Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lots of Locked Registry Entries


  • This topic is locked This topic is locked
11 replies to this topic

#1 SuddleD

SuddleD

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 06 January 2016 - 01:14 AM

My Kaspersky internet security lapsed for a bit, so I decided to run some cleaning tools to make sure I didn't get infected in that time frame. I know that running some of these tools without guidance is not recommended, but I have been successful with tools like combofix in the past so I ran a few to see if they found anything. After looking at my combofix log I noticed a lot of Locked registry entries with reference to websites that look less than promising. But, I don't want to start trying to delete registry entries without a full understanding of them. I used to have Spybot S&D so I wasn't sure if a program like that put websites in quarantine or something or if they were placed there maliciously. I did find a file immudebug.log on my C drive with seems to be related to spybot S&D and I think a lot of these entries match. If someone has a chance to look over the log files I have from the program I ran, I will post them below. Thanks so much for your time.

 

Scanning Programs Run:

Junkware Removal Tool

RogueKiller

Combofix

HiJackThis (just scanned)

 

Here are my log files from those programs:

Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Ultimate x64
Ran by Suddle D (Administrator) on Tue 01/05/2016 at 21:06:08.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 5

Successfully deleted: C:\Users\Suddle D\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Suddle D\AppData\Local\ninja loader (Folder)
Successfully deleted: C:\Users\Suddle D\AppData\Roaming\3909 (Folder)
Successfully deleted: C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\gm_scripts\Twitch_Chat_Emotes\script.user.js (File)
Successfully deleted: C:\Windows\wininit.ini (File)


Registry: 0


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/05/2016 at 21:08:00.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

RogueKiller

RogueKiller V11.0.6.0 [Jan  4 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Suddle D [Administrator]
Started from : C:\Users\Suddle D\Downloads\RogueKiller.exe
Mode : Delete -- Date : 01/05/2016 21:45:06

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AF697183-432E-4FA3-81C0-A95B77C95A0A} | DhcpNameServer : 10.0.22.1 10.0.22.2 ([X][X])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AF697183-432E-4FA3-81C0-A95B77C95A0A} | DhcpNameServer : 10.0.22.1 10.0.22.2 ([X][X])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AF697183-432E-4FA3-81C0-A95B77C95A0A} | DhcpNameServer : 10.0.22.1 10.0.22.2 ([X][X])  -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF} -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\mia.lib -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\Catel.Core.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\Catel.Extensions.Controls.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\Catel.MVVM.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\GoldenFrogUT.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\GoldenFrogUX.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\GoldenFrogVPN.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\Hardcodet.Wpf.TaskbarNotification.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\IPC.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\Log.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\log4net.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\ManagedWifi.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\Microsoft.CompilerServices.AsyncTargetingPack.Net4.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\Microsoft.Expression.Interactions.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\Newtonsoft.Json.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\System.Runtime.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\System.Threading.Tasks.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064\System.Windows.Interactivity.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659\B634B064 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF659 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF660\B634B064\VyprVPN.exe -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF660\B634B064 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF660 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF661\95CE0FA1\VyprVPN.exe.config -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF661\95CE0FA1 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF661 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF664\BF8A47BC\ManagedWifi.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF664\BF8A47BC -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF664 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF665\BF8A47BC\VyprVPNService.exe -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF665\BF8A47BC -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF665 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF666\3B81DD8\VyprVPNService.exe.config -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF666\3B81DD8 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF666 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF669\4B1EBB08\proxy.exe -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF669\4B1EBB08 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF669 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF671\B634B064\InstallCertificates.exe -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF671\B634B064 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF671 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF672\18AB9886\goldenfrog-client.p12 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF672\18AB9886 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF672 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF673\18AB9886\GoldenFrog-Inc.cer -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF673\18AB9886 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF673 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF674\4B7DDC55\openvpn.properties -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF674\4B7DDC55 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF674 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF675\4B7DDC55\config.properties -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF675\4B7DDC55 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF675 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF676\4B7DDC55\ca.vyprvpn.com.crt -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF676\4B7DDC55 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF676 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF677\3A9E44C6\libeay32.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF677\3A9E44C6\liblzo2-2.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF677\3A9E44C6\libpkcs11-helper-1.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF677\3A9E44C6\openvpn.exe -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF677\3A9E44C6\ssleay32.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF677\3A9E44C6 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF677 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF679\F9FB38D5\license.rtf -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF679\F9FB38D5 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF679 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF680\838807DF\ThirdPartySoftwareReadme.pdf -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF680\838807DF -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF680 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF682\C75A8B1\Windows Ding.wav -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF682\C75A8B1 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF682 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF683\2FC67772\VyprVPN.resources.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF683\2FC67772 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF683 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF684\42823CB0\VyprVPN.resources.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF684\42823CB0 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF684 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF685\CEB35A2C\VyprVPN.resources.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF685\CEB35A2C -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF685 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF686\AC80CE94\VyprVPN.resources.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF686\AC80CE94 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF686 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF687\C23A8837\VyprVPN.resources.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF687\C23A8837 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF687 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF688\21C72C9D\VyprVPN.resources.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF688\21C72C9D -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF688 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF689\55113022\VyprVPN.resources.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF689\55113022 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF689 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF690\BF2735C7\VyprVPN.resources.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF690\BF2735C7 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF690 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF691\CD623612\VyprVPN.resources.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF691\CD623612 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF691 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF692\F6A0FCE6\OpenSans-Bold.ttf -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF692\F6A0FCE6\OpenSans-BoldItalic.ttf -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF692\F6A0FCE6\OpenSans-ExtraBold.ttf -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF692\F6A0FCE6\OpenSans-ExtraBoldItalic.ttf -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF692\F6A0FCE6\OpenSans-Italic.ttf -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF692\F6A0FCE6\OpenSans-Light.ttf -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF692\F6A0FCE6\OpenSans-LightItalic.ttf -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF692\F6A0FCE6\OpenSans-Regular.ttf -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF692\F6A0FCE6\OpenSans-Semibold.ttf -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF692\F6A0FCE6\OpenSans-SemiboldItalic.ttf -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF692\F6A0FCE6 -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IF692 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\Install Fonts IDE-PlugIn.dll\Install Fonts EXE-PlugIn.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\Install Fonts IDE-PlugIn.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IS667\BF8A47BC\VyprVPNService.exe -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IS667\BF8A47BC -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\IS667 -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\mDown.dll\mDownExec.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\mDown.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\mMSI.dll\mMSIExec.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\mMSI.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\mWinRun.dll\mWinRunExec.dll -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\mWinRun.dll -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE\{514D4DF5-EE70-4017-A812-866E036027EF} -> Deleted
[PUP][Folder] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\OFFLINE -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\VyprVPN-v2.0.dat -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\VyprVPN-v2.0.exe -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\VyprVPN-v2.0.lan -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\VyprVPN-v2.0.lnk -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\VyprVPN-v2.0.msi -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\VyprVPN-v2.0.par -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\VyprVPN-v2.0.res -> Deleted
[PUP][File] C:\ProgramData\{514D4DF5-EE70-4017-A812-866E036027EF}\{DD0BD1BF-A3F7-49A1-841C-EB21206441E6} -> Deleted
[PUP][Folder] C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} -> Deleted
[PUP][File] C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi -> Deleted

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: M4-CT256M4SSD2 +++++
--- User ---
[MBR] 1b6c9cc7efd7c3adf91199c1907b4ec9
[BSP] 5eb7dfff485ce12394873a4e950ae8e6 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 244197 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD2003FZEX-00Z4SA0 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 1907600 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST320006 41AS SCSI Disk Device +++++
--- User ---
[MBR] da140b6f9b2541586fee484b7c9aecdb
[BSP] add0087fbd6b95401349eb08377ead2c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
1 - [ACTIVE] EXTEN (0x5) [VISIBLE] Offset (sectors): 16065 | Size: 1907718 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive3: WDC WD60 00HLHX-01JJPV0 SCSI Disk Device +++++
--- User ---
[MBR] 5087fcbe86887ff7adedf158bbcc04d9
[BSP] 4d89ece0a59dda66336e57d8ae368a52 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 572323 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

_______________________________________________________

 

Combofix

(Attached due to length)

 

HiJackThis

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:35:45 PM, on 1/5/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)

FIREFOX: 43.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Suddle D\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Users\Suddle D\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\888\g2ax_start.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\888\g2ax_comm_expert.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\888\g2ax_user_expert.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Users\Suddle D\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: ArcPluginIEBHO - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - F:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Suddle D\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKCU\..\Run: [f.lux] "C:\Users\Suddle D\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [GoToAssist Remote Support Expert] "C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\888\g2ax_start.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [AnonVPN] C:\Program Files (x86)\AnonVPN\bin\AnonVPN.exe
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell Display Manager.lnk = C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
O4 - Global Startup: SolidWorks 2014 Fast Start.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Sothink Flash Downloader For IE - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AnonVPN VPN - Unknown owner - C:\Program Files (x86)\AnonVPN\bin\AnonVPNService.exe
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Arc Service (ArcService) - Perfect World Entertainment Inc - F:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Kaspersky Anti-Virus Service 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: BlackBerry Device Manager (Blackberry Device Manager) - Unknown owner - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\programdata\bitraider\BRSptSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - E:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: DisplayFusionService - Binary Fortress Software - C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
O23 - Service: GalaxyClientService - GOG.com - F:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Logitech Gaming Registry Service (LogiRegistryService) - Logitech Inc. - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Netlogon - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: ORICOHWRaidManager - Unknown owner - C:\Program Files (x86)\ORICOHWRaidManager\XSrvSetup.exe
O23 - Service: Origin Client Service - Electronic Arts - F:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TechSmith Uploader Service - TechSmith Corporation - C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 21371 bytes
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:04 AM

Posted 06 January 2016 - 10:03 AM

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains]

Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.
Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.

Restart the computer normally.

Let me know if the problem persists.

Edited by nasdaq, 06 January 2016 - 10:03 AM.


#3 SuddleD

SuddleD
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 09 January 2016 - 12:51 AM

I did the registry Merge, and restarted. I do not noticed anything out of the ordinary going on. If you think that was all I needed to do, then I am probably good to go unless there is something else in the logs to investigate. Thanks for the help.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:04 AM

Posted 09 January 2016 - 08:35 AM

It sure looks that the remnant entries left in the Registry was the cause.

If you wish to check further then run this tool and post the logs.
Nothing will be removed.
If needed I will provide you with a fix.

#5 SuddleD

SuddleD
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 10 January 2016 - 06:36 PM

I think the link for the Tool is missing?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:04 AM

Posted 11 January 2016 - 09:06 AM

My bad. Sorry.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Wait for further instructions.

#7 SuddleD

SuddleD
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 14 January 2016 - 12:38 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Suddle D (administrator) on SUDDLED-PC (13-01-2016 21:34:22)
Running from C:\Users\Suddle D\Desktop\frst
Loaded Profiles: Suddle D (Available Profiles: Suddle D)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
() C:\Program Files (x86)\AnonVPN\bin\AnonVPNService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\ORICOHWRaidManager\XSrvSetup.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\Suddle D\AppData\Local\Akamai\netsession_win.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Akamai Technologies, Inc.) C:\Users\Suddle D\AppData\Local\Akamai\netsession_win.exe
(Flux Software LLC) C:\Users\Suddle D\AppData\Local\FluxSoftware\Flux\flux.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
(Dassault Systèmes SolidWorks Corp.) E:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Users\Suddle D\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-06] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15009400 2015-10-14] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.)
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Suddle D\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\...\Run: [f.lux] => C:\Users\Suddle D\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\...\Run: [GoToAssist Remote Support Expert] => C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\888\g2ax_start.exe [610528 2015-12-22] (Citrix Systems, Inc.)
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\...\Run: [AnonVPN] => C:\Program Files (x86)\AnonVPN\bin\AnonVPN.exe [1346408 2016-01-04] ()
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-07-21] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-01-13]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2015-11-17]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk [2014-04-10]
ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{802CFD1A-52DE-4821-8321-4A233C59CFF2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{951E8524-D3C4-43DF-81A2-3D8E78FF74DE}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {8E0F450D-E1E0-4EBB-AC38-A5AD9874C3E0} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> F:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2014-01-24] (Perfect World Entertainment Inc)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1985620250-657412871-4281227411-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-05] ()
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> F:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-01-24] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1985620250-657412871-4281227411-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Suddle D\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-1985620250-657412871-4281227411-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Suddle D\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1985620250-657412871-4281227411-1000: autodesk.com/Autodesk123D -> C:\Users\Suddle D\AppData\Roaming\Autodesk\Autodesk123D32\1.0.8\npAutodesk123D32.dll [2013-12-29] (Autodesk)
FF Plugin HKU\S-1-5-21-1985620250-657412871-4281227411-1000: autodesk.com/Autodesk123DShapes -> C:\Users\Suddle D\AppData\Local\Autodesk\123DPlugins\Autodesk 123D Shapes321.0.129\npAutodesk123DShapes32.dll [2015-04-08] (Autodesk)
FF Plugin HKU\S-1-5-21-1985620250-657412871-4281227411-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-12-29] ()
FF user.js: detected! => C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1985620250-657412871-4281227411-1000\FireFox\user.js [2014-12-03]
FF Extension: Greasemonkey - C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-21]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\extensions\artur.dubovoy@gmail.com [2015-12-05]
FF Extension: Image Zoom - C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2015-12-07]
FF Extension: Gmail Manager-community - C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\extensions\gmail-manager-community@gmail-manager-community.github.com.xpi [2016-01-12]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-12-02]
FF Extension: BetterTTV - C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\Extensions\firefox@betterttv.net.xpi [2015-11-18]
FF Extension: Strict Pop-up Blocker - C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2015-12-30]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-01-07]
FF Extension: Video DownloadHelper - C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-21]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => No File
CHR Plugin: (Unity Player) - C:\Users\Suddle D\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Profile: C:\Users\Suddle D\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Suddle D\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-10]
CHR Extension: (Google Drive) - C:\Users\Suddle D\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-01]
CHR Extension: (YouTube) - C:\Users\Suddle D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-08]
CHR Extension: (Google Search) - C:\Users\Suddle D\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-01]
CHR Extension: (PreOrderHeat Bot Size 9.5) - C:\Users\Suddle D\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkakkklnhimegncedpempiafliifpfdc [2013-09-18]
CHR Extension: (Kaspersky Protection) - C:\Users\Suddle D\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-11-08]
CHR Extension: (Google Docs Offline) - C:\Users\Suddle D\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Suddle D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-09]
CHR Extension: (Gmail) - C:\Users\Suddle D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-10]
CHR Extension: (Twitter) - C:\Users\Suddle D\Desktop\Size9.5\Updated for New Nike Layout 7312013 Nike Twitter Link Grabber & Add ToCart\Twitter CW0017 [2013-10-05]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [cmlhbjpgeogifjnmlajdaealbdlfonah] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 AnonVPN VPN; C:\Program Files (x86)\AnonVPN\bin\AnonVPNService.exe [132968 2016-01-04] ()
S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-07-04] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 ArcService; F:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-01-24] (Perfect World Entertainment Inc)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2012-05-18] (ASUSTeK Computer Inc.) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-09-07] (Kaspersky Lab ZAO)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-28] (www.BitComet.com)
S3 BRSptSvc; C:\programdata\bitraider\BRSptSvc.exe [915736 2013-06-08] (BitRaider, LLC)
S3 CoordinatorServiceHost; E:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [76328 2013-11-15] (Dassault Systèmes SolidWorks Corp.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4608040 2015-11-16] (Binary Fortress Software)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-06-12] (EasyAntiCheat Ltd)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-08-17] (Futuremark)
S3 GalaxyClientService; F:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-10-12] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-10-12] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-08] (NVIDIA Corporation)
R2 HiPatchService; F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-11-03] (Hi-Rez Studios) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-10-14] (Logitech Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3685968 2015-07-22] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-08] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 ORICOHWRaidManager; C:\Program Files (x86)\ORICOHWRaidManager\XSrvSetup.exe [69632 2011-06-12] () [File not signed]
S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-24] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-03-17] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-04-10] (SolidWorks) [File not signed]
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-08] (AO Kaspersky Lab)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5834752 2013-01-13] (Broadcom Corporation) [File not signed]
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 Blackberry Device Manager; "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 ASUSstpt; C:\Windows\System32\DRIVERS\ASUSstpt.sys [24648 2011-09-15] (MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\DRIVERS\ASUSumsc.sys [141896 2011-09-15] (MCCI Corporation)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-03] (Broadcom Corporation.)
S3 BRDriver64; C:\programdata\bitraider\BRDriver64.sys [74024 2013-03-20] (BitRaider)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-20] (Broadcom Corporation.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [968792 2013-11-04] (Hauppauge Computer Work, Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2014-09-30] (REALiX™)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-10-21] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-10-21] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940928 2015-12-02] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-09-25] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [16896 2013-03-31] (hxxp://libusb-win32.sourceforge.net)
S4 LMIRfsClientNP; no ImagePath
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
S3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2015-07-28] (Windows ® Win 7 DDK provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2016-01-05] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\SUDDLE~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 dump_wmimmc; \??\F:\Program Files (x86)\NCSOFT\BnS CBT\bin\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 LMIInfo; \??\F:\Program Files\logmein\x64\RaInfo.sys [X]
S3 slb; \??\E:\Program Files\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-13 21:34 - 2016-01-13 21:34 - 00000000 ____D C:\Users\Suddle D\Desktop\frst
2016-01-13 21:34 - 2016-01-13 21:34 - 00000000 ____D C:\FRST
2016-01-12 22:13 - 2016-01-12 22:13 - 01611384 _____ (NCSOFT Corporation) C:\Users\Suddle D\Downloads\NC-LauncherSetup.exe
2016-01-12 22:10 - 2016-01-12 22:11 - 224976152 _____ (NC Interactive, LLC ) C:\Users\Suddle D\Downloads\BnS_Lite_Installer(1).exe
2016-01-12 19:32 - 2015-12-23 15:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-12 19:32 - 2015-12-23 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-12 19:32 - 2015-12-12 10:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-12 19:32 - 2015-12-12 10:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-12 19:32 - 2015-12-12 10:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-12 19:32 - 2015-12-12 10:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-12 19:32 - 2015-12-12 10:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-12 19:32 - 2015-12-12 10:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-12 19:32 - 2015-12-12 10:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-12 19:32 - 2015-12-12 10:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-12 19:32 - 2015-12-12 10:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-12 19:32 - 2015-12-12 10:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-12 19:32 - 2015-12-12 09:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-12 19:32 - 2015-12-12 09:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-12 19:32 - 2015-12-12 09:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-12 19:32 - 2015-12-12 09:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-12 19:32 - 2015-12-12 09:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-12 19:32 - 2015-12-12 09:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-12 19:32 - 2015-12-12 09:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-12 19:32 - 2015-12-12 09:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-12 19:32 - 2015-12-12 09:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-12 19:32 - 2015-12-12 09:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-12 19:32 - 2015-12-12 09:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-12 19:32 - 2015-12-12 09:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-12 19:32 - 2015-12-12 09:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-12 19:32 - 2015-12-12 09:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-12 19:32 - 2015-12-12 09:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-12 19:32 - 2015-12-12 09:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-12 19:32 - 2015-12-12 09:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-12 19:32 - 2015-12-12 09:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-12 19:32 - 2015-12-12 09:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-12 19:32 - 2015-12-12 09:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-12 19:32 - 2015-12-12 09:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-12 19:32 - 2015-12-12 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-12 19:32 - 2015-12-12 09:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-12 19:32 - 2015-12-12 09:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-12 19:32 - 2015-12-12 09:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-12 19:32 - 2015-12-12 09:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-12 19:32 - 2015-12-12 09:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-12 19:32 - 2015-12-12 09:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-12 19:32 - 2015-12-12 09:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-12 19:32 - 2015-12-12 09:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-12 19:32 - 2015-12-12 09:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-12 19:32 - 2015-12-12 09:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-12 19:32 - 2015-12-12 08:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-12 19:32 - 2015-12-12 08:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-12 19:32 - 2015-12-12 08:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-12 19:32 - 2015-12-12 08:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-12 19:32 - 2015-12-11 10:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-12 19:32 - 2015-12-08 13:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-12 19:32 - 2015-12-08 13:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-12 19:32 - 2015-12-08 13:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-12 19:32 - 2015-12-08 13:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 19:32 - 2015-12-08 13:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-12 19:32 - 2015-12-08 13:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-12 19:32 - 2015-12-08 13:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-12 19:32 - 2015-12-08 13:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 19:32 - 2015-12-08 13:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-12 19:32 - 2015-12-08 13:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-12 19:32 - 2015-12-08 13:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-12 19:32 - 2015-12-08 13:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-12 19:32 - 2015-12-08 13:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-12 19:32 - 2015-12-08 13:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-12 19:32 - 2015-12-08 13:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-12 19:32 - 2015-12-08 13:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-12 19:32 - 2015-12-08 13:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 19:32 - 2015-12-08 13:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-12 19:32 - 2015-12-08 13:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-12 19:32 - 2015-12-08 13:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-12 19:32 - 2015-12-08 13:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-12 19:32 - 2015-12-08 13:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-12 19:32 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-12 19:32 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-12 19:32 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 19:32 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-12 19:32 - 2015-12-08 13:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-12 19:32 - 2015-12-08 13:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-12 19:32 - 2015-12-08 13:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-12 19:32 - 2015-12-08 13:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-12 19:32 - 2015-12-08 13:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-12 19:32 - 2015-12-08 13:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-12 19:32 - 2015-12-08 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-12 19:32 - 2015-12-08 13:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-12 19:32 - 2015-12-08 13:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-12 19:32 - 2015-12-08 13:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-12 19:32 - 2015-12-08 11:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-12 19:32 - 2015-12-08 11:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-12 19:32 - 2015-12-08 11:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-12 19:32 - 2015-12-08 11:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-12 19:32 - 2015-12-08 11:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-12 19:32 - 2015-12-08 11:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-12 19:32 - 2015-12-08 10:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-12 19:32 - 2015-12-08 10:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-12 19:32 - 2015-12-08 10:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-12 19:32 - 2015-12-08 09:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-12 19:32 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-12 19:32 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-12 19:32 - 2015-11-13 15:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-12 19:32 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-12 19:32 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-12 19:32 - 2015-11-13 14:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-12 19:31 - 2015-12-30 11:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-12 19:31 - 2015-12-30 11:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-12 19:31 - 2015-12-30 11:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-12 19:31 - 2015-12-30 11:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-12 19:31 - 2015-12-30 11:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-12 19:31 - 2015-12-30 11:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-12 19:31 - 2015-12-30 11:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-12 19:31 - 2015-12-30 11:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-12 19:31 - 2015-12-30 11:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-12 19:31 - 2015-12-30 11:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-12 19:31 - 2015-12-30 11:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-12 19:31 - 2015-12-30 11:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-12 19:31 - 2015-12-30 11:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-12 19:31 - 2015-12-30 11:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-12 19:31 - 2015-12-30 11:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-12 19:31 - 2015-12-30 11:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-12 19:31 - 2015-12-30 11:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-12 19:31 - 2015-12-30 11:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-12 19:31 - 2015-12-30 10:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-12 19:31 - 2015-12-30 10:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-12 19:31 - 2015-12-30 10:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-12 19:31 - 2015-12-30 10:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-12 19:31 - 2015-12-30 10:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-12 19:31 - 2015-12-30 10:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-12 19:31 - 2015-12-30 10:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-12 19:31 - 2015-12-30 10:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-12 19:31 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-12 19:31 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-12 19:31 - 2015-12-30 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-12 19:31 - 2015-12-30 10:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-12 19:31 - 2015-12-30 10:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-12 19:31 - 2015-12-30 10:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-12 19:31 - 2015-12-30 10:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-12 19:31 - 2015-12-30 10:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-12 19:31 - 2015-12-30 10:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-12 19:31 - 2015-12-30 10:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-12 19:31 - 2015-12-30 10:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-12 19:31 - 2015-12-30 10:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-12 19:31 - 2015-12-30 10:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-12 19:31 - 2015-12-30 10:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-12 19:31 - 2015-12-30 10:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-12 19:31 - 2015-12-30 10:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-12 19:31 - 2015-12-30 10:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-12 19:31 - 2015-12-30 10:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-12 19:31 - 2015-12-30 10:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-12 19:31 - 2015-12-30 10:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-12 19:31 - 2015-12-30 10:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 09:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-12 19:31 - 2015-12-30 09:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-12 19:31 - 2015-12-30 09:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-12 19:31 - 2015-12-30 09:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-12 19:31 - 2015-12-30 09:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-12 19:31 - 2015-12-30 09:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-12 19:31 - 2015-12-30 09:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-12 19:31 - 2015-12-30 09:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-12 19:31 - 2015-12-30 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-12 19:31 - 2015-12-30 09:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-12 19:31 - 2015-12-30 09:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-12 19:31 - 2015-12-30 09:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-12 19:31 - 2015-12-30 09:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-12 19:31 - 2015-12-30 09:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-12 19:31 - 2015-12-30 09:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 09:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 09:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 19:31 - 2015-12-30 09:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-12 19:31 - 2015-12-12 10:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-12 19:31 - 2015-12-12 10:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-12 19:31 - 2015-12-12 10:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-12 19:31 - 2015-12-12 10:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-12 19:31 - 2015-12-12 10:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-12 19:31 - 2015-12-12 10:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-12 19:31 - 2015-12-12 10:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-12 19:31 - 2015-12-12 10:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-12 19:31 - 2015-12-12 09:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-12 19:31 - 2015-12-12 09:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-12 19:31 - 2015-12-12 09:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-12 19:31 - 2015-12-12 09:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-12 19:31 - 2015-12-12 09:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-12 19:31 - 2015-12-12 09:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-12 19:31 - 2015-12-12 09:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-12 19:31 - 2015-12-12 08:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-12 19:31 - 2015-12-08 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-12 19:31 - 2015-12-08 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-12 19:31 - 2015-12-08 11:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-12 19:31 - 2015-12-08 11:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-12 19:31 - 2015-11-16 17:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-12 19:31 - 2015-11-16 17:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-12 19:31 - 2015-11-16 17:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-12 19:31 - 2015-11-16 17:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-12 19:31 - 2015-11-16 17:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-12 19:31 - 2015-11-16 17:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-12 19:31 - 2015-11-16 12:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-11 23:28 - 2016-01-11 23:28 - 00075351 _____ C:\Users\Suddle D\Downloads\Steps on Firmware upgrade of eVic-VTC Mini(Windows).zip
2016-01-11 23:27 - 2016-01-11 23:27 - 03654912 _____ C:\Users\Suddle D\Downloads\UpdateFirmware_V3.00.zip
2016-01-11 23:19 - 2016-01-11 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-01-11 23:19 - 2016-01-11 23:19 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-01-10 15:51 - 2016-01-10 15:51 - 00002529 _____ C:\Users\Public\Desktop\TurboTax 2015.lnk
2016-01-10 15:51 - 2016-01-10 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-01-10 15:49 - 2016-01-10 15:49 - 118776896 _____ C:\Users\Suddle D\Downloads\TurboTax_Premier_2015_Federal__State_Taxes__Fed_Efile_Tax_Preparation_Software_-_PC_Download.exe
2016-01-08 23:42 - 2016-01-08 23:42 - 00000000 ____D C:\Users\Suddle D\AppData\Roaming\3909
2016-01-08 21:55 - 2016-01-08 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-01-08 21:44 - 2016-01-08 21:45 - 224976152 _____ (NC Interactive, LLC ) C:\Users\Suddle D\Downloads\BnS_Lite_Installer.exe
2016-01-07 00:27 - 2016-01-07 00:27 - 00257020 ____H C:\Windows\system32\mlfcache.dat
2016-01-06 19:16 - 2016-01-06 19:16 - 00000000 ____D C:\Users\Suddle D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonVPN
2016-01-06 19:15 - 2016-01-06 19:15 - 17451392 _____ C:\Users\Suddle D\Downloads\AnonVPN-1.0.4.3-install.exe
2016-01-05 22:24 - 2016-01-05 22:24 - 00002047 _____ C:\Users\Suddle D\Downloads\newshosting.application
2016-01-05 22:20 - 2016-01-05 22:20 - 00000000 ____D C:\Users\Suddle D\AppData\Local\CrashRpt
2016-01-05 21:48 - 2016-01-05 21:48 - 22908888 _____ (Malwarebytes ) C:\Users\Suddle D\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-05 21:37 - 2016-01-05 21:45 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-05 21:37 - 2016-01-05 21:37 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-05 21:34 - 2016-01-05 21:34 - 00016705 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-01-05 21:34 - 2016-01-05 21:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SUDDLED-PC-Windows-7-Ultimate-(64-bit).dat
2016-01-05 21:34 - 2016-01-05 21:34 - 00000000 ____D C:\Users\Suddle D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-01-05 21:34 - 2016-01-05 21:34 - 00000000 ____D C:\RegBackup
2016-01-05 21:31 - 2016-01-05 21:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Suddle D\Downloads\HijackThis.exe
2016-01-05 21:00 - 2016-01-05 21:01 - 00000000 ____D C:\AdwCleaner
2016-01-05 20:37 - 2016-01-05 20:37 - 01599336 _____ (Malwarebytes) C:\Users\Suddle D\Downloads\JRT.exe
2016-01-05 20:30 - 2016-01-05 20:30 - 05643309 ____R (Swearware) C:\Users\Suddle D\Downloads\ComboFix.exe
2016-01-05 20:11 - 2016-01-05 20:11 - 173820016 _____ (Kaspersky Lab) C:\Users\Suddle D\Downloads\kis16.0.0.614en_8233.exe
2016-01-04 22:54 - 2016-01-04 22:54 - 00000051 _____ C:\Users\Suddle D\deletedRoute.txt
2016-01-04 22:54 - 2016-01-04 22:54 - 00000000 ____D C:\Users\Suddle D\AppData\Local\AnonVPN
2016-01-04 22:54 - 2016-01-04 22:54 - 00000000 _____ C:\Windows\state.txt
2016-01-04 22:49 - 2016-01-06 19:16 - 00001079 _____ C:\Users\Suddle D\Desktop\AnonVPN.lnk
2016-01-04 22:49 - 2016-01-06 19:16 - 00000000 _____ C:\Users\Suddle D\AnonVPN.ovpn
2016-01-04 22:49 - 2016-01-04 22:49 - 00000000 ____D C:\Program Files (x86)\AnonVPN
2015-12-31 16:32 - 2015-12-31 16:32 - 00000216 _____ C:\Users\Suddle D\Desktop\Ori and the Blind Forest.url
2015-12-30 04:01 - 2015-12-30 04:01 - 00000000 ____D C:\Users\Suddle D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2015 Tools for Unity
2015-12-30 04:01 - 2015-12-30 04:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity
2015-12-30 04:00 - 2015-12-30 04:00 - 00000000 ____D C:\Users\Suddle D\Documents\Visual Studio 2015
2015-12-30 03:58 - 2015-12-30 03:58 - 00000000 ____D C:\Program Files (x86)\AppInsights
2015-12-30 03:56 - 2015-12-30 03:56 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2015-12-30 03:55 - 2015-12-30 03:55 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2015-12-30 03:55 - 2015-12-30 03:55 - 00000000 ____D C:\ProgramData\NuGet
2015-12-30 03:55 - 2015-12-30 03:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2015-12-30 03:55 - 2015-12-30 03:55 - 00000000 ____D C:\Program Files (x86)\ShellDir
2015-12-30 03:55 - 2015-12-30 03:55 - 00000000 ____D C:\Program Files (x86)\NuGet
2015-12-30 03:55 - 2015-12-30 03:55 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2015-12-30 03:55 - 2015-12-30 03:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2015-12-30 03:54 - 2015-12-30 03:54 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2015-12-30 03:54 - 2015-12-30 03:54 - 00000000 ____D C:\Windows\SysWOW64\1033
2015-12-30 03:54 - 2015-12-30 03:54 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2015-12-30 03:54 - 2015-12-30 03:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-12-30 03:53 - 2015-12-30 03:53 - 00000000 ____D C:\Windows\symbols
2015-12-30 03:53 - 2015-12-30 03:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2015-12-30 03:53 - 2015-12-30 03:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2015-12-30 03:52 - 2015-12-30 03:56 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-12-30 03:52 - 2015-12-30 03:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-12-30 03:52 - 2015-12-30 03:52 - 00001541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2015-12-30 03:51 - 2015-12-30 03:58 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-12-30 03:51 - 2015-12-30 03:56 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2015-12-30 03:51 - 2015-12-30 03:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2015-12-30 03:51 - 2015-12-30 03:52 - 00000000 ____D C:\Windows\system32\1033
2015-12-30 03:47 - 2015-12-30 03:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-30 03:44 - 2015-12-30 03:44 - 00000760 _____ C:\Users\Public\Desktop\Unity 5.3.1f1 (64-bit).lnk
2015-12-30 03:44 - 2015-12-30 03:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.3.1f1 (64-bit)
2015-12-30 03:44 - 2015-12-30 03:44 - 00000000 ____D C:\Program Files (x86)\GtkSharp
2015-12-29 21:12 - 2015-12-29 21:13 - 00000000 ____D C:\Program Files (x86)\Flawless Widescreen
2015-12-29 21:12 - 2015-12-29 21:12 - 00001140 _____ C:\Users\Public\Desktop\Flawless Widescreen.lnk
2015-12-29 21:12 - 2015-12-29 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flawless Widescreen
2015-12-28 15:34 - 2016-01-07 18:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-28 01:53 - 2015-12-28 01:53 - 00000216 _____ C:\Users\Suddle D\Desktop\Antichamber.url
2015-12-27 23:17 - 2015-12-27 23:17 - 00500382 _____ C:\Users\Suddle D\Downloads\garden-landscaping1_recovered.pdf
2015-12-27 22:12 - 2015-12-27 22:12 - 00002627 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioPaint.lnk
2015-12-27 22:08 - 2015-12-27 22:08 - 00000000 ____D C:\Users\Suddle D\AppData\Local\sonic-visualiser
2015-12-27 22:07 - 2015-12-27 22:07 - 00000000 ____D C:\Users\Suddle D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sonic Visualiser
2015-12-27 22:07 - 2015-12-27 22:07 - 00000000 ____D C:\Program Files (x86)\Vamp Plugins
2015-12-24 21:32 - 2015-12-24 21:32 - 00000000 ____D C:\Users\Suddle D\AppData\Local\Squad
2015-12-24 20:39 - 2015-12-24 20:39 - 00000216 _____ C:\Users\Suddle D\Desktop\Squad.url
2015-12-24 03:09 - 2015-12-24 03:09 - 00001759 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-24 03:09 - 2015-12-24 03:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-24 03:09 - 2015-12-24 03:09 - 00000000 ____D C:\Program Files\iTunes
2015-12-24 03:09 - 2015-12-24 03:09 - 00000000 ____D C:\Program Files\iPod
2015-12-24 03:09 - 2015-12-24 03:09 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-24 00:42 - 2015-12-24 00:42 - 00000216 _____ C:\Users\Suddle D\Desktop\Dr. Langeskov, The Tiger, and The Terribly Cursed Emerald A Whirlwind Heist.url
2015-12-22 14:02 - 2015-12-22 14:02 - 00000000 ____D C:\Users\Suddle D\.yubioath
2015-12-22 13:57 - 2015-12-22 13:57 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
2015-12-22 13:53 - 2015-12-22 13:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-12-22 13:53 - 2013-08-08 13:23 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-12-22 13:53 - 2013-08-08 13:23 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2015-12-22 13:51 - 2015-12-22 13:51 - 00000000 ____D C:\Windows\Intel_Chipset_Win8-1_VER9401026
2015-12-22 13:35 - 2015-09-23 14:19 - 00405472 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2015-12-22 13:35 - 2015-09-23 14:19 - 00001904 ____N C:\Windows\system32\SetupBD.din
2015-12-22 13:34 - 2015-08-18 11:43 - 00003114 _____ C:\Windows\system32\e1c62x64.din
2015-12-22 13:34 - 2015-08-12 15:27 - 00498160 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1c62x64.sys
2015-12-22 13:34 - 2013-07-25 03:08 - 00073480 _____ (Intel Corporation) C:\Windows\system32\e1cmsg.dll
2015-12-22 13:34 - 2013-07-11 03:27 - 00089888 _____ (Intel Corporation) C:\Windows\system32\NicInstC.dll
2015-12-22 13:34 - 2009-05-26 10:05 - 00036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
2015-12-22 13:28 - 2015-12-22 13:28 - 00000000 ____D C:\ProgramData\IntelDLM
2015-12-22 13:27 - 2015-12-22 13:27 - 00000000 ____D C:\Users\Suddle D\AppData\Local\Intel
2015-12-22 13:26 - 2015-12-22 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-12-22 13:26 - 2015-12-22 13:26 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2015-12-22 13:11 - 2015-12-16 06:53 - 00523384 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-12-22 13:11 - 2015-12-16 06:53 - 00075056 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-12-22 13:11 - 2015-12-16 06:39 - 00103032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-12-22 13:10 - 2015-12-16 09:34 - 42977072 _____ C:\Windows\system32\nvcompiler.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 37609080 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 31061624 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 24895792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 21122456 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 20663816 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 17561432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 17156968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 16286888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 12334200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-22 13:10 - 2015-12-16 09:34 - 03168376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 02755704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 01915696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436143.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436143.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 00938104 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 00872056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 00734512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 00681592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 00469144 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 00423264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 00416376 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 00388560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 00370808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-22 13:10 - 2015-12-16 09:34 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-22 11:15 - 2015-12-22 11:15 - 00000000 ____D C:\Users\Suddle D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2015-12-22 11:15 - 2015-12-22 11:15 - 00000000 ____D C:\Users\Suddle D\AppData\Local\Citrix
2015-12-22 11:15 - 2015-12-22 11:15 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-12-20 23:55 - 2015-12-20 23:55 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll
2015-12-19 18:23 - 2015-12-19 18:23 - 00087397 _____ C:\Users\Suddle D\Downloads\Star Wars TFA Series 1 Checklist Final 2.pdf
2015-12-19 13:31 - 2015-12-14 14:24 - 00130880 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2015-12-19 13:31 - 2015-09-22 14:36 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-01 01:26 - 2013-11-07 19:54 - 00002004 _____ C:\Windows\Sandboxie.ini
2016-01-13 21:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2016-01-13 21:22 - 2013-11-29 18:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-13 21:21 - 2009-07-13 20:45 - 00020672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-13 21:21 - 2009-07-13 20:45 - 00020672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-13 21:20 - 2013-09-18 22:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-13 21:12 - 2009-07-13 21:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-13 21:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-01-13 21:06 - 2015-11-06 19:31 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-13 21:06 - 2013-09-18 22:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-13 21:06 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-13 21:06 - 2009-07-13 20:45 - 03129176 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-13 21:05 - 2015-04-16 19:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-13 21:05 - 2014-05-06 12:05 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-12 23:13 - 2015-12-11 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-12 23:13 - 2013-03-16 12:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-12 23:12 - 2015-12-11 18:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-12 23:12 - 2015-12-11 18:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-12 23:12 - 2013-07-20 16:01 - 00000000 ____D C:\Windows\system32\MRT
2016-01-12 23:06 - 2010-02-09 22:16 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-12 23:05 - 2009-07-13 18:34 - 00000501 _____ C:\Windows\win.ini
2016-01-12 22:56 - 2013-02-12 12:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-12 22:13 - 2015-10-15 18:55 - 00000000 ____D C:\Program Files (x86)\NCWest
2016-01-12 22:13 - 2015-10-09 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2016-01-10 16:10 - 2013-03-17 00:44 - 00000000 ____D C:\Users\Suddle D\Documents\TurboTax
2016-01-10 16:06 - 2013-03-16 12:04 - 00000000 ____D C:\Users\Suddle D\AppData\Roaming\Intuit
2016-01-10 15:51 - 2013-03-17 00:41 - 00001240 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-01-10 15:50 - 2015-02-22 15:08 - 00000000 ____D C:\Users\Suddle D\AppData\Local\Newsbin
2016-01-10 15:50 - 2013-03-17 00:39 - 00000000 ____D C:\Program Files (x86)\TurboTax
2016-01-08 23:32 - 2015-10-09 19:24 - 00000000 ____D C:\Users\Suddle D\Documents\BnS
2016-01-08 21:55 - 2015-10-15 18:56 - 00001448 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
2016-01-08 21:55 - 2013-01-13 13:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-08 21:42 - 2009-07-13 21:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-07 18:35 - 2013-01-13 13:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-06 19:21 - 2013-01-13 13:10 - 00000000 ____D C:\Users\Suddle D
2016-01-05 22:31 - 2013-01-14 20:38 - 00000000 ____D C:\Users\Suddle D\AppData\Local\Deployment
2016-01-05 21:21 - 2013-11-25 11:49 - 00000000 ____D C:\Qoobox
2016-01-05 21:21 - 2013-01-13 13:18 - 00000000 ____D C:\Users\Suddle D\AppData\Local\Apps\2.0
2016-01-05 21:19 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2016-01-05 21:18 - 2013-11-25 11:49 - 00000000 ____D C:\Windows\erdnt
2016-01-05 21:18 - 2009-07-13 18:34 - 54001664 _____ C:\Windows\system32\config\COMPONENTS.bak
2016-01-05 21:18 - 2009-07-13 18:34 - 25952256 _____ C:\Windows\system32\config\SYSTEM.bak
2016-01-05 21:18 - 2009-07-13 18:34 - 161742848 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-01-05 21:18 - 2009-07-13 18:34 - 12582912 _____ C:\Windows\system32\config\DEFAULT.bak
2016-01-05 21:18 - 2009-07-13 18:34 - 00032768 _____ C:\Windows\system32\config\SAM.bak
2016-01-05 21:18 - 2009-07-13 18:34 - 00028672 _____ C:\Windows\system32\config\SECURITY.bak
2016-01-05 21:14 - 2015-11-06 19:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-05 20:02 - 2013-12-10 22:56 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-05 20:02 - 2013-02-12 12:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-05 20:02 - 2013-01-14 17:45 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 20:02 - 2014-06-20 08:01 - 00000000 ____D C:\Users\Suddle D\AppData\Local\CrashDumps
2016-01-01 02:13 - 2013-01-19 20:23 - 00000000 ____D C:\Users\Suddle D\AppData\Local\Google
2015-12-30 14:32 - 2013-06-18 22:10 - 00000000 ____D C:\Users\Suddle D\AppData\Local\Unity
2015-12-30 04:01 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-30 03:59 - 2013-02-03 01:26 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-30 03:56 - 2013-03-16 12:01 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-12-30 03:51 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-30 03:50 - 2013-01-13 13:59 - 00774592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-30 03:46 - 2013-06-18 22:33 - 00000000 ____D C:\Users\Public\Documents\Unity Projects
2015-12-30 03:39 - 2013-06-18 22:34 - 00000000 ____D C:\ProgramData\Unity
2015-12-29 22:58 - 2013-01-14 17:50 - 00000000 ____D C:\Users\Suddle D\Documents\my games
2015-12-29 21:11 - 2015-11-27 14:33 - 00000744 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-12-29 21:11 - 2015-11-27 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-12-29 15:44 - 2013-01-30 13:11 - 00002322 ____H C:\Users\Suddle D\Documents\Default.rdp
2015-12-28 17:10 - 2014-11-25 14:29 - 00000000 ____D C:\ProgramData\Origin
2015-12-27 23:07 - 2013-01-20 00:47 - 00000000 ____D C:\Users\Suddle D\AppData\Roaming\vlc
2015-12-27 23:04 - 2014-12-15 17:12 - 00000000 ____D C:\Users\Suddle D\AppData\Roaming\Audacity
2015-12-27 15:14 - 2015-11-23 20:01 - 00002185 _____ C:\Users\Suddle D\Desktop\Discord.lnk
2015-12-27 15:14 - 2015-11-23 20:01 - 00000000 ____D C:\Users\Suddle D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2015-12-27 15:14 - 2015-11-23 20:01 - 00000000 ____D C:\Users\Suddle D\AppData\Local\SquirrelTemp
2015-12-27 15:14 - 2015-11-23 20:01 - 00000000 ____D C:\Users\Suddle D\AppData\Local\Discord
2015-12-25 14:39 - 2015-02-04 18:54 - 00000000 ____D C:\Users\Suddle D\AppData\Local\Steam
2015-12-25 14:25 - 2013-01-14 18:15 - 00000000 ____D C:\Users\Suddle D\AppData\Roaming\uTorrent
2015-12-25 13:48 - 2013-12-30 14:41 - 00000000 ____D C:\Users\Suddle D\AppData\Local\ElevatedDiagnostics
2015-12-25 13:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-12-25 00:34 - 2013-01-20 01:34 - 00000000 ____D C:\Users\Suddle D\AppData\Local\QuickPar
2015-12-24 21:32 - 2015-11-03 20:36 - 00000000 ____D C:\Users\Suddle D\AppData\Local\UnrealEngine
2015-12-24 03:09 - 2013-04-27 17:22 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-22 14:02 - 2015-07-25 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yubico
2015-12-22 13:53 - 2013-01-13 13:53 - 00000000 ____D C:\Users\Suddle D\AppData\LocalLow\Intel
2015-12-22 13:53 - 2013-01-13 13:29 - 00000000 ____D C:\Program Files (x86)\Intel
2015-12-22 13:35 - 2013-01-13 13:24 - 00000000 ____D C:\Program Files\Intel
2015-12-22 13:27 - 2013-01-13 13:32 - 00000000 ____D C:\ProgramData\Intel
2015-12-22 13:12 - 2013-05-28 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-19 13:31 - 2013-03-17 13:42 - 00000000 ____D C:\ProgramData\Razer
2015-12-19 13:31 - 2013-01-13 23:21 - 00000000 ____D C:\Program Files (x86)\Razer
2015-12-19 13:29 - 2013-08-21 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-12-19 13:29 - 2013-01-13 23:21 - 00000000 ____D C:\Users\Suddle D\AppData\Local\Razer
2015-12-19 02:23 - 2014-12-15 09:03 - 00000000 ____D C:\Users\Suddle D\AppData\Local\NVIDIA
2015-12-19 02:21 - 2015-11-06 19:32 - 00001383 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-12-18 15:47 - 2014-03-29 14:17 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-12-17 23:21 - 2015-04-04 00:42 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-17 23:21 - 2015-04-04 00:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-17 00:10 - 2014-07-06 18:45 - 00000000 ____D C:\Users\Suddle D\AppData\Roaming\HandBrake
2015-12-16 20:22 - 2013-09-18 22:59 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-16 09:34 - 2015-12-13 23:17 - 16981976 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-12-16 09:34 - 2015-11-06 19:31 - 18716176 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-12-16 09:34 - 2015-11-06 19:31 - 14005408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-12-16 09:34 - 2015-11-06 19:31 - 03637352 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-12-16 09:34 - 2015-11-06 19:31 - 03211760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-12-16 09:34 - 2015-11-06 19:31 - 00034848 _____ C:\Windows\system32\nvinfo.pb
2015-12-16 06:53 - 2015-11-06 19:31 - 06359672 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-12-16 06:53 - 2015-11-06 19:31 - 02985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-12-16 06:53 - 2015-11-06 19:31 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-12-16 06:53 - 2015-11-06 19:31 - 01256240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-12-16 06:53 - 2015-11-06 19:31 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-12-16 06:53 - 2015-11-06 19:31 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-12-16 06:49 - 2015-11-06 19:31 - 06090019 _____ C:\Windows\system32\nvcoproc.bin
2015-12-14 18:35 - 2013-01-13 13:41 - 00162448 _____ C:\Users\Suddle D\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2013-03-16 14:45 - 2014-09-08 13:30 - 0000021 _____ () C:\Users\Suddle D\AppData\Roaming\config_data.dat
2013-06-25 18:50 - 2013-06-25 20:03 - 0000539 _____ () C:\Users\Suddle D\AppData\Roaming\Rim.Desktop.Exception.log
2013-06-25 18:44 - 2013-07-01 23:18 - 0002021 _____ () C:\Users\Suddle D\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-06-25 18:50 - 2013-06-25 20:03 - 0000539 _____ () C:\Users\Suddle D\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-08-21 14:47 - 2013-08-21 14:47 - 0010959 _____ () C:\Users\Suddle D\AppData\Local\CleanupUninstall.txt
2013-01-14 18:22 - 2013-01-14 18:22 - 0003072 _____ () C:\Users\Suddle D\AppData\Local\file__0.localstorage
2014-07-26 13:52 - 2014-07-26 13:52 - 0007606 _____ () C:\Users\Suddle D\AppData\Local\Resmon.ResmonCfg
2014-04-10 21:15 - 2014-04-10 21:15 - 0000000 _____ () C:\Users\Suddle D\AppData\Local\Temptable.xml
2013-01-14 18:29 - 2013-01-14 18:29 - 0017408 _____ () C:\Users\Suddle D\AppData\Local\WebpageIcons.db
2013-03-17 00:41 - 2016-01-10 15:51 - 0001240 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Suddle D\PageSuckerRegistration.dat


Some files in TEMP:
====================
C:\Users\Suddle D\AppData\Local\Temp\AnonVPN-1.0.4.3-install.exe
C:\Users\Suddle D\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-08 22:51

==================== End of FRST.txt ============================

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:04 AM

Posted 14 January 2016 - 10:12 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\...\Policies\Explorer: []
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1985620250-657412871-4281227411-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF user.js: detected! => C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1985620250-657412871-4281227411-1000\FireFox\user.js [2014-12-03]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\extensions\artur.dubovoy@gmail.com [2015-12-05]
FF Extension: BetterTTV - C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\Extensions\firefox@betterttv.net.xpi [2015-11-18]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => No File
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 Blackberry Device Manager; "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S4 LMIRfsClientNP; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\SUDDLE~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 dump_wmimmc; \??\F:\Program Files (x86)\NCSOFT\BnS CBT\bin\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 LMIInfo; \??\F:\Program Files\logmein\x64\RaInfo.sys [X]
S3 slb; \??\E:\Program Files\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\extensions\artur.dubovoy@gmail.com
C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\Extensions\firefox@betterttv.net.xpi
Task: {4EF414BF-4B1E-45C8-8C15-00F8791D3B9B} - System32\Tasks\{36F0AE05-51BB-4FD0-B642-9AEAF6A72F6B} => C:\Users\Suddle D\Desktop\SnowInstallv9.0.6\KMSpico Install\KMSpico_setup.exe
Task: {625DF04B-E955-49ED-93F1-5ABC861DB041} - System32\Tasks\{E0847D1B-1B87-4DF2-87FD-4C161FFF78C2} => C:\Users\Suddle D\Desktop\SnowInstallv9.0.6\KMSpico Install\KMSpico_setup.exe
Task: {C7916398-0E35-475B-989C-4BEFF9F2599D} - System32\Tasks\{89F7E5C8-527B-4DBF-9E31-49A0E4977178} => C:\Users\Suddle D\Desktop\SnowInstallv9.0.6\KMSpico Install\KMSpico_setup.exe
C:\Users\Suddle D\Desktop\SnowInstallv9.0.6\KMSpico Install

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

Edited by nasdaq, 14 January 2016 - 10:13 AM.


#9 SuddleD

SuddleD
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 15 January 2016 - 12:25 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Suddle D (2016-01-14 21:19:51) Run:1
Running from C:\Users\Suddle D\Desktop\frst
Loaded Profiles: Suddle D (Available Profiles: Suddle D)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\...\Policies\Explorer: []
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1985620250-657412871-4281227411-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF user.js: detected! => C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1985620250-657412871-4281227411-1000\FireFox\user.js [2014-12-03]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\extensions\artur.dubovoy@gmail.com [2015-12-05]
FF Extension: BetterTTV - C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\Extensions\firefox@betterttv.net.xpi [2015-11-18]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => No File
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 Blackberry Device Manager; "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S4 LMIRfsClientNP; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\SUDDLE~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 dump_wmimmc; \??\F:\Program Files (x86)\NCSOFT\BnS CBT\bin\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 LMIInfo; \??\F:\Program Files\logmein\x64\RaInfo.sys [X]
S3 slb; \??\E:\Program Files\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\extensions\artur.dubovoy@gmail.com
C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\Extensions\firefox@betterttv.net.xpi
Task: {4EF414BF-4B1E-45C8-8C15-00F8791D3B9B} - System32\Tasks\{36F0AE05-51BB-4FD0-B642-9AEAF6A72F6B} => C:\Users\Suddle D\Desktop\SnowInstallv9.0.6\KMSpico Install\KMSpico_setup.exe
Task: {625DF04B-E955-49ED-93F1-5ABC861DB041} - System32\Tasks\{E0847D1B-1B87-4DF2-87FD-4C161FFF78C2} => C:\Users\Suddle D\Desktop\SnowInstallv9.0.6\KMSpico Install\KMSpico_setup.exe
Task: {C7916398-0E35-475B-989C-4BEFF9F2599D} - System32\Tasks\{89F7E5C8-527B-4DBF-9E31-49A0E4977178} => C:\Users\Suddle D\Desktop\SnowInstallv9.0.6\KMSpico Install\KMSpico_setup.exe
C:\Users\Suddle D\Desktop\SnowInstallv9.0.6\KMSpico Install

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1985620250-657412871-4281227411-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-1985620250-657412871-4281227411-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.0" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.7.0" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1985620250-657412871-4281227411-1000\FireFox\user.js => moved successfully
C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\extensions\artur.dubovoy@gmail.com => moved successfully
C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\Extensions\firefox@betterttv.net.xpi => moved successfully
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => not found.
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll => not found.
C:\Windows\SysWOW64\npDeployJava1.dll => not found.
F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => not found.
ACDaemon => service removed successfully
Blackberry Device Manager => service removed successfully
rpcapd => service removed successfully
LMIRfsClientNP => service removed successfully
catchme => service removed successfully
cpuz136 => service removed successfully
dump_wmimmc => service removed successfully
EagleX64 => service removed successfully
LMIInfo => service removed successfully
slb => service removed successfully
SliceDisk5 => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
"C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\extensions\artur.dubovoy@gmail.com" => not found.
"C:\Users\Suddle D\AppData\Roaming\Mozilla\Firefox\Profiles\ks5lcxez.default-1447902098674\Extensions\firefox@betterttv.net.xpi" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EF414BF-4B1E-45C8-8C15-00F8791D3B9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EF414BF-4B1E-45C8-8C15-00F8791D3B9B}" => key removed successfully
C:\Windows\System32\Tasks\{36F0AE05-51BB-4FD0-B642-9AEAF6A72F6B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36F0AE05-51BB-4FD0-B642-9AEAF6A72F6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{625DF04B-E955-49ED-93F1-5ABC861DB041}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{625DF04B-E955-49ED-93F1-5ABC861DB041}" => key removed successfully
C:\Windows\System32\Tasks\{E0847D1B-1B87-4DF2-87FD-4C161FFF78C2} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E0847D1B-1B87-4DF2-87FD-4C161FFF78C2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7916398-0E35-475B-989C-4BEFF9F2599D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7916398-0E35-475B-989C-4BEFF9F2599D}" => key removed successfully
C:\Windows\System32\Tasks\{89F7E5C8-527B-4DBF-9E31-49A0E4977178} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{89F7E5C8-527B-4DBF-9E31-49A0E4977178}" => key removed successfully
"C:\Users\Suddle D\Desktop\SnowInstallv9.0.6\KMSpico Install" => not found.
EmptyTemp: => 1.4 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:20:07 ====



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:04 AM

Posted 15 January 2016 - 10:49 AM

Any remaining issues?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:04 AM

Posted 21 January 2016 - 10:29 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:04 AM

Posted 27 January 2016 - 09:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users