Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need virus/malware check, had a recent infection


  • This topic is locked This topic is locked
19 replies to this topic

#1 soderquist1

soderquist1

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 18 February 2016 - 12:22 PM

mainly need confirmation my infection is gone.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by dale (administrator) on DALE-ASUS (18-02-2016 10:09:03)
Running from C:\Users\dale\Downloads
Loaded Profiles: dale (Available Profiles: dale)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek) C:\Program Files\FSP\QuickGesture\x86\QuickGesture.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [qgesture32] => C:\Program Files\FSP\QuickGesture\x86\quickgesture.exe [19824 2011-10-14] (AsusTek)
HKLM\...\Run: [qgesture64] => C:\Program Files\FSP\QuickGesture\x64\quickgesture64.exe [21360 2011-10-14] (AsusTek)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-22] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2015-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [804168 2016-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25122080 2016-02-08] (Dropbox, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [881336 2015-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-10-28] (Siber Systems)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-02-10] (Seagate Technology LLC)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50622080 2016-01-19] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
Startup: C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-11-21] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{332bc5a9-44a4-476c-b6f2-f88aa738be70}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a714e976-949d-45d5-8a1f-b99508a69b54}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-2803351199-1918054348-220819788-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-14] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-28] (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-02-02] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-02-02] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-10-28] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-02-02] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-02-02] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-28] (Siber Systems Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-10-28] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2803351199-1918054348-220819788-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-28] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2803351199-1918054348-220819788-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-24] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\l5o8o5y5.default-1419992173779
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-02-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-02-02] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-02-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2015-10-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-17]
FF HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-06]
CHR Extension: (Google Drive) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-10]
CHR Extension: (Google Docs Offline) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Skype) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-19]
CHR Extension: (Bing2Google) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgoehlfmhfafaiepckjikpphoklijedl [2015-11-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-06]
CHR Extension: (RoboForm Password Manager) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-11-10]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-07-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-07-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2016-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2016-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2016-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1417592 2016-02-18] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-07-15] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-07-15] (Creative Labs) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-17] (Dropbox, Inc.)
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [713728 2015-09-02] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [177152 2015-09-02] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-22] (NVIDIA Corporation)
R2 LDrvSvc; C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll [147216 2015-12-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [83968 2015-09-05] (Microsoft Corporation) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2014-11-20] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-22] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-22] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-22] (NVIDIA Corporation)
S3 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
S3 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4316784 2015-06-15] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146704 2016-02-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 DCamUSBTP10; C:\Windows\System32\Drivers\iP293x.sys [197376 2009-11-20] (iPassion Technology Inc.) [File not signed]
R3 FLxHCIh; C:\Windows\System32\drivers\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [37912 2015-09-21] (Microsoft Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-18] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-17] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-05-04] (Realtek                                            )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-18 10:09 - 2016-02-18 10:09 - 00034622 _____ C:\Users\dale\Downloads\FRST.txt
2016-02-18 10:08 - 2016-02-18 10:08 - 02371072 _____ (Farbar) C:\Users\dale\Downloads\FRST64.exe
2016-02-18 09:11 - 2016-02-18 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-02-17 15:45 - 2016-02-17 15:45 - 00000360 _____ C:\Users\dale\Desktop\Flixster.appref-ms
2016-02-17 15:45 - 2016-02-17 15:45 - 00000000 ____D C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flixster
2016-02-16 19:51 - 2016-02-16 19:51 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-02-10 19:43 - 2016-02-10 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-09 12:16 - 2016-01-28 23:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-09 12:16 - 2016-01-28 23:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-09 12:16 - 2016-01-26 23:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 12:16 - 2016-01-26 23:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-09 12:16 - 2016-01-26 23:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-09 12:16 - 2016-01-26 23:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 12:16 - 2016-01-26 23:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-09 12:16 - 2016-01-26 22:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-09 12:16 - 2016-01-26 22:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-09 12:16 - 2016-01-26 22:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 12:16 - 2016-01-26 22:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 12:16 - 2016-01-26 22:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-09 12:16 - 2016-01-26 22:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-09 12:16 - 2016-01-26 22:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-09 12:16 - 2016-01-26 22:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-09 12:16 - 2016-01-26 22:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 12:16 - 2016-01-26 22:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 12:16 - 2016-01-26 22:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-09 12:16 - 2016-01-26 22:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-09 12:16 - 2016-01-26 22:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 12:16 - 2016-01-26 22:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-09 12:16 - 2016-01-26 22:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-09 12:16 - 2016-01-26 22:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-09 12:16 - 2016-01-26 22:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-09 12:16 - 2016-01-26 22:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 12:16 - 2016-01-26 22:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 12:16 - 2016-01-26 22:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-09 12:16 - 2016-01-26 22:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-09 12:16 - 2016-01-26 22:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 12:16 - 2016-01-26 22:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-09 12:16 - 2016-01-26 22:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 12:16 - 2016-01-26 22:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 12:16 - 2016-01-26 22:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-09 12:16 - 2016-01-26 22:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-09 12:16 - 2016-01-26 22:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-09 12:16 - 2016-01-26 22:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-09 12:16 - 2016-01-26 22:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-09 12:16 - 2016-01-26 22:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-09 12:16 - 2016-01-26 22:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-09 12:16 - 2016-01-26 22:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 12:16 - 2016-01-26 22:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-09 12:16 - 2016-01-26 22:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 12:16 - 2016-01-26 22:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 12:16 - 2016-01-26 21:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-09 12:16 - 2016-01-26 21:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-09 12:16 - 2016-01-26 21:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-09 12:16 - 2016-01-26 21:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-09 12:16 - 2016-01-26 21:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-09 12:16 - 2016-01-26 21:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-09 12:16 - 2016-01-26 21:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 12:16 - 2016-01-26 21:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-09 12:16 - 2016-01-26 21:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-09 12:16 - 2016-01-26 21:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 12:16 - 2016-01-26 21:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-09 12:16 - 2016-01-26 21:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-09 12:16 - 2016-01-26 21:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 12:16 - 2016-01-26 21:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 12:16 - 2016-01-26 21:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-09 12:16 - 2016-01-26 21:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-09 12:16 - 2016-01-26 21:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-09 12:16 - 2016-01-26 21:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-09 12:16 - 2016-01-26 21:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-09 12:16 - 2016-01-26 21:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-09 12:16 - 2016-01-26 21:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-09 12:16 - 2016-01-26 21:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-06 19:24 - 2016-02-06 19:24 - 00613136 _____ (NCH Software) C:\Users\dale\Downloads\switchsetup.exe
2016-02-06 19:24 - 2016-02-06 19:24 - 00001329 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2016-02-06 19:24 - 2016-02-06 19:24 - 00001209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
2016-02-06 19:24 - 2016-02-06 19:24 - 00001197 _____ C:\Users\Public\Desktop\Switch Sound File Converter.lnk
2016-02-06 18:48 - 2016-02-06 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter
2016-02-06 18:48 - 2016-02-06 19:34 - 00000000 ____D C:\Program Files (x86)\freac
2016-02-06 18:48 - 2016-02-06 18:59 - 00000000 ____D C:\Users\dale\AppData\Roaming\freac
2016-02-06 18:47 - 2016-02-06 18:47 - 07534391 _____ C:\Users\dale\Downloads\freac-1.0.26.exe
2016-02-06 18:45 - 2016-02-06 18:46 - 26372936 _____ (DVDVideoSoft Ltd. ) C:\Users\dale\Downloads\FreeAudioConverter.exe
2016-02-05 21:08 - 2016-02-05 21:08 - 03780997 _____ C:\Users\dale\Downloads\ATT_SGH-A997_Rugby_III_English_User_Manual_LK8_F8_AC.pdf
2016-02-05 19:52 - 2016-02-05 19:52 - 00000279 _____ C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2016-02-05 19:04 - 2016-02-05 19:04 - 00000000 ____D C:\Users\dale\Documents\Wondershare
2016-02-05 19:03 - 2016-02-05 19:03 - 00000000 ____D C:\Users\dale\AppData\Roaming\HMYGSetting
2016-02-05 19:03 - 2016-02-05 19:03 - 00000000 ____D C:\ProgramData\wondershare
2016-02-05 19:03 - 2016-01-19 17:15 - 00000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2016-02-05 19:02 - 2016-02-05 22:11 - 00000000 ____D C:\Users\dale\AppData\Roaming\Wondershare
2016-02-05 19:02 - 2016-02-05 22:11 - 00000000 ____D C:\Users\dale\.android
2016-02-05 19:02 - 2016-02-05 22:11 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-02-05 19:00 - 2016-02-05 19:02 - 76123712 _____ (Wondershare ) C:\Users\dale\Downloads\mobilego-for-android.exe
2016-02-02 11:57 - 2015-07-27 09:00 - 31085611 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-02-02 11:57 - 2015-07-27 09:00 - 03271912 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 03232960 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 02946304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 02711296 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-02-02 11:57 - 2015-07-27 09:00 - 02050184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 01759488 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 01331336 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00645464 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00577840 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBTHX32.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00330568 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00221976 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00214840 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00209544 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00195192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00122328 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00110992 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-02-02 11:57 - 2015-07-27 09:00 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-02-02 11:40 - 2016-02-02 11:40 - 00001452 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-02-02 11:36 - 2016-02-02 11:40 - 00000000 ____D C:\Users\dale\AppData\Local\NVIDIA
2016-02-02 11:36 - 2016-02-02 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-02-02 11:36 - 2016-01-22 19:54 - 01542600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-02-02 11:36 - 2016-01-22 19:54 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-02-02 11:36 - 2016-01-22 19:53 - 01859936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-02-02 11:36 - 2016-01-22 19:53 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-02-02 11:36 - 2016-01-22 19:53 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-02-02 11:35 - 2016-01-22 20:31 - 00215608 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-02-02 11:35 - 2016-01-22 20:31 - 00201664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-02-02 11:35 - 2016-01-22 18:01 - 00530368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-02-02 11:35 - 2016-01-22 18:01 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-02-02 11:35 - 2016-01-22 17:47 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-02-02 11:35 - 2016-01-21 19:06 - 06125650 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-02-02 11:33 - 2016-01-22 20:31 - 42983992 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 37615040 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 31115712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 24941112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 21202488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 20741880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 17632544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 17224664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 17174032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 02543160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 02187712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436175.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436175.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 00948672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 00882232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 00745408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 00689600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-02-02 11:33 - 2016-01-22 20:31 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-02-02 11:33 - 2016-01-22 20:31 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-02-02 11:33 - 2015-12-17 23:11 - 00047760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-02-02 11:33 - 2015-12-17 23:10 - 00099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-02-02 11:33 - 2015-12-17 23:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-02-02 11:31 - 2016-01-22 18:01 - 06366656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-02-02 11:31 - 2016-01-22 18:01 - 02992064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-02-02 11:31 - 2016-01-22 18:01 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-02-02 11:31 - 2016-01-22 18:01 - 01263040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-02-02 11:31 - 2016-01-22 18:01 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-02-02 11:31 - 2016-01-22 18:01 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-02-02 11:15 - 2016-02-02 11:32 - 389921688 _____ (NVIDIA Corporation) C:\Users\dale\Downloads\361.75-notebook-win10-64bit-international-whql.exe
2016-02-02 11:10 - 2016-02-02 11:10 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-02-02 11:08 - 2016-02-02 11:09 - 56786528 _____ (Oracle Corporation) C:\Users\dale\Downloads\jre-8u71-windows-x64.exe
2016-02-02 11:08 - 2016-02-02 11:08 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-02 11:06 - 2016-02-02 11:07 - 00643168 _____ (Oracle Corporation) C:\Users\dale\Downloads\JavaSetup8u71.exe
2016-02-02 10:56 - 2016-02-02 11:28 - 00000000 ____D C:\Program Files\Nightly
2016-01-27 19:02 - 2016-01-15 23:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-27 19:02 - 2016-01-15 23:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-27 19:02 - 2016-01-15 22:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-27 19:02 - 2016-01-15 22:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-27 19:02 - 2016-01-15 22:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-27 19:02 - 2016-01-15 22:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-27 19:02 - 2016-01-15 22:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-27 19:01 - 2016-01-15 23:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-27 19:01 - 2016-01-15 23:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-27 19:01 - 2016-01-15 23:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-27 19:01 - 2016-01-15 23:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-27 19:01 - 2016-01-15 23:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-27 19:01 - 2016-01-15 23:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-27 19:01 - 2016-01-15 23:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-27 19:01 - 2016-01-15 23:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-27 19:01 - 2016-01-15 23:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-27 19:01 - 2016-01-15 23:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-27 19:01 - 2016-01-15 23:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-27 19:01 - 2016-01-15 23:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-27 19:01 - 2016-01-15 23:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-27 19:01 - 2016-01-15 23:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-27 19:01 - 2016-01-15 23:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-27 19:01 - 2016-01-15 23:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-27 19:01 - 2016-01-15 23:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-27 19:01 - 2016-01-15 23:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-27 19:01 - 2016-01-15 23:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-27 19:01 - 2016-01-15 23:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-27 19:01 - 2016-01-15 22:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-27 19:01 - 2016-01-15 22:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-27 19:01 - 2016-01-15 22:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-27 19:01 - 2016-01-15 22:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-27 19:01 - 2016-01-15 22:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-27 19:01 - 2016-01-15 22:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-27 19:01 - 2016-01-15 22:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-27 19:01 - 2016-01-15 22:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-27 19:01 - 2016-01-15 22:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-27 19:01 - 2016-01-15 22:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-27 19:01 - 2016-01-15 22:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-27 19:01 - 2016-01-15 22:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-27 19:01 - 2016-01-15 22:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-27 19:01 - 2016-01-15 22:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-27 19:01 - 2016-01-15 22:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-27 19:01 - 2016-01-15 22:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-27 19:01 - 2016-01-15 22:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-27 19:01 - 2016-01-15 22:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-27 19:01 - 2016-01-15 22:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-27 19:01 - 2016-01-15 22:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-27 19:01 - 2016-01-15 22:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-27 19:01 - 2016-01-15 22:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-27 19:01 - 2016-01-15 22:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-27 19:01 - 2016-01-15 22:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-27 19:01 - 2016-01-15 22:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-27 19:01 - 2016-01-15 22:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-27 19:01 - 2016-01-15 22:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-27 19:01 - 2016-01-15 22:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-27 19:01 - 2016-01-15 22:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-27 19:01 - 2016-01-15 22:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-27 19:01 - 2016-01-15 22:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-27 19:01 - 2016-01-15 22:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-27 19:01 - 2016-01-15 22:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-27 19:01 - 2016-01-15 22:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-27 19:01 - 2016-01-15 22:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-27 19:01 - 2016-01-15 22:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-27 19:01 - 2016-01-15 22:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-27 19:01 - 2016-01-15 22:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-27 19:01 - 2016-01-15 22:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-27 19:01 - 2016-01-15 22:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-27 19:01 - 2016-01-15 22:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-27 19:01 - 2016-01-15 22:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-27 19:01 - 2016-01-15 22:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-27 19:01 - 2016-01-15 22:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-27 19:01 - 2016-01-15 22:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-27 19:01 - 2016-01-15 22:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-27 19:01 - 2016-01-15 22:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-27 19:01 - 2016-01-15 22:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-27 19:01 - 2016-01-15 22:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-27 19:01 - 2016-01-15 22:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-27 19:01 - 2016-01-15 22:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-27 19:01 - 2016-01-15 22:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-27 19:01 - 2016-01-15 22:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-27 19:01 - 2016-01-15 22:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-27 19:01 - 2016-01-15 22:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-27 19:01 - 2016-01-15 22:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-27 19:01 - 2016-01-15 22:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-27 19:01 - 2016-01-15 22:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-27 19:01 - 2016-01-15 22:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-27 19:01 - 2016-01-15 22:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-27 19:01 - 2016-01-15 22:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-27 19:01 - 2016-01-15 22:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-27 19:01 - 2016-01-15 22:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-27 19:01 - 2016-01-15 22:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-27 19:01 - 2016-01-15 22:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-27 19:01 - 2016-01-15 22:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-27 19:01 - 2016-01-15 22:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-27 19:01 - 2016-01-15 22:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-27 19:01 - 2016-01-15 22:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-27 19:01 - 2016-01-15 22:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-27 19:01 - 2016-01-15 22:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-27 19:01 - 2016-01-15 22:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-27 19:01 - 2016-01-15 22:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-27 19:01 - 2016-01-15 22:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-27 19:01 - 2016-01-15 22:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-27 19:01 - 2016-01-15 22:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-27 19:01 - 2016-01-15 22:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-27 19:01 - 2016-01-15 22:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-27 19:01 - 2016-01-15 22:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-27 19:01 - 2016-01-15 22:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-27 19:01 - 2016-01-15 22:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-26 17:31 - 2016-01-26 17:31 - 00000000 ____D C:\Users\dale\Downloads\bin
2016-01-26 15:29 - 2016-01-26 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2016-01-26 15:29 - 2016-01-26 15:29 - 00000000 ____D C:\Program Files (x86)\Nero
2016-01-26 15:22 - 2016-01-26 15:23 - 30920141 _____ C:\Users\dale\Downloads\DiscSpeed.zip
2016-01-22 17:18 - 2016-01-22 17:18 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-01-22 16:51 - 2016-01-22 16:51 - 00000162 ____H C:\Users\dale\Downloads\~$iver-full.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-18 10:09 - 2015-06-26 16:01 - 00000000 ____D C:\FRST
2016-02-18 10:05 - 2015-11-21 17:24 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{786A8471-473F-4390-9B9F-E166896F3ADD}
2016-02-18 10:03 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-18 10:02 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-18 10:02 - 2014-11-18 12:37 - 00000000 ____D C:\AdwCleaner
2016-02-18 10:02 - 2012-06-21 04:02 - 00000000 ____D C:\Users\dale\AppData\Roaming\Skype
2016-02-18 10:01 - 2015-12-17 23:35 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-18 10:01 - 2015-11-21 15:24 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-18 10:01 - 2014-08-20 11:19 - 00000000 ____D C:\Users\dale\AppData\Local\Adobe
2016-02-18 10:01 - 2011-04-01 21:36 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-18 09:58 - 2015-11-21 15:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-18 09:58 - 2015-11-21 15:00 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-18 09:57 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-18 09:56 - 2015-10-30 02:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-18 09:56 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-02-18 09:56 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-02-18 09:55 - 2014-10-24 17:32 - 00000000 ____D C:\Users\dale\AppData\Local\CrashDumps
2016-02-18 09:50 - 2012-05-27 20:15 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-18 09:40 - 2015-12-17 23:35 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-18 09:24 - 2015-12-28 10:59 - 00000000 ____D C:\Users\dale\AppData\Local\Deployment
2016-02-18 09:23 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-18 09:20 - 2011-04-01 21:36 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-18 09:16 - 2014-10-25 18:59 - 01962496 _____ C:\Users\dale\Desktop\adwcleaner_4.001.exe
2016-02-18 09:12 - 2014-04-26 18:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-18 09:11 - 2015-06-30 11:13 - 00002027 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2016-02-18 09:10 - 2015-06-30 11:13 - 00146704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-02-18 09:06 - 2015-11-21 15:03 - 01010622 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-17 18:27 - 2012-06-25 23:19 - 00000401 _____ C:\Users\dale\Desktop\CD Drive - Shortcut.lnk
2016-02-17 09:44 - 2015-10-20 13:48 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-02-16 15:53 - 2015-11-07 10:59 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-13 19:25 - 2015-10-13 10:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2016-02-10 19:43 - 2015-12-17 23:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-02-10 09:53 - 2013-10-04 06:24 - 00000000 ____D C:\Users\dale\AppData\Local\ElevatedDiagnostics
2016-02-09 22:20 - 2013-02-09 15:34 - 00000000 ____D C:\Users\dale\AppData\Roaming\SoftGrid Client
2016-02-09 15:24 - 2013-07-15 11:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-09 15:17 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-09 15:17 - 2011-11-04 18:32 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-09 14:22 - 2011-04-01 21:36 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-06 19:24 - 2015-10-13 10:52 - 00000000 ____D C:\Users\dale\AppData\Roaming\NCH Software
2016-02-06 19:24 - 2015-10-13 10:52 - 00000000 ____D C:\Program Files (x86)\NCH Software
2016-02-05 19:02 - 2015-11-21 15:04 - 00000000 ____D C:\Users\dale
2016-02-03 12:01 - 2015-10-30 00:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 12:01 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 12:04 - 2015-11-21 09:59 - 00000000 ____D C:\Users\dale\AppData\Roaming\DriverTalent
2016-02-02 12:04 - 2015-11-21 09:59 - 00000000 ____D C:\ProgramData\DriverTalent
2016-02-02 12:04 - 2015-11-21 09:58 - 00002044 _____ C:\Users\Public\Desktop\Driver Talent.lnk
2016-02-02 11:57 - 2015-11-21 16:55 - 00003194 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2016-02-02 11:57 - 2015-11-21 14:59 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-02-02 11:57 - 2015-11-21 14:59 - 00000000 ____D C:\Program Files\Realtek
2016-02-02 11:57 - 2011-07-15 22:32 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-02-02 11:57 - 2011-07-15 22:32 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-02-02 11:47 - 2012-06-25 19:57 - 00000000 ____D C:\Users\dale\AppData\Roaming\Intelli-studio
2016-02-02 11:40 - 2015-11-21 15:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-02-02 11:36 - 2015-11-21 17:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-02-02 11:36 - 2012-09-13 22:09 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-02-02 11:33 - 2013-12-17 13:05 - 00000000 ____D C:\Users\dale\AppData\Local\NVIDIA Corporation
2016-02-02 11:31 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Help
2016-02-02 11:28 - 2013-01-25 00:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-02 11:12 - 2015-07-03 11:02 - 00000000 ____D C:\Users\dale\AppData\LocalLow\Mozilla
2016-02-02 11:10 - 2014-10-26 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-02-02 11:10 - 2014-10-26 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-02 11:10 - 2013-11-23 23:07 - 00000000 ____D C:\Program Files\Java
2016-02-02 11:09 - 2013-10-16 21:52 - 00000000 ____D C:\ProgramData\Oracle
2016-02-02 11:08 - 2013-11-23 22:58 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-02 09:15 - 2011-04-01 21:36 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 09:15 - 2011-04-01 21:36 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-29 23:38 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-01-28 22:46 - 2015-10-30 00:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-28 22:46 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-28 22:46 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-28 22:46 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-28 22:46 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-28 22:46 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-28 22:46 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-28 09:41 - 2012-06-21 04:02 - 00000000 ____D C:\ProgramData\Skype
2016-01-26 17:43 - 2009-07-13 20:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-01-26 15:29 - 2014-02-27 15:11 - 00000000 ____D C:\ProgramData\Nero
2016-01-25 10:34 - 2015-11-21 17:01 - 12474312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-01-22 20:31 - 2015-11-21 17:01 - 19778944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-01-22 20:31 - 2015-11-21 17:01 - 17116616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-01-22 20:31 - 2015-11-21 17:01 - 14114944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-01-22 20:31 - 2015-11-21 17:01 - 00035832 _____ C:\WINDOWS\system32\nvinfo.pb
2016-01-22 20:31 - 2015-11-21 17:00 - 03648552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-01-22 20:31 - 2015-11-21 17:00 - 03230824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-01-22 16:56 - 2015-11-21 15:24 - 00000000 ____D C:\Users\dale\AppData\Local\Packages
2016-01-21 10:33 - 2015-08-29 10:03 - 00000000 ____D C:\Users\dale\.oracle_jre_usage
2016-01-20 09:40 - 2015-10-30 00:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-20 09:39 - 2013-12-04 13:32 - 00000000 ____D C:\Program Files\Microsoft Office 15
 
==================== Files in the root of some directories =======
 
2015-07-28 23:49 - 2015-07-29 00:02 - 0000115 _____ () C:\Users\dale\AppData\Roaming\LogFile.txt
2013-07-25 23:06 - 2013-11-23 13:06 - 0000006 _____ () C:\Users\dale\AppData\Roaming\WBPU-TTL.DAT
2012-09-20 20:25 - 2013-09-16 17:55 - 0008704 _____ () C:\Users\dale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-16 20:50 - 2012-09-16 20:50 - 0007593 _____ () C:\Users\dale\AppData\Local\Resmon.ResmonCfg
2011-07-15 22:41 - 2011-07-15 22:42 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-07-15 22:41 - 2011-07-15 22:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
C:\Users\dale\AppData\Local\Temp\avgnt.exe
C:\Users\dale\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1jsgxi.dll
C:\Users\dale\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\dale\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\dale\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\dale\AppData\Local\Temp\nvStInst.exe
C:\Users\dale\AppData\Local\Temp\Quarantine.exe
C:\Users\dale\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-10 09:47
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 18 February 2016 - 05:38 PM

Hello soderquist1,

 

Addition.txt is created by default from the first run of FRST, can you check inside this folder: C:\FRST\Logs I need to see that log before we progress. If no Addition log inside the Logs folder run FRST scan one more time, ensure "Addition" is checked in the optional scan box...

Attached Images

 

Ashampoo_Snap_20140927_13h17m38s_001_Far


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 soderquist1

soderquist1
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 18 February 2016 - 06:40 PM

oops thought i had that attached already

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 19 February 2016 - 09:39 AM

Hi soderquist1,
 
Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe
CHR Extension: (Bing2Google) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgoehlfmhfafaiepckjikpphoklijedl [2015-11-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\dale\AppData\Roaming\freac
C:\Users\dale\AppData\Roaming\HMYGSetting
C:\Users\dale\AppData\Roaming\Skype
C:\Users\dale\AppData\Local\CrashDumps
C:\WINDOWS\System32\Tasks\NCH Software
C:\Users\dale\AppData\Roaming\SoftGrid Client
2016-02-06 19:24 - 2015-10-13 10:52 - 00000000 ____D C:\Users\dale\AppData\Roaming\NCH Software
2016-02-06 19:24 - 2015-10-13 10:52 - 00000000 ____D C:\Program Files (x86)\NCH Software
C:\Users\dale\AppData\Roaming\DriverTalent
C:\Users\dale\AppData\Roaming\Intelli-studio
C:\Users\dale\AppData\Local\Packages
2015-07-28 23:49 - 2015-07-29 00:02 - 0000115 _____ () C:\Users\dale\AppData\Roaming\LogFile.txt
2013-07-25 23:06 - 2013-11-23 13:06 - 0000006 _____ () C:\Users\dale\AppData\Roaming\WBPU-TTL.DAT
2012-09-20 20:25 - 2013-09-16 17:55 - 0008704 _____ () C:\Users\dale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-16 20:50 - 2012-09-16 20:50 - 0007593 _____ () C:\Users\dale\AppData\Local\Resmon.ResmonCfg
2011-07-15 22:41 - 2011-07-15 22:42 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-07-15 22:41 - 2011-07-15 22:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
C:\Users\dale\AppData\Local\Temp\avgnt.exe
C:\Users\dale\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1jsgxi.dll
C:\Users\dale\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\dale\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\dale\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\dale\AppData\Local\Temp\nvStInst.exe
C:\Users\dale\AppData\Local\Temp\Quarantine.exe
C:\Users\dale\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-2803351199-1918054348-220819788-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\dale\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
Task: {1F103B13-8FA6-4E13-97D7-306DBBBE9057} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1F29B769-33FA-42F6-B7A4-987D73F1AFAD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2717BEDA-38AB-447C-AD9A-24C27ED87B1E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3FB99F9C-5E8D-43B7-99C2-F8418D9FDAAA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {53EF4B35-F72E-4926-B39E-1FD1174B519B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {73C02425-42CE-472C-97A0-782EC33B4881} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7D4F01CC-7257-4785-9E69-72A860CCF626} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D1E86801-3BA7-46CC-9964-DE0C199A41FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DB3CB1CF-4508-4D49-A29D-104095A9F700} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E58BD08B-651C-4F29-967C-7B1882197B05} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FC271CA6-E98C-44E0-851E-ADDF52CAC60E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Emptytemp:
end

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.
=============================================================================================
Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 soderquist1

soderquist1
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 19 February 2016 - 01:04 PM

Alright FRST64 done, i have malwarebites paid version so i will use that for my next scan.

Attached Files



#6 soderquist1

soderquist1
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 19 February 2016 - 01:38 PM

 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2016-02-19
Scan Time: 11:05 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.19.05
Rootkit Database: v2016.02.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: dale
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390376
Time Elapsed: 29 min, 40 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 soderquist1

soderquist1
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 19 February 2016 - 01:51 PM

Zemana AntiMalware 2.19.2.904 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016-2-19
Operating System       : Windows 10 64-bit
Processor              : 8X Intel® Core™ i7-2630QM CPU @ 2.00GHz
BIOS Mode              : Legacy
CUID                   : 00C49D3C2EA4CB46426671
Scan Type              : Smart Scan
Duration               : 2m 22s
Scanned Objects        : 17918
Detected Objects       : 2
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Default CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5124DFECCC976F55A89DA2B051F44B8FA1876094\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5124DFECCC976F55A89DA2B051F44B8FA1876094\Blob = 190000000100000010000000B5024F34821B36A529776C13930B856D0F0000000100000014000000912DF8F52F77F1A34749B3A5D9B36E5F369DFAE00200000001000000BC0000001C0000006C0000000100000020000000000000000000000001000000320037003900310034006300660039002D0066003200380031002D0034003100340038002D0062003500640061002D0035003600300037003500660036003100380063006500310000000000000000004D006900630072006F0073006F006600740020005300740072006F006E0067002000430072007900700074006F0067007200610070006800690063002000500072006F007600690064006500720000000300000001000000140000005124DFECCC976F55A89DA2B051F44B8FA18760941400000001000000140000004C6C7727C50261513151206BE141C896FA9B09282000000001000000A10200003082029D30820206A0030201020208485AFCCB36A6E495300D06092A864886F70D01010505003022310B3009060355040613024341311330110603550403130A44656661756C74204341301E170D3133303833313233323733335A170D3232303832393233323733335A3022310B3009060355040613024341311330110603550403130A44656661756C7420434130819F300D06092A864886F70D010101050003818D0030818902818100C3884EBD150FA96235B27581197D55FA978101F51ABD6AD57C7B0B262496B5B6017F8AEE4B13A98E86C122DA7A3CAF6DAFFB51B5C59D7EA01FC0A4E098B1D93537F4BA94D8CC06BA50E02F7717F6F2066A87D16C5A7E91E9009F69F037B84053346DB37BE9E9C9CDA9A617384182B55BC37C9CA063932DFA508DD938EB7E1ABD0203010001A381DB3081D8300E0603551D0F0101FF04040302010630120603551D130101FF040830060101FF020104301106096086480186F8420101040403020106301D0603551D0E041604144C6C7727C50261513151206BE141C896FA9B092830510603551D23044A304880144C6C7727C50261513151206BE141C896FA9B0928A126A4243022310B3009060355040613024341311330110603550403130A44656661756C742043418208485AFCCB36A6E495302D06096086480186F842010D0420161E436572746966696361746520697373756564206279204C6F674D65496E2E300D06092A864886F70D010105050003818100096A9FC35CA2275EB9B91B522B1A924AEE0C30EFEC65281049B37F93900CD505DD90B3ADE7122808EA7542E34D50F173DAB9157525C7BCCE3CAB4E0AF6F1C2B6CD148F3B3AB516DF5671AB147A671586C48535FC8EF4A2A223E167274AD4D3C20BD365FFD0EE1F5E21F7C5556722C987E75396CE153DAD2AB2B9624393940E77
 
SecureIconsProvider.dll
Status             : Scanned
Object             : %programdata%\microsoft\secure\icons\secureiconsprovider.dll
MD5                : 6DC7D1C20F27CC1AF1B1AAE9951283C0
Publisher          : -
Size               : 3166208
Version            : 4.0.0.1
Detection          : Trojan:Win64/Generic!Atkl
Cleaning Action    : Quarantine
Traces             :
                File - %programdata%\microsoft\secure\icons\secureiconsprovider.dll
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}\InprocServer32\@ = C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 2
Reported as safe      : 0
Failed                : 0


#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 19 February 2016 - 02:47 PM

Good work :thumbup2:

 

RogueKiller by Tigzy

  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 soderquist1

soderquist1
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 19 February 2016 - 04:23 PM

scan complete, detected a few also
 
RogueKiller V11.0.12.0 [Feb 15 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : dale [Administrator]
Started from : C:\Users\dale\Desktop\RogueKiller.exe
Mode : Scan -- Date : 02/19/2016 14:13:20
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 5 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\TweakBit -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WUDFRd (system32\drivers\WudfRd.sys) -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[Hidden.ADS][Stream] C:\Windows\System32:Win32App_1 -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] 36931a1f333debaf09bc094e27123de3
[BSP] a6dfcef95bdca6f6c690eb797753f4a9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 285711 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 637566976 | Size: 450 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST9750420AS +++++
--- User ---
[MBR] b17efdbde997cde13963cd71a27bec4c
[BSP] e6c2cebec9d5914c6fe029aa4b621d92 : HP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 357688 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 732547072 | Size: 357715 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 19 February 2016 - 07:47 PM

Hi,
 
Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKEY_LOCAL_MACHINE\Software\Partner
HKEY_LOCAL_MACHINE\Software\TweakBit

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version
================================================================================================

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

=========================================================================

How is the machine running now and any issues ? Please let me know.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 soderquist1

soderquist1
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 20 February 2016 - 12:35 AM

I accidently forgot to grab the detection list for the e set online scanner, i will scan with it once move overnight. i fully scanned with my avira security suite and that picked up a few so i attached that also.
 
Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by dale (2016-02-19 18:22:16) Run:3
Running from C:\Users\dale\Downloads
Loaded Profiles: dale (Available Profiles: dale)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKEY_LOCAL_MACHINE\Software\Partner
HKEY_LOCAL_MACHINE\Software\TweakBit
*****************
 
HKEY_LOCAL_MACHINE\Software\Partner => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\Software\TweakBit => Error: No automatic fix found for this entry.
 
==== End of Fixlog 18:22:16 ====
 
 

Attached Files



#12 soderquist1

soderquist1
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 20 February 2016 - 11:51 AM

Alright 2nd scan attempt detected nothing, and computer is running great



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 20 February 2016 - 02:25 PM

Alright 2nd scan attempt detected nothing, and computer is running great

Perfect :thumbup2:

 

Thank you for your patience.  Please do the following:

In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

You can do fllowing:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
 
Please take the time to carefully review this info contained below. Its invaluable.
Answers to common security questions - Best Practices

How Malware Spreads - How your system gets infected

Best Practices for Safe Computing - Prevention of Malware Infection

 

Some safety suggestions !

Best regards.wave.gif


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 soderquist1

soderquist1
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 20 February 2016 - 03:38 PM

bit of an issue while attempting to backup, i get “The system cannot find the file specified. "(0x800704c7)” i always use an external hard drive 1TB and i never had this problem before.



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 20 February 2016 - 04:03 PM

Try After removing Removing the external drive. Backup error, I guess.
Active security software is not closed ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users