-09-20 03:32 - 2015-09-20 03:33 - 00000000 ____D C:\Program Files (x86)\PokerTH-1.1.1
2015-09-20 03:29 - 2015-09-20 03:29 - 00001283 _____ C:\Users\jr_-_000\Desktop\SUMo.lnk
2015-09-20 01:00 - 2015-09-20 01:00 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-19 23:45 - 2015-09-19 23:45 - 00115342 _____ C:\Users\jr_-_000\Desktop\DISM.zip
2015-09-19 23:45 - 2015-09-19 23:45 - 00000000 ____D C:\Users\jr_-_000\Desktop\DISM
2015-09-19 23:11 - 2015-09-19 23:11 - 03633569 _____ C:\Users\jr_-_000\Desktop\CBS.zip
2015-09-19 23:10 - 2015-09-19 23:10 - 00000000 ____D C:\Users\jr_-_000\Desktop\CBS
2015-09-19 20:13 - 2015-09-19 20:13 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-09-19 20:08 - 2015-09-19 20:08 - 00875126 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-09-19 13:25 - 2015-09-25 11:54 - 00000000 ____D C:\Program Files (x86)\AOMEI Backupper
2015-09-19 13:25 - 2015-09-19 13:25 - 00001142 _____ C:\Users\Public\Desktop\AOMEI Backupper Professional.lnk
2015-09-19 13:25 - 2015-09-19 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2015-09-19 13:25 - 2015-02-26 00:00 - 00151480 _____ C:\WINDOWS\system32\ammntdrv.sys
2015-09-19 13:25 - 2015-02-26 00:00 - 00030648 _____ C:\WINDOWS\system32\ambakdrv.sys
2015-09-19 13:25 - 2015-02-26 00:00 - 00017848 _____ C:\WINDOWS\system32\amwrtdrv.sys
2015-09-19 04:36 - 2015-09-26 13:20 - 00002578 _____ C:\Users\jr_-_000\Desktop\SFCFix.txt
2015-09-19 01:44 - 2015-09-19 01:44 - 00002244 _____ C:\Users\jr_-_000\Desktop\Tweaking.com - Windows Repair.lnk
2015-09-16 08:10 - 2015-09-28 06:16 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-16 08:10 - 2015-09-27 08:15 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-15 00:45 - 2015-09-15 00:45 - 00002349 _____ C:\Users\jr_-_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-12 14:11 - 2015-09-25 11:55 - 00004048 _____ C:\WINDOWS\System32\Tasks\AOMEI System Backup 2015-09-06, 11-58-10
2015-09-12 02:30 - 2015-09-12 02:30 - 00001117 _____ C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2015-09-12 02:29 - 2015-09-12 02:29 - 00000000 ____D C:\ProgramData\FileOpen
2015-09-12 02:21 - 2015-09-12 02:21 - 00001951 _____ C:\Users\jr_-_000\Desktop\jv16 PowerTools X.lnk
2015-09-12 02:17 - 2015-09-12 02:17 - 00027552 _____ (REALiX™) C:\WINDOWS\system32\Drivers\HWiNFO64A.SYS
2015-09-09 00:56 - 2015-09-01 22:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 00:56 - 2015-09-01 21:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 00:56 - 2015-09-01 21:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 00:56 - 2015-08-27 03:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 00:56 - 2015-08-27 03:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 00:56 - 2015-08-27 03:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 00:56 - 2015-08-27 02:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 00:56 - 2015-08-27 02:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 00:56 - 2015-08-27 02:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 00:56 - 2015-08-27 02:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 00:56 - 2015-08-27 02:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 00:56 - 2015-08-27 02:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 00:56 - 2015-08-27 02:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 00:56 - 2015-08-27 02:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 00:56 - 2015-08-27 02:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 00:56 - 2015-08-27 02:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 00:56 - 2015-08-27 02:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 00:56 - 2015-08-27 02:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 00:56 - 2015-08-27 02:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 00:56 - 2015-08-27 02:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 00:56 - 2015-08-27 02:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 00:56 - 2015-08-27 02:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 00:56 - 2015-08-27 02:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 00:56 - 2015-08-27 02:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-09 00:56 - 2015-08-27 02:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 00:56 - 2015-08-27 02:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 00:56 - 2015-08-27 02:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 00:56 - 2015-08-27 02:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 00:56 - 2015-08-27 02:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 00:56 - 2015-08-27 02:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 00:56 - 2015-08-27 02:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 00:56 - 2015-08-27 02:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-07 23:50 - 2015-09-22 21:42 - 00000103 _____ C:\WINDOWS\setupact.log
2015-09-07 23:50 - 2015-09-07 23:50 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-07 23:32 - 2015-09-23 04:53 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2015-09-07 23:32 - 2015-09-23 04:51 - 00000193 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2015-09-06 06:15 - 2015-09-25 03:22 - 00273304 _____ C:\WINDOWS\PFRO.log
2015-09-06 04:24 - 2015-09-06 04:24 - 00000406 _____ C:\WINDOWS\system32\ioloBootDefrag.cfg
2015-09-06 04:16 - 2015-08-15 23:39 - 00032568 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rawdsk3.sys
2015-09-06 02:44 - 2015-09-06 02:45 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\SkypePlugin
2015-09-05 22:46 - 2015-09-05 22:46 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\Eraser 6
2015-09-05 13:06 - 2015-09-28 05:49 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-05 13:05 - 2015-09-23 02:56 - 00341424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-05 12:25 - 2015-09-05 12:25 - 00001663 _____ C:\Users\jr_-_000\Desktop\CCEnhancer.lnk
2015-09-05 12:25 - 2015-09-05 12:25 - 00000000 ____D C:\Users\jr_-_000\Downloads\CCEnhancer
2015-09-05 06:25 - 2015-09-25 11:54 - 00000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2015-09-05 06:24 - 2015-09-06 12:00 - 00000000 ____D C:\ProgramData\AomeiBR
2015-09-05 05:35 - 2015-09-12 02:22 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools X
2015-09-05 05:35 - 2015-09-05 05:35 - 00000020 ___SH C:\Users\jr_-_000\AppData\Roaming\System413_DataDB.ind
2015-09-05 05:35 - 2015-09-05 05:35 - 00000020 ___SH C:\Users\jr_-_000\AppData\Roaming\Sys11965 DataCollection.dat
2015-09-05 05:34 - 2015-09-26 12:51 - 00000000 ____D C:\Program Files (x86)\jv16 PowerTools X
2015-09-05 04:41 - 2015-09-05 04:41 - 00000000 ____D C:\Users\jr_-_000\.android
2015-09-05 03:44 - 2015-09-05 03:44 - 00001899 _____ C:\Users\Public\Desktop\Apps.lnk
2015-09-05 03:44 - 2015-09-05 03:44 - 00001888 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-09-05 03:43 - 2015-09-05 12:56 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-09-05 03:43 - 2015-09-05 03:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-09-05 03:43 - 2015-09-05 03:43 - 00000000 ____D C:\ProgramData\BlueStacks
2015-09-05 03:43 - 2015-09-05 03:43 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-09-05 03:37 - 2015-09-05 03:37 - 00003676 _____ C:\WINDOWS\System32\Tasks\PeerBlock start
2015-09-05 03:25 - 2015-09-26 13:19 - 00000000 ____D C:\Program Files\PeerBlock
2015-09-05 03:25 - 2015-09-05 03:25 - 00001779 _____ C:\Users\jr_-_000\Desktop\PeerBlock.lnk
2015-09-05 03:25 - 2015-09-05 03:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2015-09-05 01:28 - 2015-09-05 01:28 - 00000002 __RSH C:\WINDOWS\72736442880
2015-09-05 01:26 - 2015-09-05 01:36 - 00000000 ____D C:\Program Files (x86)\First Draft
2015-09-05 01:26 - 2015-09-05 01:26 - 00001122 _____ C:\Users\jr_-_000\Desktop\First Draft.lnk
2015-09-05 01:26 - 2015-09-05 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\First Draft
2015-09-05 01:26 - 2015-09-05 01:26 - 00000000 _____ C:\WINDOWS\fdtest
2015-09-05 00:08 - 2015-09-05 00:08 - 00108544 _____ (John Paul Chacha's Lab) C:\WINDOWS\ies_Shell64.dll
2015-09-05 00:08 - 2015-09-05 00:08 - 00096256 _____ (John Paul Chacha's Lab) C:\WINDOWS\ies_Shell32.dll
2015-09-05 00:08 - 2015-09-05 00:08 - 00001294 _____ C:\Users\Public\Desktop\Chasys Draw IES.lnk
2015-09-05 00:08 - 2015-09-05 00:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\John Paul Chacha's Lab
2015-09-05 00:08 - 2015-09-05 00:08 - 00000000 ____D C:\ProgramData\Chasys Draw IES
2015-09-05 00:08 - 2015-09-05 00:08 - 00000000 ____D C:\Program Files (x86)\John Paul Chacha's Lab
2015-09-04 16:17 - 2015-09-04 16:17 - 00001333 _____ C:\Users\Public\Desktop\Razer Cortex.lnk
2015-09-04 16:08 - 2015-09-04 16:08 - 00003724 _____ C:\WINDOWS\System32\Tasks\SpeedFan start
2015-09-04 15:44 - 2015-09-04 15:44 - 134217728 ____T C:\oodwipefreespace-1D0E741C2CB49F6-0
2015-09-04 15:40 - 2015-09-04 15:30 - 00000873 _____ C:\Users\jr_-_000\Desktop\HWiNFO64 Program.lnk
2015-09-04 15:30 - 2015-09-12 02:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2015-09-04 15:30 - 2015-09-12 02:17 - 00000000 ____D C:\Program Files\HWiNFO64
2015-09-04 14:25 - 2015-09-28 00:00 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-09-04 14:25 - 2015-09-04 14:25 - 00001082 _____ C:\Users\jr_-_000\Desktop\SpeedFan.lnk
2015-09-04 14:25 - 2015-09-04 14:25 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2015-09-04 14:25 - 2015-09-04 14:25 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-09-04 13:50 - 2015-09-04 13:50 - 00002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2015-09-04 13:42 - 2015-09-04 13:42 - 00001550 _____ C:\Users\jr_-_000\Desktop\Software Informer.lnk
2015-09-04 13:40 - 2015-09-04 13:40 - 00001101 _____ C:\Users\jr_-_000\Desktop\EEM.lnk
2015-09-04 13:29 - 2015-09-04 13:29 - 00000000 _____ C:\WINDOWS\SysWOW64\RENF601.tmp
2015-09-04 13:29 - 2015-09-04 13:28 - 00110688 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-09-04 06:21 - 2015-09-04 06:21 - 00001369 _____ C:\Users\jr_-_000\Desktop\GTAV.lnk
2015-09-04 06:21 - 2015-09-04 06:21 - 00001338 _____ C:\Users\jr_-_000\Desktop\GTAVCRC V1.7.lnk
2015-09-04 05:14 - 2015-07-09 18:45 - 00295936 _____ (The OpenSSL Project, http://www.openssl.org/) C:\WINDOWS\SysWOW64\ssleay32.dll
2015-09-04 05:14 - 2012-06-14 15:36 - 00107520 _____ C:\WINDOWS\SysWOW64\zlib1.dll
2015-09-04 05:14 - 2011-10-01 09:16 - 00445016 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2015-09-04 05:14 - 2011-10-01 09:16 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\openal32.dll
2015-09-04 05:14 - 2011-01-12 14:36 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71u.dll
2015-09-04 05:14 - 2011-01-12 14:25 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71DEU.dll
2015-09-04 05:14 - 2011-01-12 14:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71ITA.dll
2015-09-04 05:14 - 2011-01-12 14:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71FRA.dll
2015-09-04 05:14 - 2011-01-12 14:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71ESP.dll
2015-09-04 05:14 - 2011-01-12 14:25 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71ENU.dll
2015-09-04 05:14 - 2011-01-12 14:25 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71KOR.dll
2015-09-04 05:14 - 2011-01-12 14:25 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71JPN.dll
2015-09-04 05:14 - 2011-01-12 14:25 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71CHT.dll
2015-09-04 05:14 - 2011-01-12 14:25 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71CHS.dll
2015-09-04 05:14 - 2011-01-12 14:19 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-09-04 05:14 - 2011-01-12 13:53 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl71.dll
2015-09-04 05:14 - 2010-03-18 21:21 - 00799568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdia100.dll
2015-09-04 05:14 - 2007-02-01 23:13 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2015-09-04 05:14 - 2007-02-01 20:11 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-09-04 05:14 - 2006-08-26 01:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70ITA.dll
2015-09-04 05:14 - 2006-08-26 01:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70FRA.dll
2015-09-04 05:14 - 2006-08-26 01:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70ESP.dll
2015-09-04 05:14 - 2006-08-26 01:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70DEU.dll
2015-09-04 05:14 - 2006-08-26 01:15 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70ENU.dll
2015-09-04 05:14 - 2006-08-26 01:15 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70KOR.dll
2015-09-04 05:14 - 2006-08-26 01:15 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70JPN.dll
2015-09-04 05:14 - 2006-08-26 01:15 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70CHT.dll
2015-09-04 05:14 - 2006-08-26 01:15 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70CHS.dll
2015-09-04 05:14 - 2006-08-26 01:07 - 01024000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70.dll
2015-09-04 05:14 - 2005-01-20 20:25 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvci70.dll
2015-09-04 05:14 - 2002-01-05 06:40 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp70.dll
2015-09-04 05:14 - 1996-01-12 04:00 - 00722192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vb40032.dll
2015-09-04 05:13 - 2015-09-04 05:14 - 00010828 _____ C:\WINDOWS\unins000.dat
2015-09-04 05:13 - 2015-09-04 05:13 - 01198049 _____ C:\WINDOWS\unins000.exe
2015-09-04 05:13 - 2015-09-04 05:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-04 05:13 - 2015-07-15 13:56 - 00295936 _____ (The OpenSSL Project, http://www.openssl.org/) C:\WINDOWS\SysWOW64\libssl32.dll
2015-09-04 05:13 - 2015-07-10 11:51 - 00456008 _____ (AutoIt Team) C:\WINDOWS\SysWOW64\autoitx3.dll
2015-09-04 05:13 - 2015-07-09 18:45 - 01260544 _____ (The OpenSSL Project, http://www.openssl.org/) C:\WINDOWS\SysWOW64\libeay32.dll
2015-09-04 05:13 - 2015-07-08 10:29 - 03477818 _____ (Red Hat) C:\WINDOWS\SysWOW64\cygwin1.dll
2015-09-04 05:13 - 2014-01-31 03:14 - 01055676 _____ (Free Software Foundation) C:\WINDOWS\SysWOW64\libiconv2.dll
2015-09-04 05:13 - 2014-01-25 14:30 - 00131072 _____ (Sereby Corporation) C:\WINDOWS\SysWOW64\AiORuntimes.dll
2015-09-04 05:13 - 2013-12-23 15:44 - 00163480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 01070232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomctl.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00660120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomct2.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00617896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00444328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshflxgd.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00416408 _____ (Microsoft Corporation ) C:\WINDOWS\SysWOW64\comct332.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00279192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdatgrd.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00259736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msflxgrd.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00253080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdatlst.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00222360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tabctl32.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00219288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\richtx32.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00218776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dblist32.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00212112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mci32.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00179352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmask32.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00170920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comct232.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00131728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinet.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00130712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msstdfmt.dll
2015-09-04 05:13 - 2013-12-20 01:48 - 00127640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswinsck.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00119960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomm32.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00108696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msstkprp.dll
2015-09-04 05:13 - 2013-12-20 01:48 - 00104088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\picclp32.ocx
2015-09-04 05:13 - 2013-12-20 01:48 - 00084624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysinfo.ocx
2015-09-04 05:13 - 2012-04-03 17:11 - 00138752 _____ C:\WINDOWS\SysWOW64\libpng15.dll
2015-09-04 05:13 - 2011-10-12 04:09 - 04033440 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmmd.dll
2015-09-04 05:13 - 2010-06-27 18:44 - 00053248 _____ (Adobe Systems, Incorporated) C:\WINDOWS\system\plugin.dll
2015-09-04 05:13 - 2008-08-26 07:40 - 00162304 _____ C:\WINDOWS\SysWOW64\libpng13.dll
2015-09-04 05:13 - 2006-08-26 00:17 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl70.dll
2015-09-04 05:13 - 2005-05-06 14:52 - 00103424 _____ (GNU <www.gnu.org>) C:\WINDOWS\SysWOW64\libintl3.dll
2015-09-04 05:13 - 1996-01-12 04:00 - 00935632 _____ (Microsoft Corporation) C:\WINDOWS\system\vb40016.dll
2015-09-04 05:13 - 1994-11-17 14:00 - 00210944 _____ C:\WINDOWS\system\msvcrt10.dll
2015-09-04 05:13 - 1993-05-11 20:00 - 00398416 _____ (Microsoft Corporation) C:\WINDOWS\system\vbrun300.dll
2015-09-04 05:13 - 1992-10-21 01:00 - 00356992 _____ (Microsoft Corporation) C:\WINDOWS\system\vbrun200.dll
2015-09-04 05:13 - 1991-05-10 02:00 - 00271264 _____ C:\WINDOWS\system\vbrun100.dll
2015-09-04 05:11 - 2015-09-04 05:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-04 05:10 - 2015-09-20 03:33 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-09-04 05:10 - 2015-09-04 05:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-04 05:07 - 2015-09-28 05:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-04 05:07 - 2015-09-22 03:35 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-04 04:32 - 2015-09-04 13:29 - 00000000 ____D C:\Program Files\Java
2015-09-04 04:31 - 2015-09-04 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-04 04:31 - 2015-09-04 04:31 - 00000000 ____D C:\ProgramData\Sun
2015-09-04 04:30 - 2015-09-04 13:29 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-04 04:07 - 2015-09-04 05:14 - 00000000 ____D C:\AiO-Files
2015-09-04 01:50 - 2015-09-04 01:50 - 00000384 _____ C:\Users\jr_-_000\Documents\Zemana AntiLogger Activation.url
2015-09-03 19:32 - 2015-09-27 22:35 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-09-03 19:32 - 2015-09-07 23:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-09-03 19:32 - 2015-09-07 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-09-03 14:25 - 2015-09-03 14:25 - 00049752 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\AntiLog64.sys
2015-09-03 14:25 - 2015-09-03 14:25 - 00000988 _____ C:\Users\Public\Desktop\AntiLogger.lnk
2015-09-03 14:25 - 2015-09-03 14:25 - 00000000 ___DC C:\ProgramData\{02A8F2F7-A05E-4DC5-950D-52243BB4C610}
2015-09-03 14:24 - 2015-09-03 14:25 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\Zemana
2015-09-03 14:24 - 2015-09-03 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger
2015-09-03 14:24 - 2015-09-03 14:25 - 00000000 ____D C:\Program Files (x86)\AntiLogger
2015-09-03 14:24 - 2015-09-03 14:24 - 00000000 ____D C:\WINDOWS\SysWOW64\ZALSDK_uninst
2015-09-03 14:24 - 2015-09-03 14:24 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2015-09-03 14:24 - 2014-12-30 13:31 - 07039960 _____ (Zemana Ltd.) C:\WINDOWS\SysWOW64\ZALSDKCore.dll
2015-09-03 14:24 - 2014-12-30 13:31 - 00076520 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt64.sys
2015-09-03 10:16 - 2015-09-03 10:16 - 00001214 _____ C:\Users\jr_-_000\Desktop\NoDefender.lnk
2015-09-03 08:08 - 2015-09-03 08:08 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\Rockstar Games
2015-09-03 08:01 - 2015-07-29 22:04 - 00077624 _____ (eagleGet) C:\WINDOWS\system32\Drivers\eagleGet.sys
2015-09-03 02:04 - 2015-09-03 02:04 - 00001046 _____ C:\Users\Public\Desktop\Play Grand Theft Auto V.lnk
2015-09-03 00:43 - 2015-09-04 05:59 - 00000000 ____D C:\Program Files\Rockstar Games
2015-09-03 00:21 - 2015-09-03 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2015-09-02 22:16 - 2015-09-04 06:00 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-09-02 22:03 - 2015-09-02 22:03 - 00001142 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-09-02 22:03 - 2015-09-02 22:03 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\VS Revo Group
2015-09-02 22:02 - 2015-09-02 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-09-02 22:02 - 2015-09-02 22:02 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-09-02 22:02 - 2015-09-02 22:02 - 00000000 ____D C:\Program Files\VS Revo Group
2015-09-02 22:02 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-09-02 19:06 - 2015-09-02 19:06 - 00000000 ____D C:\ProgramData\Steam
2015-09-02 19:06 - 2015-09-02 19:06 - 00000000 ____D C:\ProgramData\Socialclub
2015-09-02 17:34 - 2015-09-02 17:34 - 00000000 ____D C:\Users\jr_-_000\Downloads\NoDefender
2015-09-02 16:57 - 2015-09-02 16:57 - 00000000 ____D C:\Users\jr_-_000\Documents\Rockstar Games
2015-09-02 15:30 - 2015-09-03 07:45 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\DMCache
2015-09-02 15:30 - 2015-09-02 15:30 - 00000000 ____D C:\ProgramData\IDM
2015-09-02 11:33 - 2015-09-04 03:55 - 00000000 ____D C:\WINDOWS\msdownld.tmp
2015-09-02 05:34 - 2015-09-04 03:57 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2015-09-02 03:33 - 2015-09-02 03:33 - 00000792 _____ C:\Users\jr_-_000\Desktop\Start Emsisoft Emergency Kit.lnk
2015-09-02 03:32 - 2015-09-18 21:53 - 00000000 ____D C:\EEK
2015-09-02 00:49 - 2015-09-02 00:49 - 00003222 _____ C:\WINDOWS\System32\Tasks\{8B375538-B22C-479B-B63E-4CE2A53EF0F9}
2015-09-01 15:00 - 2015-09-05 12:56 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\TS3Client
2015-09-01 14:59 - 2015-09-01 14:59 - 00001026 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-09-01 14:59 - 2015-09-01 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-09-01 14:59 - 2015-09-01 14:59 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-09-01 11:34 - 2015-09-01 11:34 - 00016148 _____ C:\WINDOWS\system32\NOTE14R_Guest_HistoryPrediction.bin
2015-09-01 06:58 - 2015-09-01 06:58 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\NVIDIA
2015-09-01 06:41 - 2015-09-01 06:41 - 00001550 _____ C:\WINDOWS\SysWOW64\boost.log
2015-09-01 06:41 - 2015-09-01 06:41 - 00000227 _____ C:\WINDOWS\SysWOW64\debug.log
2015-09-01 06:41 - 2015-09-01 06:41 - 00000000 ____D C:\WINDOWS\SysWOW64\Cef
2015-09-01 06:38 - 2015-09-01 06:43 - 00000000 ____D C:\Users\Convidado\AppData\Local\CrashDumps
2015-09-01 06:38 - 2015-09-01 06:38 - 00000020 ___SH C:\Users\Convidado\ntuser.ini
2015-09-01 06:38 - 2015-09-01 06:38 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\ProcessLasso
2015-09-01 06:38 - 2015-09-01 06:38 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\IObit
2015-09-01 06:38 - 2015-09-01 06:38 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\Adobe
2015-09-01 06:38 - 2015-09-01 06:38 - 00000000 ____D C:\Users\Convidado\AppData\Local\VirtualStore
2015-09-01 06:38 - 2015-09-01 06:38 - 00000000 ____D C:\Users\Convidado\AppData\Local\Packages
2015-09-01 06:38 - 2015-09-01 06:38 - 00000000 ____D C:\Users\Convidado\AppData\Local\NVIDIA
2015-09-01 06:38 - 2015-09-01 06:38 - 00000000 ____D C:\Users\Convidado\AppData\Local\Google
2015-09-01 06:28 - 2015-09-01 06:28 - 00000827 _____ C:\Users\jr_-_000\Desktop\PeaZip.lnk
2015-09-01 06:28 - 2015-09-01 06:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
2015-09-01 06:28 - 2015-09-01 06:28 - 00000000 ____D C:\Program Files\PeaZip
2015-09-01 05:25 - 2015-09-01 05:25 - 00001790 _____ C:\Users\jr_-_000\Desktop\WifiInfoView.lnk
2015-09-01 05:24 - 2015-09-03 11:04 - 00000000 ____D C:\Users\jr_-_000\Downloads\wifiinfoview
2015-09-01 02:34 - 2015-09-22 21:56 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-01 02:23 - 2015-08-25 15:38 - 01898104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435582.dll
2015-09-01 02:23 - 2015-08-25 15:38 - 01558648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435582.dll
2015-09-01 02:21 - 2015-09-13 19:04 - 06885168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-09-01 02:21 - 2015-09-13 19:04 - 03496056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-09-01 02:21 - 2015-09-13 19:04 - 02558584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-09-01 02:21 - 2015-09-13 19:04 - 00937776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-09-01 02:21 - 2015-09-13 19:04 - 00385144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-09-01 02:21 - 2015-09-13 19:04 - 00062768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-09-01 02:21 - 2015-09-11 09:17 - 05231082 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-09-01 02:20 - 2015-09-26 12:49 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\CrashDumps
2015-09-01 01:47 - 2015-09-23 06:34 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\Software Informer
2015-09-01 01:47 - 2015-09-04 14:25 - 00000000 ____D C:\Program Files\Software Informer
2015-09-01 01:47 - 2015-09-04 13:41 - 00003426 _____ C:\WINDOWS\System32\Tasks\SoftwareInformerService
2015-09-01 01:47 - 2015-09-04 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer
2015-09-01 01:47 - 2015-09-01 01:47 - 00000000 ____D C:\ProgramData\Informer Technologies, Inc
2015-09-01 01:23 - 2015-09-23 19:29 - 00000000 ____D C:\Users\jr_-_000\Downloads\OOSU10
2015-08-29 11:25 - 2015-08-29 11:25 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\Wokhan Solutions
2015-08-29 04:31 - 2015-08-29 04:34 - 00001177 _____ C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
2015-08-29 04:26 - 2015-09-24 00:37 - 00045270 _____ C:\Users\jr_-_000\AppData\Roaming\room_v3.dat
2015-08-29 04:26 - 2015-09-06 19:13 - 00000000 ____D C:\Program Files (x86)\Warcraft III
2015-08-29 04:26 - 2015-08-29 04:34 - 00001132 _____ C:\Users\Public\Desktop\Warcraft III.lnk
2015-08-29 04:26 - 2015-08-29 04:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2015-08-29 04:23 - 2015-08-29 04:23 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\xim
2015-08-29 04:20 - 2015-09-24 00:36 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\GarenaPlus
2015-08-29 04:19 - 2015-08-29 17:44 - 00001138 _____ C:\Users\Public\Desktop\Garena+.lnk
2015-08-29 04:19 - 2015-08-29 04:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2015-08-29 04:18 - 2015-09-24 12:17 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2015-08-29 04:17 - 2015-09-24 00:36 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-08-29 04:09 - 2015-08-29 04:09 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\Razer_Inc
2015-08-29 04:08 - 2015-08-29 04:08 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\Razer
2015-08-29 04:07 - 2015-08-29 04:07 - 00000000 ____D C:\ProgramData\Razer
2015-08-29 04:07 - 2015-08-29 04:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-08-29 04:07 - 2015-08-29 04:07 - 00000000 ____D C:\Program Files (x86)\Razer
2015-08-29 04:07 - 2015-06-12 12:51 - 00037184 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2015-08-29 03:35 - 2015-08-29 03:35 - 00001866 _____ C:\Users\jr_-_000\Desktop\Shiginima Launcher SE v2.000.exe - Shortcut.lnk
2015-08-29 03:30 - 2015-08-29 03:41 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\.minecraft
2015-08-29 01:39 - 2015-08-29 01:39 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\O&O
2015-08-29 01:38 - 2015-08-29 02:34 - 00000000 ____D C:\WINDOWS\system32\oodag
2015-08-29 01:37 - 2015-09-05 01:40 - 00000000 ____D C:\ProgramData\OO Software
2015-08-29 01:03 - 2015-08-29 01:03 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-08-29 00:50 - 2015-08-29 00:50 - 00000862 _____ C:\Program Files\Common Files\TrackerSoftwareInstallerPDFT4.log
2015-08-29 00:50 - 2015-08-29 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-Tools 4
2015-08-29 00:34 - 2015-09-12 02:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-28 05:35 - 2015-07-10 08:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-28 04:36 - 2015-08-14 11:48 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{55B258E6-9CE1-461D-B10A-0D4B2579090C}
2015-09-27 01:15 - 2015-08-14 15:18 - 00000000 ____D C:\ProgramData\ProductData
2015-09-26 16:15 - 2014-05-19 12:48 - 00000000 ___DO C:\Users\jr_-_000\OneDrive
2015-09-26 15:40 - 2015-07-10 08:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-26 13:20 - 2014-12-26 22:17 - 00000000 ____D C:\SFCFix
2015-09-26 13:09 - 2015-08-14 08:41 - 00810570 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-26 12:56 - 2015-05-27 00:06 - 00000000 ___RD C:\Users\jr_-_000\Google Drive
2015-09-26 12:48 - 2015-08-14 08:34 - 00000000 ____D C:\Users\jr_-_000
2015-09-26 12:46 - 2015-08-14 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-09-26 12:46 - 2015-07-10 09:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-25 14:47 - 2015-07-10 08:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-25 13:14 - 2015-08-16 20:18 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\tixati
2015-09-25 03:21 - 2015-07-10 06:05 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-09-25 02:51 - 2015-08-14 11:42 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-25 02:49 - 2015-08-15 17:10 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-25 02:28 - 2014-09-15 11:39 - 00001164 _____ C:\Users\jr_-_000\Desktop\Steps Recorder.lnk
2015-09-24 22:56 - 2015-08-15 04:02 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\Skype
2015-09-24 19:38 - 2014-06-12 09:54 - 00000000 ____D C:\Users\jr_-_000\Documents\Old
2015-09-24 14:38 - 2015-08-15 21:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-24 13:44 - 2015-08-18 20:29 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-24 13:43 - 2015-08-11 10:43 - 00271567 ____N C:\WINDOWS\Minidump\092415-41015-01.dmp
2015-09-23 23:19 - 2015-08-14 11:32 - 00002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-23 22:25 - 2014-06-12 09:54 - 00000000 ____D C:\Users\jr_-_000\Documents\eBooks
2015-09-23 19:54 - 2015-08-15 04:01 - 00000000 ____D C:\ProgramData\Skype
2015-09-23 19:41 - 2015-08-14 13:18 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\Packages
2015-09-23 06:34 - 2015-07-10 07:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-23 05:53 - 2015-08-14 15:17 - 00000000 ____D C:\Program Files (x86)\IObit
2015-09-23 05:08 - 2015-08-15 20:10 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-23 04:55 - 2015-08-14 15:18 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\IObit
2015-09-23 04:55 - 2015-08-14 15:18 - 00000000 ____D C:\ProgramData\IObit
2015-09-23 04:53 - 2015-05-03 01:54 - 00000000 __SHD C:\AI_RecycleBin
2015-09-23 03:18 - 2015-07-10 08:04 - 00000000 __RSD C:\WINDOWS\Media
2015-09-22 21:56 - 2013-06-18 18:59 - 00000000 ____D C:\Temp
2015-09-22 21:43 - 2015-08-14 11:32 - 00001456 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-09-22 21:42 - 2015-08-14 11:29 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-09-22 21:41 - 2015-08-14 11:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-09-20 03:34 - 2015-08-16 17:59 - 00000000 ____D C:\Program Files (x86)\PlotSoft
2015-09-20 01:13 - 2015-08-15 03:02 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\Spotify
2015-09-20 01:13 - 2015-08-15 02:43 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\Spotify
2015-09-19 21:34 - 2015-08-14 08:33 - 00000000 ____D C:\WINDOWS\CSC
2015-09-17 23:00 - 2015-08-15 02:44 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\ProcessLasso
2015-09-17 23:00 - 2015-08-15 02:44 - 00000000 ____D C:\Program Files\Process Lasso
2015-09-17 20:26 - 2015-08-15 03:00 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\PeaZip
2015-09-16 08:10 - 2015-08-14 11:22 - 00003980 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 08:10 - 2015-08-14 11:22 - 00003748 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-14 22:56 - 2015-07-10 08:04 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-09-14 16:13 - 2015-08-14 13:09 - 00000000 ____D C:\Users\ElsonJunior
2015-09-14 06:11 - 2015-08-14 11:30 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-09-14 06:11 - 2015-08-14 11:30 - 01480800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-09-14 06:11 - 2015-08-14 11:30 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-09-13 12:53 - 2015-08-14 11:22 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\Google
2015-09-12 02:46 - 2015-07-10 08:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-09-11 18:25 - 2015-08-24 13:37 - 00000040 _____ C:\Users\jr_-_000\Documents\protocolo pullman.txt
2015-09-09 04:30 - 2015-07-10 10:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 04:30 - 2015-07-10 08:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-09 01:19 - 2015-08-14 14:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-06 04:43 - 2015-07-10 08:04 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-09-05 12:57 - 2015-08-14 09:21 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-05 12:57 - 2015-07-10 06:05 - 00000000 ___RD C:\Users\Default
2015-09-05 12:51 - 2015-08-14 09:20 - 00000000 ____D C:\Windows.old
2015-09-05 12:26 - 2015-08-14 11:25 - 00000000 ____D C:\Program Files\CCleaner
2015-09-05 12:17 - 2015-08-15 16:54 - 00000000 ____D C:\Users\jr_-_000\Downloads\Compressed
2015-09-05 05:09 - 2015-08-15 02:44 - 00000000 ____D C:\ProgramData\ProcessLasso
2015-09-05 03:44 - 2015-07-10 08:04 - 00000000 ___RD C:\Users\Public\Libraries
2015-09-04 13:50 - 2015-08-14 11:22 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-04 13:29 - 2015-08-18 11:32 - 00000000 ____D C:\ProgramData\Oracle
2015-09-04 13:28 - 2015-08-21 10:31 - 00000000 ____D C:\Users\jr_-_000\.oracle_jre_usage
2015-09-04 05:13 - 2015-07-10 08:04 - 00000000 ____D C:\WINDOWS\System
2015-09-03 05:53 - 2015-07-10 08:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-09-02 15:02 - 2015-08-15 03:13 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\DownloadNinja
2015-09-02 04:02 - 2015-08-25 12:05 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\vlc
2015-09-02 00:52 - 2015-08-15 20:28 - 00000000 ____D C:\ProgramData\Origin
2015-09-02 00:51 - 2015-08-15 03:02 - 00001867 _____ C:\Users\jr_-_000\Desktop\Spotify.lnk
2015-09-02 00:51 - 2015-08-15 03:02 - 00001853 _____ C:\Users\jr_-_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-09-02 00:50 - 2015-08-15 20:33 - 00000000 ____D C:\Users\jr_-_000\AppData\Roaming\Origin
2015-09-02 00:49 - 2015-08-15 20:27 - 00000000 ____D C:\Program Files (x86)\Origin
2015-09-01 12:17 - 2015-08-14 08:33 - 00000000 ____D C:\Users\Convidado
2015-09-01 06:38 - 2015-08-14 08:34 - 00000000 ___RD C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-01 06:38 - 2015-06-03 09:04 - 00000000 ____D C:\Intel
2015-09-01 05:48 - 2015-03-02 10:06 - 00001417 _____ C:\Users\jr_-_000\Desktop\Esvaziar lixeira.lnk
2015-09-01 02:21 - 2015-08-14 11:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-09-01 02:21 - 2015-07-10 08:04 - 00000000 ____D C:\WINDOWS\Help
2015-08-31 14:11 - 2015-08-14 13:19 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\VirtualStore
2015-08-29 03:54 - 2014-12-20 20:09 - 00000000 ___RD C:\Sandbox
2015-08-29 03:34 - 2015-04-04 23:31 - 00000000 ____D C:\Users\jr_-_000\Downloads\Minecraft Pirata
2015-08-29 00:50 - 2015-08-16 20:53 - 00001072 _____ C:\Users\Public\Desktop\PDF-Tools 4.lnk
2015-08-29 00:48 - 2015-08-17 00:05 - 00002329 _____ C:\Users\jr_-_000\Desktop\Kindle.lnk
2015-08-29 00:48 - 2015-08-17 00:04 - 00000000 ____D C:\Users\jr_-_000\AppData\Local\Amazon
2015-08-29 00:33 - 2015-08-16 20:52 - 00000000 ____D C:\Program Files\Tracker Software
 
==================== Files in the root of some directories =======
 
2015-08-29 00:50 - 2015-08-29 00:50 - 0000862 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFT4.log
2015-08-15 03:16 - 2015-08-15 03:16 - 16790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-08-29 04:26 - 2015-09-24 00:37 - 0045270 _____ () C:\Users\jr_-_000\AppData\Roaming\room_v3.dat
2015-09-05 05:35 - 2015-09-05 05:35 - 0000020 ___SH () C:\Users\jr_-_000\AppData\Roaming\Sys11965 DataCollection.dat
2015-09-05 05:35 - 2015-09-05 05:35 - 0000020 ___SH () C:\Users\jr_-_000\AppData\Roaming\System413_DataDB.ind
2015-08-14 14:10 - 2015-08-14 14:10 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2015-09-07 23:32 - 2015-09-23 04:51 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Some files in TEMP:
====================
C:\Users\jr_-_000\AppData\Local\Temp\avgnt.exe
C:\Users\jr_-_000\AppData\Local\Temp\sfamcc00001.dll
C:\Users\jr_-_000\AppData\Local\Temp\sfareca00001.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-24 12:52
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 28 September 2015 - 09:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR DefaultSearchKeyword: Default -> f
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\Users\jr_-_000\AppData\Local\Temp\avgnt.exe
C:\Users\jr_-_000\AppData\Local\Temp\sfamcc00001.dll
C:\Users\jr_-_000\AppData\Local\Temp\sfareca00001.dll

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

<<<>>>

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

How is the computer running now?

#3 juniorelson4

juniorelson4
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 28 September 2015 - 10:59 AM

Chrome dev was installed by myself so I didn't uninstall it. Something blocked my first fixing tentative with AdwCleaner, so I had to close its process, and redo the operation. I think it was SpyShelter Firewall or maybe Avira Antivir - I disabled them and the fixing worked.

 

 

Here goes the logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by ElsonJunior (2015-09-28 12:06:32) Run:1
Running from C:\Users\jr_-_000\Desktop
Loaded Profiles: ElsonJunior (Available Profiles: ElsonJunior & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR DefaultSearchKeyword: Default -> f
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\Users\jr_-_000\AppData\Local\Temp\avgnt.exe
C:\Users\jr_-_000\AppData\Local\Temp\sfamcc00001.dll
C:\Users\jr_-_000\AppData\Local\Temp\sfareca00001.dll
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2383060744-1632920453-3574771285-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Chrome DefaultSearchKeyword removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
wfpcapture => service removed successfully
C:\Users\jr_-_000\AppData\Local\Temp\avgnt.exe => moved successfully
C:\Users\jr_-_000\AppData\Local\Temp\sfamcc00001.dll => moved successfully
C:\Users\jr_-_000\AppData\Local\Temp\sfareca00001.dll => moved successfully
EmptyTemp: => 973.9 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 12:09:05 ====
 
 
 
# AdwCleaner v5.009 - Logfile created 28/09/2015 at 12:37:26
# Updated 27/09/2015 by Xplode
# Database : 2015-09-27.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : ElsonJunior - NOTE14R
# Running from : C:\Users\jr_-_000\Desktop\adwcleaner_5.009.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ehhkfhegcenpfoanmgfpfhnmdmflkbgk_0
[-] File Deleted : C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ehhkfhegcenpfoanmgfpfhnmdmflkbgk_0
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : SoftwareInformerService
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
 
***** [ Web browsers ] *****
 
[-] [C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ehhkfhegcenpfoanmgfpfhnmdmflkbgk
[-] [C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\jr_-_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ehhkfhegcenpfoanmgfpfhnmdmflkbgk
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2449 bytes] ##########

Edited by juniorelson4, 28 September 2015 - 11:00 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 28 September 2015 - 01:26 PM

Any pending issues?

#5 juniorelson4

juniorelson4
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 28 September 2015 - 04:03 PM

Nope. Can I consider my system 100% clean now? :)



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 29 September 2015 - 07:23 AM

No one can say that the computer is 100% clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users